Skip to content

PowerDNS Product Overiew

NEW

PowerDNS Recursor Plexus

Recursor Plexus enables seamless information sharing across multiple PowerDNS Recursors within a recursive DNS setup. It integrates NATS to distribute data such as authoritative server status among instances and supports cache sharing during startup.

Beyond data exchange, Recursor Plexus helps preserve runtime state across restarts. When a PowerDNS Recursor is restarted, Plexus automatically restores the necessary state information to ensure continuity.

threat-intelligence-and-content-categorization

Threat Intelligence and Content Categorization

PowerDNS Recursor comes with out-of-the-box support for all major threat intelligence and content categorization providers. Various feeds are available for customers to choose from. These feeds provide block- and allow-lists to enable DNS-based filtering and blocking of malicious traffic for the Infrastructure Malware Protection add-on, as well as for PowerDNS Protect.

1. Open source software

This section provides brief descriptions of the core PowerDNS products: the PowerDNS Recursor, the PowerDNS Authoritative Server, and PowerDNS DNSdist. All of these products are open source software.
PowerDNS continuously releases new versions of these products. To ensure high-quality support, we focus on the latest supported major and minor releases, as well as on defined supported operating systems.

A variety of APIs are available to provision and control the various elements of the platform and products. On top of the available APIs and data schemas, several web maintenance engines are available. Notable features are:

  • REST based APIs
  • SQL based APIs
  • TCP/IP vendor-neutral text-based control, password protected

PowerDNS software is compliant with at least the following standards track or 'in wide use' RFCs. Lack of an RFC does not imply non-compliance, please contact us to verify.

PowerDNS Recursor is a high-performance recursive DNS resolver and caching server that efficiently processes client DNS queries and resolves them through recursion across the global DNS system. It is capable of powering DNS resolution for hundreds of millions of subscribers. Designed as a standalone component of the PowerDNS product family, it can be deployed and operated independently.

The Authoritative Server enables management and hosting of domain names and DNS zones.  It delivers authoritative DNS services using all major database backends – including (but not limited to) MySQL, LMDB, PostgreSQL, SQLite3, and plain text files – and provides fast, reliable responses to recursive resolvers.

PowerDNS Authoritative Server is highly flexible and scalable, allowing it to meet a wide range of deployment requirements – from small environments to large-scale service provider infrastructures. It features a leading DNSSEC implementation and secures DNSSEC-signed domains worldwide.

Designed as a standalone component of the PowerDNS product family, it can be deployed and operated independently.

DNSdist is a DNS proxy and load balancer that enhances performance in any DNS deployment. It delivers low-latency DNS responses by optimizing query distribution and improving availability in front of recursive resolvers and authoritative servers. DNSdist comes with an effective packet cache that optimizes the internet experience for users. It caches DNS queries and their corresponding IP addresses to speed up repeated queries and reduce the load on downstream resolvers.

In addition, DNSdist can act as a DoT, DoH, DoQ, and DoH3 endpoint, encrypt outgoing DNS traffic and provide protection against DDoS attacks and abusive traffic patterns by leveraging its fully scriptable Lua engine.

It is designed as a standalone component of the PowerDNS product family and can be deployed independently.

PowerDNS Lightning Stream seamlessly synchronizes zone updates in the PowerDNS Authoritative Server. It aligns changes between a local LMDB and an S3-compatible bucket in near real-time, enabling fast, scalable one- or two-way replication.

Ideal for distributed, large-scale deployments, Lightning Stream simplifies DNS replication, ensuring a globally consistent data view within seconds. It also synchronizes zone data and DNSSEC keys across multiple PowerDNS servers, even in environments with concurrent write operations. 

2. Proprietary software

This section provides brief descriptions of proprietary PowerDNS products, which can be used alongside the open-source core products.

To ensure that we can provide support, please make sure you are using the latest supported major and minor releases and a supported operating system. Please note that your entitlement to specific components is defined in the Pricebook of your contract.

PowerDNS Protect is a product to offer network-based security functions utilizing DNS filtering methods on a per-subscriber level configurable to different granularity levels for varying use cases. It requires PowerDNS Recursor or DNSdist and supports various options and integration capabilities.

PowerDNS Protect for Malware offers malware protection by integrating a threat intelligence feed. If such feed reports a requested domain name to be known as a source of phishing, malware, or to host a botnet command and control server, it prevents the protected devices to resolve its IP-address through PowerDNS Recursor.

PowerDNS Protect for Families provides for selective filtering of domain names by integrating a content categorization feed, e.g. for gambling, violence, social media. If such feed reports a requested domain name to not be suitable to the selected filtering profile, it prevents the protected devices to resolve its IP-address through PowerDNS Recursor.

The Infrastructure Malware Protection add-on equips PowerDNS Recursor with system-wide DNS-based filtering. This provides protection against malware, phishing, and other malicious attacks for all subscribers, and enables regulatory compliance (e.g., blocking illegal content). Using Platform Filter and RPZ to block, redirect, or alter DNS responses, Infrastructure Malware Protection provides comprehensive and regularly updated malware threat intelligence.

DNSdist Defender is an add-on for DNSdist that enhances its Lua capabilities by providing a user-friendly and efficient solution for filtering DNS traffic that may threaten network infrastructure. Combined with straightforward configuration options for per-subscriber rate limiting, it transforms DNSdist into a comprehensive DNS firewall, offering protection against a wide range of attacks, including DDoS, PRSD, and DNS tunneling.

PowerDNS Recursor Plexus is an add-on to PowerDNS Recursor that enables information sharing between multiple Recursor instances. Data such as cache content at startup and authoritative server status information is exchanged between instances using the NATS messaging system. By restoring essential state information during Recursor restarts, Plexus helps prevent the loss of operational context and improves overall service continuity.

PowerDNS ZoneControl is a graphical, web-based interface for managing DNS zones and serves as an add-on to the PowerDNS Authoritative Server. It provides all the features required to efficiently manage large numbers of domains, including bulk changes, one-click DNSSEC enablement, and role-based access control, allowing specific users or departments to manage designated domains.

PowerDNS Lightning Stream Enterprise is an add-on for the PowerDNS Authoritative Server that seamlessly synchronizes zone updates. It aligns changes between a local LMDB database and an S3-compatible bucket in near real time, enabling fast and scalable one-way or two-way replication. Incremental synchronization ensures that only changes are transferred rather than the entire dataset, significantly reducing data transfer volumes.

PowerDNS provides Ansible roles and playbooks to simplify and standardize the installation and configuration of PowerDNS products. These playbooks automate common deployment tasks and help ensure consistent, repeatable setups across different environments. They reduce manual effort, minimize configuration errors, and support efficient rollouts of PowerDNS products in development, testing, and production environments. All playbooks can be customized to meet your specific requirements.

PowerDNS Cloud Control enables cloud-native deployments of PowerDNS products. It combines containerization, automation, orchestration, lifecycle management, as well as monitoring and alerting capabilities in a unified solution.

By leveraging Kubernetes and container technologies, PowerDNS Cloud Control simplifies the deployment, scaling, and management of as many PowerDNS product instances as required. Please note that using PowerDNS Cloud Control requires a Kubernetes environment on the customer’s premises. Kubernetes itself is not included.

PowerDNS Single Pane of Glass, an add-on to PowerDNS Cloud Control, provides a unified way to observe, manage, and operate cloud-native PowerDNS deployments at scale. A single web-based interface consolidates health status and topology insights, logs, and operational actions across multiple clusters and regions. Single Pane of Glass delivers centralized visibility and control for a handful of clusters or hundreds across multiple regions and geographies.

dstore is an add-on for PowerDNS Recursor and DNSdist. It routes and filters Protobuf messages to various destinations, enabling the logging of DNS requests in a datastore. This facilitates the storage of DNS events for further analysis of DNS-related issues and provides insight into the blocking of specific requests.