{{tag>networks networking network}}

====== Power DNS ======

  * http://wiki.powerdns.com/trac
  * http://www.powerdns.com/content/home-powerdns.html

PowerDNS — представляет собой высокопроизводительный DNS-сервер, написанный на C++ и лицензируемый под лицензией GPL. Существуют версии для Unix и Windows-систем.

====== Установка ======

  * apt-get install pdns-server pdns-recursor pdns-backend-mysql

====== Обновление ======

====== Docker ======

<code yaml>
version: '2'

services:
  db:
    image: mariadb:10.6.22
    container_name: db
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
      - MYSQL_DATABASE=pdns_db
      - MYSQL_USER=pdns_user 
      - MYSQL_PASSWORD=pdns_password
    restart: always
    volumes:
      - pdns-data:/var/lib/mysql
    command: ['--character-set-server=utf8mb4', '--collation-server=utf8mb4_unicode_ci']
    networks:
      - pdns_network

  pdns-authoritative:
    image: pschiffe/pdns-mysql:4.7-alpine
    restart: always
    depends_on:
      - db
    networks:
      - pdns_network
    ports:
      - "192.168.1.132:3131:8081"  # API
      - "192.168.1.132:53:53/udp"
      - "192.168.1.132:53:53/tcp"
    environment:
      - PDNS_gmysql_host=db
      - PDNS_gmysql_port=3306
      - PDNS_gmysql_user=pdns_user
      - PDNS_gmysql_dbname=pdns_db
      - PDNS_gmysql_password=pdns_password
      - PDNS_master=yes
      - PDNS_api=yes
      - PDNS_api_key=mbRmd3QY7k-Jmrg25KHjbagJ4W-e7ojszQKw
      - PDNS_version_string=anonymous
      - PDNS_default_ttl=1500
      - PDNS_allow_notify_from=0.0.0.0
      - PDNS_allow_axfr_ips=127.0.0.1,10.0.0.0/8,172.0.0.0/8,192.0.0.0/8
      - PDNS_launch=gmysql
      - PDNS_local_address=0.0.0.0
      - PDNS_allow_notify_from=192.168.1.0/24

      # webserver
      - PDNS_webserver=yes
      - PDNS_webserver_address=0.0.0.0
      - PDNS_webserver-allow-from=127.0.0.1,10.0.0.0/8,172.0.0.0/8,192.0.0.0/8
      - PDNS_webserver_password=secret2

  # pdns-recursor:
  #   image: pschiffe/pdns-recursor:4.7-alpine
  #   restart: always
  #   depends_on:
  #     - pdns-authoritative
  #   networks:
  #     - pdns_network
  #   ports:
  #     - "192.168.1.132:3232:80"  # API
  #     - "192.168.1.132:53:53/udp"
  #     - "192.168.1.132:53:53/tcp"
  #   environment:
  #     - PDNS_forward_zones_recurse=.=8.8.8.8;9.9.9.9
  #     - PDNS_forward_zones=docker-station.loc=pdns-authoritative
  #     - PDNS_local_address=0.0.0.0
  #     - PDNS_allow_from=0.0.0.0/0
  #     - PDNS_local-address=0.0.0.0
  #     - PDNS_local-port=53
  #     - PDNS_setuid=recursor
  #     - PDNS_setgid=recursor
  #     - PDNS_api-key=mbRmd3QY7k-Jmrg25KHjbagJ4W-e7ojszQKw  # Ключ синхронизирован с authoritative

  #     # webserver
  #     - PDNS_webserver=yes
  #     - PDNS_webserver_address=0.0.0.0
  #     #- PDNS_webserver-allow-from=127.0.0.1,10.0.0.0/8,172.0.0.0/8,192.0.0.0/8
  #     - PDNS_webserver_password=secret2

  powerdns-admin:
    image: powerdnsadmin/pda-legacy:latest
    ports:
      - "192.168.1.132:8787:80"
    depends_on:
      - db
      - pdns-authoritative
    logging:
      driver: json-file
      options:
        max-size: 50m
    networks:
      - pdns_network
    environment:
      - SQLALCHEMY_DATABASE_URI=mysql://pdns_user:pdns_password@db/pdns_db
      - PDNS_API_URL=http://pdns-authoritative:8081
      - PDNS_API_KEY=mbRmd3QY7k-Jmrg25KHjbagJ4W-e7ojszQKw # Ключ синхронизирован с authoritative
      - PDNS_VERSION=4.7

networks:
  pdns_network:
    name: pdns_network
    driver: bridge
    attachable: true


volumes:
  pdns-data: {}
</code>

<code bash>
$ docker exec -it pdns-pdns-recursor-1 nslookup docker-station.loc pdns-authoritative
$ docker exec -it pdns-pdns-recursor-1 rec_control get-all | grep forward
$ docker exec -it pdns-pdns-recursor-1 rec_control wipe-cache '*'
$ curl -H "X-API-Key: mbRmd3QY7k-Jmrg25KHjbagJ4W-e7ojszQKw" http://192.168.1.132:3131/api/v1/servers/localhost/zones/docker-station.loc.
$ curl -H "X-API-Key: mbRmd3QY7k-Jmrg25KHjbagJ4W-e7ojszQKw" http://192.168.1.132:3131/api/v1/servers/localhost/zones
$ dig @192.168.1.132 lampa.loc +short
</code>

===== Mysql =====

<code mysql>
CREATE TABLE domainmetadata (
 id              INT AUTO_INCREMENT,
 domain_id       INT NOT NULL,
 kind            VARCHAR(16),
 content        TEXT,
 PRIMARY KEY(id)
);

CREATE TABLE cryptokeys (
 id             INT AUTO_INCREMENT,
 domain_id      INT NOT NULL,
 flags          INT NOT NULL,
 active         BOOL,
 content        TEXT,
 PRIMARY KEY(id)
);

ALTER TABLE records ADD ordername      VARCHAR(255);
ALTER TABLE records ADD auth BOOL;
CREATE INDEX orderindex ON records(ordername);

CREATE TABLE tsigkeys (
 id             INT AUTO_INCREMENT,
 NAME           VARCHAR(255),
 ALGORITHM      VARCHAR(255),
 secret         VARCHAR(255),
 PRIMARY KEY(id)
);

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(NAME, ALGORITHM);

ALTER TABLE records CHANGE COLUMN TYPE TYPE VARCHAR(10);
</code>

===== Конфигурация =====

nano /etc/powerdns/pdns.conf
<code>
# Autogenerated configuration file template
#################################
# allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
#                   IP addresses
#
allow-axfr-ips=127.0.0.1 192.168.1.0/0

#################################
# allow-recursion  List of netmasks that are allowed to recurse
#
allow-recursion=192.168.1.0/0

#################################
# allow-recursion-override   Local data even about hosts that don't exist will
#                            override the internet. (on/off)
#
# allow-recursion-override=

#################################
# cache-ttl	Seconds to store packets in the PacketCache
#
# cache-ttl=20

#################################
# chroot	If set, chroot to this directory for more security
#
# chroot=/var/spool/powerdns

#################################
# config-dir	Location of configuration directory (pdns.conf)
#
config-dir=/etc/powerdns

#################################
# config-name	Name of this virtual configuration - will rename the binary image
#
# config-name=

#################################
# control-console	Debugging switch - don't use
#
# control-console=no

#################################
# daemon	Operate as a daemon
#
daemon=yes

#################################
# default-soa-name	name to insert in the SOA record if none set in the backend
#
# default-soa-name=a.misconfigured.powerdns.server

#################################
# disable-axfr	Disable zonetransfers but do allow TCP queries
#
disable-axfr=yes

#################################
# disable-tcp	Do not listen to TCP queries
#
# disable-tcp=no

#################################
# distributor-threads	Default number of Distributor (backend) threads to start
#
# distributor-threads=3

#################################
# fancy-records	Process URL and MBOXFW records
#
# fancy-records=no

#################################
# guardian	Run within a guardian process
#
guardian=yes

#################################
# launch	Which backends to launch and order to query them in
#
#launch=gmysql,bind


#################################
# load-modules	Load this module - supply absolute or relative path
#
# load-modules=

#################################
# local-address	Local IP address to which we bind
#
local-address=127.0.0.1 192.168.1.113

#################################
# local-ipv6	Local IP address to which we bind
#
# local-ipv6=

#################################
# local-port	The port on which we listen
#
local-port=53

#################################
# log-dns-details	If PDNS should log failed update requests
#
log-dns-details=/var/log/pdns/pdns-details.log

#################################
# log-failed-updates	If PDNS should log failed update requests
#
log-failed-updates=/var/log/pdns/pdns-fail.log

#################################
# logfile	Logfile to use (Windows only)
#
#logfile=/var/log/pdns/pdns.log

#################################
# logging-facility	Log under a specific facility
#
# logging-facility=

#################################
# loglevel	Amount of logging. Higher is more. Do not set below 3
#
loglevel=9

#################################
# master	Act as a master
#
# master=no

#################################
# max-queue-length	Maximum queuelength before considering situation lost
#
# max-queue-length=5000

#################################
# max-tcp-connections	Maximum number of TCP connections
#
# max-tcp-connections=10

#################################
# module-dir	Default directory for modules
#
module-dir=/usr/lib/powerdns

#################################
# negquery-cache-ttl	Seconds to store packets in the PacketCache
#
# negquery-cache-ttl=60

#################################
# out-of-zone-additional-processing	Do out of zone additional processing
#
# out-of-zone-additional-processing=no

#################################
# query-cache-ttl	Seconds to store packets in the PacketCache
#
# query-cache-ttl=20

#################################
# query-logging	Hint backends that queries should be logged
#
query-logging=no

#################################
# queue-limit	Maximum number of milliseconds to queue a query
#
# queue-limit=1500

#################################
# query-local-address   The IP address to use as a source address for sending
#                       queries.
# query-local-address=

#################################
# receiver-threads	Number of receiver threads to launch
#
# receiver-threads=1

#################################
# recursive-cache-ttl	Seconds to store packets in the PacketCache
#
# recursive-cache-ttl=10

#################################
# recursor	If recursion is desired, IP address of a recursing nameserver
#
# recursor=
recursor=127.0.0.1:54

#################################
# setgid	If set, change group id to this gid for more security
#
setgid=pdns

#################################
# setuid	If set, change user id to this uid for more security
#
setuid=pdns

#################################
# skip-cname	Do not perform CNAME indirection for each query
#
# skip-cname=no

#################################
# slave	Act as a slave
#
# slave=no

#################################
# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
#
# slave-cycle-interval=60

#################################
# smtpredirector	Our smtpredir MX host
#
# smtpredirector=a.misconfigured.powerdns.smtp.server

#################################
# soa-minimum-ttl	Default SOA mininum ttl
#
# soa-minimum-ttl=3600

#################################
# soa-refresh-default  Default SOA refresh
#
# soa-refresh-default=10800

#################################
# soa-retry-default    Default SOA retry
#
# soa-retry-default=3600

#################################
# soa-expire-default   Default SOA expire
#
# soa-expire-default=604800

#################################
# soa-serial-offset	Make sure that no SOA serial is less than this number
#
# soa-serial-offset=0

#################################
# socket-dir	Where the controlsocket will live
#
socket-dir=/var/run

#################################
# strict-rfc-axfrs	Perform strictly rfc compliant axfrs (very slow)
#
# strict-rfc-axfrs=no

#################################
# urlredirector	Where we send hosts to that need to be url redirected
#
# urlredirector=127.0.0.1

#################################
# use-logfile	Use a log file (Windows only)
#
#use-logfile=yes

#################################
# webserver	Start a webserver for monitoring
#
# webserver=no

#################################
# webserver-address	IP Address of webserver to listen on
#
# webserver-address=127.0.0.1

#################################
# webserver-password	Password required for accessing the webserver
#
# webserver-password=

#################################
# webserver-port	Port of webserver to listen on
#
# webserver-port=8081

#################################
# webserver-print-arguments	If the webserver should print arguments
#
# webserver-print-arguments=no

#################################
# wildcard-url	Process URL and MBOXFW records
#
# wildcard-url=no

#################################
# wildcards	Honor wildcards in the database
#
# wildcards=

#################################
# version-string   What should PowerDNS return for version
#                  allowed methods are anonymous / powerdns / full / custom
version-string=powerdns

include-dir=/etc/powerdns/pdns.d

</code>

nano /etc/powerdns/pdns.d/pdns.simplebind.conf
<code>
launch=gmysql,bind
bind-config=/etc/powerdns/bindbackend.conf
</code>

nano /etc/powerdns/pdns.d/pdns.local.gmysql.conf
<code>
# MySQL Configuration
#
# Launch gmysql backend
#launch=gmysql

# gmysql parameters
gmysql-host=localhost
gmysql-port=3306
gmysql-user=pdns
gmysql-dbname=pdns
gmysql-password=pdns_password
gmysql-socket=/var/run/mysqld/mysqld.sock

# DNSSEC is disabled by default to not break updates
# If you want to do DNSSEC, make sure that your database
# schema is DNSSEC-ready and set the option to yes here.
gmysql-dnssec=no
</code>

====== Настройка ======

  * http://doc.powerdns.com/
===== MySQL v5.x =====

<code>
DROP TABLE IF EXISTS domains;
CREATE TABLE domains (
 id              INT AUTO_INCREMENT,
 NAME            VARCHAR(255) NOT NULL,
 MASTER          VARCHAR(128) DEFAULT NULL,
 last_check      INT DEFAULT NULL,
 TYPE            VARCHAR(6) NOT NULL,
 notified_serial INT DEFAULT NULL, 
 account         VARCHAR(40) DEFAULT NULL,
 PRIMARY KEY (id)
) ENGINE=INNODB;

CREATE UNIQUE INDEX name_index ON domains(NAME);

DROP TABLE IF EXISTS records;
CREATE TABLE records (
  id              INT AUTO_INCREMENT,
  domain_id       INT DEFAULT NULL,
  NAME            VARCHAR(255) DEFAULT NULL,
  TYPE            VARCHAR(10) DEFAULT NULL,
  content         VARCHAR(64000) DEFAULT NULL,
  ttl             INT DEFAULT NULL,
  prio            INT DEFAULT NULL,
  change_date     INT DEFAULT NULL,
  PRIMARY KEY(id)
) ENGINE=INNODB;

CREATE INDEX rec_name_index ON records(NAME);
CREATE INDEX nametype_index ON records(NAME,TYPE);
CREATE INDEX domain_id ON records(domain_id);

DROP TABLE IF EXISTS supermasters;
CREATE TABLE supermasters (
  ip         VARCHAR(25) NOT NULL, 
  nameserver VARCHAR(255) NOT NULL, 
  account    VARCHAR(40) DEFAULT NULL
) ENGINE=INNODB;

CREATE TABLE domainmetadata (
 id         INT AUTO_INCREMENT,
 domain_id  INT NOT NULL,
 kind       VARCHAR(16),
 content    TEXT,
 PRIMARY KEY(id)
);

CREATE INDEX domainmetaidindex ON domainmetadata(domain_id);               


CREATE TABLE cryptokeys (
 id         INT AUTO_INCREMENT,
 domain_id  INT NOT NULL,
 flags      INT NOT NULL,
 active     BOOL,
 content    TEXT,
 PRIMARY KEY(id)
);       

CREATE INDEX domainidindex ON cryptokeys(domain_id);           

ALTER TABLE records ADD ordername      VARCHAR(255) BINARY;
ALTER TABLE records ADD auth BOOL;
CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE tsigkeys (
 id         INT AUTO_INCREMENT,
 NAME       VARCHAR(255), 
 ALGORITHM  VARCHAR(50),
 secret     VARCHAR(255),
 PRIMARY KEY(id)
);

GRANT SELECT ON supermasters TO pdns;
GRANT ALL ON domains TO pdns;
GRANT ALL ON records TO pdns;
GRANT ALL ON powerdns.* TO 'pdns'@'localhost' IDENTIFIED BY 'pdns';
GRANT ALL ON powerdns.* TO 'pdns'@'localhost.localdomain' IDENTIFIED BY 'pdns';
</code>
===== pdns.conf =====

**nano /etc/powerdns/pdns.conf**

  # Autogenerated configuration file template
  #################################
  # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
  #                   IP addresses
  #
  allow-axfr-ips=127.0.0.1 192.168.1.0/0
  
  #################################
  # allow-recursion       List of netmasks that are allowed to recurse
  #
  allow-recursion=192.168.1.0/0
  
  #################################
  # allow-recursion-override   Local data even about hosts that don't exist will
  #                            override the internet. (on/off)
  #
  # allow-recursion-override=
  
  #################################
  # cache-ttl     Seconds to store packets in the PacketCache
  #
  # cache-ttl=20
  
  #################################
  # chroot        If set, chroot to this directory for more security
  #
  # chroot=/var/spool/powerdns
  
  #################################
  # config-dir    Location of configuration directory (pdns.conf)
  #
  config-dir=/etc/powerdns
  
  #################################
  # config-name   Name of this virtual configuration - will rename the binary image
  #
  # config-name=
  
  #################################
  # control-console       Debugging switch - don't use
  #
  # control-console=no
  
  #################################
  # daemon        Operate as a daemon
  #
  daemon=yes
  
  #################################
  # default-soa-name      name to insert in the SOA record if none set in the backend
  #
  # default-soa-name=a.misconfigured.powerdns.server
  
  #################################
  # disable-axfr  Disable zonetransfers but do allow TCP queries
  #
  disable-axfr=yes
  
  #################################
  # disable-tcp   Do not listen to TCP queries
  #
  # disable-tcp=no
  
  #################################
  # distributor-threads   Default number of Distributor (backend) threads to start
  #
  # distributor-threads=3
  
  #################################
  # fancy-records Process URL and MBOXFW records
  #
  # fancy-records=no
  
  #################################
  # guardian      Run within a guardian process
  #
  guardian=yes
  
  #################################
  # launch        Which backends to launch and order to query them in
  #
  launch=gmysql
  gmysql-host=127.0.0.1
  gmysql-port=3306
  gmysql-user=pdns
  gmysql-dbname=powerdns
  gmysql-password=pdns_password
  
  #################################
  # lazy-recursion        Only recurse if question cannot be answered locally
  #
  lazy-recursion=yes
  
  #################################
  # load-modules  Load this module - supply absolute or relative path
  #
  # load-modules=
  
  #################################
  # local-address Local IP address to which we bind
  #
  local-address=127.0.0.1 192.168.1.124
  
  #################################
  # local-ipv6    Local IP address to which we bind
  #
  # local-ipv6=
  
  #################################
  # local-port    The port on which we listen
  #
  local-port=53
  
  #################################
  # log-dns-details       If PDNS should log failed update requests
  #
  log-dns-details=/var/log/pdns/pdns-details.log
  
  #################################
  # log-failed-updates    If PDNS should log failed update requests
  #
  log-failed-updates=/var/log/pdns/pdns-fail.log
  
  #################################
  # logfile       Logfile to use
  #
  logfile=/var/log/pdns/pdns.log
  
  #################################
  # logging-facility      Log under a specific facility
  #
  # logging-facility=
  
  #################################
  # loglevel      Amount of logging. Higher is more. Do not set below 3
  #
  loglevel=9
  
  #################################
  # master        Act as a master
  #
  # master=no
  
  #################################
  # max-queue-length      Maximum queuelength before considering situation lost
  #
  # max-queue-length=5000
  
  #################################
  # max-tcp-connections   Maximum number of TCP connections
  #
  # max-tcp-connections=10
  
  #################################
  # module-dir    Default directory for modules
  #
  module-dir=/usr/lib/powerdns
  
  #################################
  # negquery-cache-ttl    Seconds to store packets in the PacketCache
  #
  # negquery-cache-ttl=60
  
  #################################
  # out-of-zone-additional-processing     Do out of zone additional processing
  #
  # out-of-zone-additional-processing=no
  
  #################################
  # query-cache-ttl       Seconds to store packets in the PacketCache
  #
  # query-cache-ttl=20
  
  #################################
  # query-logging Hint backends that queries should be logged
  #
  query-logging=no
  
  #################################
  # queue-limit   Maximum number of milliseconds to queue a query
  #
  # queue-limit=1500
  
  #################################
  # query-local-address   The IP address to use as a source address for sending
  #                       queries.
  # query-local-address=
  
  #################################
  # receiver-threads      Number of receiver threads to launch
  #
  # receiver-threads=1
  
  #################################
  # recursive-cache-ttl   Seconds to store packets in the PacketCache
  #
  # recursive-cache-ttl=10
  
  #################################
  # recursor      If recursion is desired, IP address of a recursing nameserver
  #
  recursor=127.0.0.1:54
  
  #################################
  # setgid        If set, change group id to this gid for more security
  #
  setgid=pdns
  
  #################################
  # setuid        If set, change user id to this uid for more security
  #
  setuid=pdns
  
  #################################
  # skip-cname    Do not perform CNAME indirection for each query
  #
  # skip-cname=no
  
  #################################
  # slave Act as a slave
  #
  # slave=no
  
  #################################
  # slave-cycle-interval  Reschedule failed SOA serial checks once every .. seconds
  #
  # slave-cycle-interval=60
  
  #################################
  # smtpredirector        Our smtpredir MX host
  #
  # smtpredirector=a.misconfigured.powerdns.smtp.server
  
  #################################
  # soa-minimum-ttl       Default SOA mininum ttl
  #
  # soa-minimum-ttl=3600
  
  #################################
  # soa-refresh-default  Default SOA refresh
  #
  # soa-refresh-default=10800
  
  #################################
  # soa-retry-default    Default SOA retry
  #
  # soa-retry-default=3600
  
  #################################
  # soa-expire-default   Default SOA expire
  #
  # soa-expire-default=604800
  
  #################################
  # soa-serial-offset     Make sure that no SOA serial is less than this number
  #
  # soa-serial-offset=0
  
  #################################
  # socket-dir    Where the controlsocket will live
  #
  socket-dir=/var/run
  
  #################################
  # strict-rfc-axfrs      Perform strictly rfc compliant axfrs (very slow)
  #
  # strict-rfc-axfrs=no
  
  #################################
  # urlredirector Where we send hosts to that need to be url redirected
  #
  # urlredirector=127.0.0.1
  
  #################################
  # use-logfile   Use a log file
  #
  use-logfile=yes
  
  #################################
  # webserver     Start a webserver for monitoring
  #
  # webserver=no
  
  #################################
  # webserver-address     IP Address of webserver to listen on
  #
  # webserver-address=127.0.0.1
  
  #################################
  # webserver-password    Password required for accessing the webserver
  #
  # webserver-password=
  
  #################################
  # webserver-port        Port of webserver to listen on
  #
  # webserver-port=8081
  
  #################################
  # webserver-print-arguments     If the webserver should print arguments
  #
  # webserver-print-arguments=no
  
  #################################
  # wildcard-url  Process URL and MBOXFW records
  #
  # wildcard-url=no
  
  #################################
  # wildcards     Honor wildcards in the database
  #
  # wildcards=
  
  #################################
  # version-string   What should PowerDNS return for version
  #                  allowed methods are anonymous / powerdns / full / custom
  version-string=powerdns
  
  include=/etc/powerdns/pdns.d

===== recursor.conf =====

**nano /etc/powerdns/recursor.conf**

  # Autogenerated configuration file template
  #################################
  # aaaa-additional-processing    turn on to do AAAA additional processing (slow)
  #
  # aaaa-additional-processing=off
  
  #################################
  # allow-from    If set, only allow these comma separated netmasks to recurse
  #
  # allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
  allow-from=127.0.0.0/8
  
  #################################
  # allow-from-file       If set, load allowed netmasks from this file
  #
  # allow-from-file=
  
  #################################
  # auth-can-lower-ttl    If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records
  #
  # auth-can-lower-ttl=off
  
  #################################
  # auth-zones    Zones for which we have authoritative data, comma separated domain=file pairs
  #
  # auth-zones=
  
  #################################
  # chroot        switch to chroot jail
  #
  # chroot=
  
  #################################
  # client-tcp-timeout    Timeout in seconds when talking to TCP clients
  #
  # client-tcp-timeout=2
  
  #################################
  # config-dir    Location of configuration directory (recursor.conf)
  #
  # config-dir=/etc/powerdns/
  
  #################################
  # daemon        Operate as a daemon
  #
  # daemon=yes
  
  #################################
  # delegation-only       Which domains we only accept delegations from
  #
  # delegation-only=com,net
  
  #################################
  # dont-query    If set, do not query these netmasks for DNS data
  #
  # dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
  #dont-query=
  
  #################################
  # entropy-source        If set, read entropy from this file
  #
  # entropy-source=/dev/urandom
  
  #################################
  # export-etc-hosts      If we should serve up contents from /etc/hosts
  #
  # export-etc-hosts=off
  
  #################################
  # fork  If set, fork the daemon for possible double performance
  #
  # fork=no
  
  #################################
  # forward-zones Zones for which we forward queries, comma separated domain=ip pairs
  #
  # forward-zones=
  
  #################################
  # forward-zones-file    File with domain=ip pairs for forwarding
  #
  # forward-zones-file=
  
  #################################
  # hint-file     If set, load root hints from this file
  #
  #hint-file=/etc/powerdns/root.zone
  
  #################################
  # ignore-rd-bit Assume each packet requires recursion, for compatability
  #
  # ignore-rd-bit=off
  
  #################################
  # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
  #
  local-address=127.0.0.1
  
  #################################
  # local-port    port to listen on
  #
  local-port=54
  
  #################################
  # log-common-errors     If we should log rather common errors
  #
  # log-common-errors=yes
  
  #################################
  # logging-facility      Facility to log messages as. 0 corresponds to local0
  #
  # logging-facility=
  
  #################################
  # max-cache-entries     If set, maximum number of entries in the main cache
  #
  # max-cache-entries=0
  
  #################################
  # max-negative-ttl      maximum number of seconds to keep a negative cached entry in memory
  #
  # max-negative-ttl=3600
  
  #################################
  # max-tcp-clients       Maximum number of simultaneous TCP clients
  #
  #max-tcp-clients=128
  
  #################################
  # max-tcp-per-client    If set, maximum number of TCP sessions per client (IP address)
  #
  # max-tcp-per-client=0
  
  #################################
  # no-shuffle    Don't change
  #
  # no-shuffle=off
  
  #################################
  # query-local-address   Source IP address for sending queries
  #
  # query-local-address=0.0.0.0
  
  #################################
  # query-local-address6  Source IPv6 address for sending queries
  #
  # query-local-address6=
  
  #################################
  # quiet Suppress logging of questions and answers
  #
  #quiet=yes
  
  #################################
  # remotes-ringbuffer-entries    maximum number of packets to store statistics for
  #
  # remotes-ringbuffer-entries=0
  
  #################################
  # serve-rfc1918 If we should be authoritative for RFC 1918 private IP space
  #
  # serve-rfc1918=
  
  #################################
  # server-id     Returned when queried for 'id.server' TXT, defaults to hostname
  #
  # server-id=
  
  #################################
  # setgid        If set, change group id to this gid for more security
  #
  setgid=pdns
  
  #################################
  # setuid        If set, change user id to this uid for more security
  #
  setuid=pdns
  
  #################################
  # single-socket If set, only use a single socket for outgoing queries
  #
  # single-socket=off
  
  #################################
  # soa-minimum-ttl       Don't change
  #
  # soa-minimum-ttl=0
  
  #################################
  # soa-serial-offset     Don't change
  #
  # soa-serial-offset=0
  
  #################################
  # socket-dir    Where the controlsocket will live
  # HINT: If you change this from the default /var/run then rec_control
  #       will still search in /var/run for the socket file. Keep in mind
  #       to run it as 'rec_control --socket-dir=/your/socket/directory' then.
  #
  socket-dir=/var/run/
  
  #################################
  # spoof-nearmiss-max    If non-zero, assume spoofing after this many near misses
  #
  # spoof-nearmiss-max=20
  
  #################################
  # stack-size    stack size per mthread
  #
  # stack-size=200000
  
  #################################
  # trace if we should output heaps of logging
  #
  # trace=off
  
  #################################
  # version-string        string reported on version.pdns or version.bind
  #
  #version-string=PowerDNS Recursor 3.1.5 $Id: pdns_recursor.cc 1170 2008-03-22 20:43:44Z ahu $


===== Web intarface =====

  * powerdns-webinterface (http://code.google.com/p/powerdns-webinterface/source/checkout)
  * PDNS Admin (http://freshmeat.net/projects/pdns-admin/)
  * PowerAdmin (http://www.poweradmin.org/)
  * PowerDNS Administration (http://sourceforge.net/projects/powerdnsadmin/)
  * TUPA (http://www.tupa-dns.org/)
  * WebDNS (http://freshmeat.net/projects/webdns/)
  * ZoneAdmin (http://freshmeat.net/projects/zoneadmin/)
  * PowerDNS GUI (http://code.google.com/p/pdns-gui/)

===== Ссылки =====

  * http://nix.khd.ru/?p=1970 *
  * http://phpsuxx.blogspot.com/search/label/PowerDNS
  * http://www.lissyara.su/articles/freebsd/programms/powerdns/
  * http://habrahabr.ru/search/?q=[powerdns]&target_type=posts
  * http://ru.ispdoc.com/index.php/%D0%98%D1%81%D0%BF%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5_PowerDNS_c_DNSmanager
  * http://xroute.ru/%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B9%D0%BA%D0%B0-dns-%D1%81%D0%B5%D1%80%D0%B2%D0%B5%D1%80%D0%B0-powerdns-%D0%BD%D0%B0-ubuntu-10-04-%D1%81-%D1%85%D1%80%D0%B0%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5%D0%BC/
  * http://sudouser.com/ustanovka-dns-servera-powerdns-s-podderzhkoj-mysql-veb-interfejsom-power-admin.html
  * http://metalcandy.ru/how-to-forge-centos/146-installing-powerdns-with-mysql-on-centos
  * http://www.linux.org/article/view/howto-install-powerdns-on-centos
  * http://dreamcatcher.ru/2010/01/10/%D0%A3%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-powerdns-%D1%81-%D0%B8%D1%81%D0%BF%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5%D0%BC-mysql-%D0%B8-poweradmin-%D0%BD%D0%B0-fedor/
  * http://www.hilik.org.ua/powerdns-c-mysql-%D0%BF%D0%B0%D0%BD%D0%B5%D0%BB%D1%8C%D1%8E-%D1%83%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F-poweradmin-%D0%B8-powerdns-recursor/


