[thirdparty/pdns.git] / docs / modes-of-operation.rst

DNS Modes of Operation
======================

PowerDNS offers full master and slave semantics for replicating domain
information. Furthermore, PowerDNS can benefit from native database
replication.

.. _native-operation:

Native replication
------------------

Native replication is the default, unless other operation is
specifically configured. Native replication basically means that
PowerDNS will not send out DNS update notifications, nor will react to
them. PowerDNS assumes that the backend is taking care of replication
unaided.

MySQL replication has proven to be very robust and well suited, even
over transatlantic connections between badly peering ISPs. Other
PowerDNS users employ Oracle replication which also works very well.

To use native replication, configure your backend storage to do the
replication and do not configure PowerDNS to do so.

Typically, a database slave will be configured as read-only as
uni-directional database replication is usually sufficient. A PowerDNS
server only requires database write access if it is participating as a
master or slave in zone transfers, or has a frontend attached for
managing records etc.

.. _master-operation:

Master operation
----------------

When operating as a master, PowerDNS sends out notifications of changes
to slaves, which react to these notifications by querying PowerDNS to
see if the zone changed, and transferring its contents if it has.
Notifications are a way to promptly propagate zone changes to slaves, as
described in :rfc:`1996`. Since
version 4.0.0, the NOTIFY messages have a TSIG record added (transaction
signature) if zone has been configured to use TSIG and feature has been
enabled.

.. warning::
  Master support is OFF by default, turn it on by adding
  :ref:`setting-master` to the configuration.

.. warning::
  If you have DNSSEC-signed zones and non-PowerDNS slaves,
  please check your :ref:`metadata-soa-edit`
  settings.

.. warning::
  Notifications are only sent for domains with type MASTER in
  your backend unless :ref:`setting-slave-renotify` is enabled.

Left open by :rfc:`1996` is who is to be notified - which is harder to
figure out than it sounds. All slaves for this domain must receive a
notification but the nameserver only knows the names of the slaves - not
the IP addresses, which is where the problem lies. The nameserver itself
might be authoritative for the name of its secondary, but not have the
data available.

To resolve this issue, PowerDNS tries multiple tactics to figure out the
IP addresses of the slaves, and notifies everybody. In contrived
configurations this may lead to duplicate notifications being sent out,
which shouldn't hurt.

Some backends may be able to detect zone changes, others may chose to
let the operator indicate which zones have changed and which haven't.
Consult the documentation for your backend to see how it processes
changes in zones.

To help deal with slaves that may have missed notifications, or have
failed to respond to them, several override commands are available via
the :ref:`pdns_control <running-pdnscontrol>` tool:

-  ``pdns_control notify <domain>`` This instructs PowerDNS to notify
   all IP addresses it considers to be slaves of this domain.

-  ``pdns_control notify-host <domain> <ip-address>`` This is truly an
   override and sends a notification to an arbitrary IP address. Can be
   used in :ref:`setting-also-notify` situations or
   when PowerDNS has trouble figuring out who to notify - which may
   happen in contrived configurations.

.. _slave-operation:

Slave operation
---------------

On launch, PowerDNS requests from all backends a list of domains which
have not been checked recently for changes. This should happen every
'**refresh**' seconds, as specified in the SOA record. All domains that
are unfresh are then checked for changes over at their master. If the
:ref:`types-SOA` serial number there is higher, the domain is
retrieved and inserted into the database. In any case, after the check
the domain is declared 'fresh', and will only be checked again after
'**refresh**' seconds have passed.

When the freshness of a domain cannot be checked, e.g. because the
master is offline, PowerDNS will retry the domain after
:ref:`setting-slave-cycle-interval` seconds.
Every time the domain fails it's freshness check, PowerDNS will hold
back on checking the domain for
``amount of failures * slave-cycle-interval`` seconds, with a maximum of
:ref:`setting-soa-retry-default` seconds
between checks. With default settings, this means that PowerDNS will
back off for 1, then 2, then 3 etc. minutes, to a maximum of 60 minutes
between checks.

.. warning::
  Slave support is OFF by default, turn it on by adding
  :ref:`setting-slave` to the configuration.

.. note::
  When running PowerDNS via the provided systemd service file,
  `ProtectSystem <http://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=>`_
  is set to ``full``, this means PowerDNS is unable to write to e.g.
  ``/etc`` and ``/home``, possibly being unable to write AXFR's zones.

PowerDNS also reacts to notifies by immediately checking if the zone has
updated and if so, retransfering it.

All backends which implement this feature must make sure that they can
handle transactions so as to not leave the zone in a half updated state.
MySQL configured with either BerkeleyDB or InnoDB meets this
requirement, as do PostgreSQL and Oracle. The Bindbackend implements
transaction semantics by renaming files if and only if they have been
retrieved completely and parsed correctly.

Slave operation can also be programmed using several
:ref:`running-pdnscontrol` commands. The ``retrieve``
command is especially useful as it triggers an immediate retrieval of
the zone from the configured master.

PowerDNS supports multiple masters. For the BIND backend, the native
BIND configuration language suffices to specify multiple masters, for
SQL based backends, list all master servers separated by commas in the
'master' field of the domains table.

Since version 4.0.0, PowerDNS requires that masters sign their
notifications. During transition and interoperation with other
nameservers, you can use options :ref:`setting-allow-unsigned-notify` to permit
unsigned notifications. For 4.0.0 this is turned on by default, but it
might be turned off permanently in future releases.

Master/Slave Setup Requirements
-------------------------------

Generally to enable a Master/Slave setup you have to take care of
following properties.

* The :ref:`setting-master`/:ref:`setting-slave` state has to be enabled in the respective ``/etc/powerdns/pdns.conf`` config files.
* The nameservers have to be set up correctly as NS domain records i.e. defining a NS and A record for each slave.
* Master/Slave state has to be configured on a per domain basis in the ``domains`` table. Namely the ``type`` column has to be either ``MASTER`` or ``SLAVE`` respectively and the slave needs a comma separated list of master node IP addresses in the ``master`` column in the ``domains`` table. :doc:`more to this topic <backends/generic-sql>`.

IXFR: incremental zone transfers
--------------------------------

If the 'IXFR' zone metadata item is set to 1 for a zone, PowerDNS will
attempt to retrieve zone updates via IXFR.

.. warning::
  If a slave zone changes from non-DNSSEC to DNSSEC, an IXFR
  update will not set the PRESIGNED flag. In addition, a change in NSEC3
  mode will also not be picked up.

In such cases, make sure to delete the zone contents to force a fresh
retrieval.

Finally, IXFR updates that "plug" Empty Non Terminals do not yet remove
ENT records. A 'pdnsutil rectify-zone' may be required.

PowerDNS itself is currently only able to retrieve updates via IXFR. It
can not serve IXFR updates.

.. _supermaster-operation:

Supermaster: automatic provisioning of slaves
---------------------------------------------

PowerDNS can recognize so called 'supermasters'. A supermaster is a host
which is master for domains and for which we are to be a slave. When a
master (re)loads a domain, it sends out a notification to its slaves.
Normally, such a notification is only accepted if PowerDNS already knows
that it is a slave for a domain.

However, a notification from a supermaster carries more persuasion. When
PowerDNS determines that a notification comes from a supermaster and it
is bonafide, it can provision the domain automatically, and configure
itself as a slave for that zone.

Before a supermaster notification succeeds, the following conditions
must be met:

 - The supermaster must carry a SOA record for the notified domain
 - The supermaster IP must be present in the 'supermaster' table
 - The set of NS records for the domain, as retrieved by the slave from the supermaster, must include the name that goes with the IP address in the supermaster table
 - If your master sends signed NOTIFY it will mark that TSIG key as the TSIG key used for retrieval as well
 - If you turn off :ref:`setting-allow-unsigned-supermaster`, then your supermaster(s) are required to sign their notifications.

.. warning::
  If you use another PowerDNS server as master and have
  DNSSEC enabled on that server please don't forget to rectify the domains
  after every change. If you don't do this there is no SOA record
  available and one requirement will fail.

So, to benefit from this feature, a backend needs to know about the IP
address of the supermaster, and how PowerDNS will be listed in the set
of NS records remotely, and the 'account' name of your supermaster.
There is no need to fill the account name out but it does help keep
track of where a domain comes from.

.. note::
  Removal of zones provisioned using the supermaster must be
  done on the slaves themselves. As there is no way to signal this removal
  from the master to the slave.

.. _modes-of-operation-axfrfilter:

Modifying a slave zone using a script
-------------------------------------

The PowerDNS Authoritative Server can invoke a Lua script on an incoming
AXFR zone transfer. The user-defined function ``axfrfilter`` within your
script is invoked for each resource record read during the transfer, and
the outcome of the function defines what PowerDNS does with the records.

What you can accomplish using a Lua script: - Ensure consistent values
on SOA - Change incoming SOA serial number to a YYYYMMDDnn format -
Ensure consistent NS RRset - Timestamp the zone transfer with a TXT
record

To enable a Lua script for a particular slave zone, determine the
``domain_id`` for the zone from the ``domains`` table, and add a row to
the ``domainmetadata`` table for the domain. Supposing the domain we
want has an ``id`` of 3, the following SQL statement will enable the Lua
script ``my.lua`` for that domain:

::

    INSERT INTO domainmetadata (domain_id, kind, content) VALUES (3, "LUA-AXFR-SCRIPT", "/lua/my.lua");

.. warning::
  The Lua script must both exist and be syntactically
  correct; if not, the zone transfer is not performed.

Your Lua functions have access to the query codes through a pre-defined
Lua table called ``pdns``. For example if you want to check for a CNAME
record you can either compare ``qtype`` to the numeric constant 5 or the
value ``pdns.CNAME`` -- they are equivalent.

If your function decides to handle a resource record it must return a
result code of 0 together with a Lua table containing one or more
replacement records to be stored in the back-end database (if the table
is empty, no record is added). If you want your record(s) to be appended
after the matching record, return 1 and table of record(s). If, on the
other hand, your function decides not to modify a record, it must return
-1 and an empty table indicating that PowerDNS should handle the
incoming record as normal.

Consider the following simple example:

::

        function axfrfilter(remoteip, zone, record)

           -- Replace each HINFO records with this TXT
           if record:qtype() == pdns.HINFO then
              resp = {}
              resp[1] = {
                qname   = record:qname():toString(),
                qtype   = pdns.TXT,
                ttl     = 99,
                content = "Hello Ahu!"
             }
              return 0, resp
           end

           -- Grab each _tstamp TXT record and add a time stamp
           if record:qtype() == pdns.TXT and string.starts(record:qname():toString(), "_tstamp.") then
              resp = {}
              resp[1] = {
                qname   = record:qname():toString(),
                qtype   = record:qtype(),
                ttl     = record:ttl(),
                content = os.date("Ver %Y%m%d-%H:%M")
              }
              return 0, resp
           end

           -- Append A records with this TXT
           if record:qtype() == pdns.A then
              resp = {}
              resp[1] = {
                qname   = record:qname():toString(),
                qtype   = pdns.TXT,
                ttl     = 99,
                content = "Hello Ahu, again!"
              }
              return 1, resp
           end

           resp = {}
           return -1, resp
        end

        function string.starts(s, start)
           return s.sub(s, 1, s.len(start)) == start
        end

Upon an incoming AXFR, PowerDNS calls our ``axfrfilter`` function for
each record. All HINFO records are replaced by a TXT record with a TTL
of 99 seconds and the specified string. TXT Records with names starting
with ``_tstamp.`` get their value (rdata) set to the current time stamp.
A records are appended with a TXT record. All other records are
unhandled.
Commit	Line	Data
0e2063c3 PL	1	DNS Modes of Operation
	2	======================
	3
	4	PowerDNS offers full master and slave semantics for replicating domain
	5	information. Furthermore, PowerDNS can benefit from native database
	6	replication.
	7
	8	.. _native-operation:
	9
	10	Native replication
	11	------------------
	12
	13	Native replication is the default, unless other operation is
	14	specifically configured. Native replication basically means that
	15	PowerDNS will not send out DNS update notifications, nor will react to
	16	them. PowerDNS assumes that the backend is taking care of replication
	17	unaided.
	18
	19	MySQL replication has proven to be very robust and well suited, even
	20	over transatlantic connections between badly peering ISPs. Other
	21	PowerDNS users employ Oracle replication which also works very well.
	22
	23	To use native replication, configure your backend storage to do the
	24	replication and do not configure PowerDNS to do so.
	25
a8b6e3fa AF	26	Typically, a database slave will be configured as read-only as
	27	uni-directional database replication is usually sufficient. A PowerDNS
	28	server only requires database write access if it is participating as a
	29	master or slave in zone transfers, or has a frontend attached for
	30	managing records etc.
	31
0e2063c3 PL	32	.. _master-operation:
	33
	34	Master operation
	35	----------------
	36
	37	When operating as a master, PowerDNS sends out notifications of changes
	38	to slaves, which react to these notifications by querying PowerDNS to
	39	see if the zone changed, and transferring its contents if it has.
	40	Notifications are a way to promptly propagate zone changes to slaves, as
	41	described in :rfc:`1996`. Since
	42	version 4.0.0, the NOTIFY messages have a TSIG record added (transaction
	43	signature) if zone has been configured to use TSIG and feature has been
	44	enabled.
	45
	46	.. warning::
	47	Master support is OFF by default, turn it on by adding
	48	:ref:`setting-master` to the configuration.
	49
	50	.. warning::
	51	If you have DNSSEC-signed zones and non-PowerDNS slaves,
	52	please check your :ref:`metadata-soa-edit`
	53	settings.
	54
	55	.. warning::
	56	Notifications are only sent for domains with type MASTER in
29e8eee7	57	your backend unless :ref:`setting-slave-renotify` is enabled.
0e2063c3 PL	58
	59	Left open by :rfc:`1996` is who is to be notified - which is harder to
	60	figure out than it sounds. All slaves for this domain must receive a
	61	notification but the nameserver only knows the names of the slaves - not
	62	the IP addresses, which is where the problem lies. The nameserver itself
	63	might be authoritative for the name of its secondary, but not have the
	64	data available.
	65
	66	To resolve this issue, PowerDNS tries multiple tactics to figure out the
	67	IP addresses of the slaves, and notifies everybody. In contrived
	68	configurations this may lead to duplicate notifications being sent out,
	69	which shouldn't hurt.
	70
	71	Some backends may be able to detect zone changes, others may chose to
	72	let the operator indicate which zones have changed and which haven't.
	73	Consult the documentation for your backend to see how it processes
	74	changes in zones.
	75
	76	To help deal with slaves that may have missed notifications, or have
	77	failed to respond to them, several override commands are available via
	78	the :ref:`pdns_control <running-pdnscontrol>` tool:
	79
	80	- ``pdns_control notify <domain>`` This instructs PowerDNS to notify
	81	all IP addresses it considers to be slaves of this domain.
	82
	83	- ``pdns_control notify-host <domain> <ip-address>`` This is truly an
	84	override and sends a notification to an arbitrary IP address. Can be
	85	used in :ref:`setting-also-notify` situations or
	86	when PowerDNS has trouble figuring out who to notify - which may
	87	happen in contrived configurations.
	88
	89	.. _slave-operation:
	90
	91	Slave operation
	92	---------------
	93
	94	On launch, PowerDNS requests from all backends a list of domains which
	95	have not been checked recently for changes. This should happen every
	96	'refresh' seconds, as specified in the SOA record. All domains that
	97	are unfresh are then checked for changes over at their master. If the
	98	:ref:`types-SOA` serial number there is higher, the domain is
	99	retrieved and inserted into the database. In any case, after the check
	100	the domain is declared 'fresh', and will only be checked again after
	101	'refresh' seconds have passed.
	102
	103	When the freshness of a domain cannot be checked, e.g. because the
	104	master is offline, PowerDNS will retry the domain after
	105	:ref:`setting-slave-cycle-interval` seconds.
	106	Every time the domain fails it's freshness check, PowerDNS will hold
	107	back on checking the domain for
	108	``amount of failures * slave-cycle-interval`` seconds, with a maximum of
	109	:ref:`setting-soa-retry-default` seconds
	110	between checks. With default settings, this means that PowerDNS will
	111	back off for 1, then 2, then 3 etc. minutes, to a maximum of 60 minutes
	112	between checks.
	113
	114	.. warning::
	115	Slave support is OFF by default, turn it on by adding
	116	:ref:`setting-slave` to the configuration.
	117
	118	.. note::
	119	When running PowerDNS via the provided systemd service file,
	120	`ProtectSystem <http://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=>`_
	121	is set to ``full``, this means PowerDNS is unable to write to e.g.
122	``/etc`` and ``/home``, possibly being unable to write AXFR's zones.
123
124	PowerDNS also reacts to notifies by immediately checking if the zone has
125	updated and if so, retransfering it.
126
127	All backends which implement this feature must make sure that they can
128	handle transactions so as to not leave the zone in a half updated state.
129	MySQL configured with either BerkeleyDB or InnoDB meets this
130	requirement, as do PostgreSQL and Oracle. The Bindbackend implements
131	transaction semantics by renaming files if and only if they have been
132	retrieved completely and parsed correctly.
133
134	Slave operation can also be programmed using several
135	:ref:`running-pdnscontrol` commands. The ``retrieve``
136	command is especially useful as it triggers an immediate retrieval of
137	the zone from the configured master.
138
139	PowerDNS supports multiple masters. For the BIND backend, the native
140	BIND configuration language suffices to specify multiple masters, for
141	SQL based backends, list all master servers separated by commas in the
142	'master' field of the domains table.
143
144	Since version 4.0.0, PowerDNS requires that masters sign their
145	notifications. During transition and interoperation with other
146	nameservers, you can use options :ref:`setting-allow-unsigned-notify` to permit
147	unsigned notifications. For 4.0.0 this is turned on by default, but it
148	might be turned off permanently in future releases.
149
150	Master/Slave Setup Requirements
151	-------------------------------
152
153	Generally to enable a Master/Slave setup you have to take care of
154	following properties.
155
156	* The :ref:`setting-master`/:ref:`setting-slave` state has to be enabled in the respective ``/etc/powerdns/pdns.conf`` config files.
157	* The nameservers have to be set up correctly as NS domain records i.e. defining a NS and A record for each slave.
158	* Master/Slave state has to be configured on a per domain basis in the ``domains`` table. Namely the ``type`` column has to be either ``MASTER`` or ``SLAVE`` respectively and the slave needs a comma separated list of master node IP addresses in the ``master`` column in the ``domains`` table. :doc:`more to this topic <backends/generic-sql>`.
159
160	IXFR: incremental zone transfers
161	--------------------------------
162
163	If the 'IXFR' zone metadata item is set to 1 for a zone, PowerDNS will
164	attempt to retrieve zone updates via IXFR.
165
166	.. warning::
167	If a slave zone changes from non-DNSSEC to DNSSEC, an IXFR
168	update will not set the PRESIGNED flag. In addition, a change in NSEC3
169	mode will also not be picked up.
170
171	In such cases, make sure to delete the zone contents to force a fresh
172	retrieval.
173
174	Finally, IXFR updates that "plug" Empty Non Terminals do not yet remove
175	ENT records. A 'pdnsutil rectify-zone' may be required.
176
177	PowerDNS itself is currently only able to retrieve updates via IXFR. It
178	can not serve IXFR updates.
179
180	.. _supermaster-operation:
181
182	Supermaster: automatic provisioning of slaves
183	---------------------------------------------
184
185	PowerDNS can recognize so called 'supermasters'. A supermaster is a host
186	which is master for domains and for which we are to be a slave. When a
187	master (re)loads a domain, it sends out a notification to its slaves.
188	Normally, such a notification is only accepted if PowerDNS already knows
189	that it is a slave for a domain.
190
191	However, a notification from a supermaster carries more persuasion. When
192	PowerDNS determines that a notification comes from a supermaster and it
193	is bonafide, it can provision the domain automatically, and configure
194	itself as a slave for that zone.
195
196	Before a supermaster notification succeeds, the following conditions
49f9972c PL	197	must be met:
	198
	199	- The supermaster must carry a SOA record for the notified domain
	200	- The supermaster IP must be present in the 'supermaster' table
	201	- The set of NS records for the domain, as retrieved by the slave from the supermaster, must include the name that goes with the IP address in the supermaster table
	202	- If your master sends signed NOTIFY it will mark that TSIG key as the TSIG key used for retrieval as well
	203	- If you turn off :ref:`setting-allow-unsigned-supermaster`, then your supermaster(s) are required to sign their notifications.
0e2063c3 PL	204
	205	.. warning::
	206	If you use another PowerDNS server as master and have
	207	DNSSEC enabled on that server please don't forget to rectify the domains
	208	after every change. If you don't do this there is no SOA record
	209	available and one requirement will fail.
	210
	211	So, to benefit from this feature, a backend needs to know about the IP
	212	address of the supermaster, and how PowerDNS will be listed in the set
	213	of NS records remotely, and the 'account' name of your supermaster.
	214	There is no need to fill the account name out but it does help keep
	215	track of where a domain comes from.
	216
	217	.. note::
	218	Removal of zones provisioned using the supermaster must be
	219	done on the slaves themselves. As there is no way to signal this removal
	220	from the master to the slave.
	221
	222	.. _modes-of-operation-axfrfilter:
	223
	224	Modifying a slave zone using a script
	225	-------------------------------------
	226
	227	The PowerDNS Authoritative Server can invoke a Lua script on an incoming
	228	AXFR zone transfer. The user-defined function ``axfrfilter`` within your
	229	script is invoked for each resource record read during the transfer, and
	230	the outcome of the function defines what PowerDNS does with the records.
	231
	232	What you can accomplish using a Lua script: - Ensure consistent values
	233	on SOA - Change incoming SOA serial number to a YYYYMMDDnn format -
	234	Ensure consistent NS RRset - Timestamp the zone transfer with a TXT
	235	record
	236
	237	To enable a Lua script for a particular slave zone, determine the
	238	``domain_id`` for the zone from the ``domains`` table, and add a row to
	239	the ``domainmetadata`` table for the domain. Supposing the domain we
	240	want has an ``id`` of 3, the following SQL statement will enable the Lua
	241	script ``my.lua`` for that domain:
	242
	243	::
	244
	245	INSERT INTO domainmetadata (domain_id, kind, content) VALUES (3, "LUA-AXFR-SCRIPT", "/lua/my.lua");
	246
	247	.. warning::
	248	The Lua script must both exist and be syntactically
	249	correct; if not, the zone transfer is not performed.
	250
	251	Your Lua functions have access to the query codes through a pre-defined
	252	Lua table called ``pdns``. For example if you want to check for a CNAME
	253	record you can either compare ``qtype`` to the numeric constant 5 or the
	254	value ``pdns.CNAME`` -- they are equivalent.
	255
	256	If your function decides to handle a resource record it must return a
	257	result code of 0 together with a Lua table containing one or more
	258	replacement records to be stored in the back-end database (if the table
	259	is empty, no record is added). If you want your record(s) to be appended
	260	after the matching record, return 1 and table of record(s). If, on the
	261	other hand, your function decides not to modify a record, it must return
	262	-1 and an empty table indicating that PowerDNS should handle the
	263	incoming record as normal.
	264
	265	Consider the following simple example:
	266
	267	::
268
269	function axfrfilter(remoteip, zone, record)
270
271	-- Replace each HINFO records with this TXT
272	if record:qtype() == pdns.HINFO then
273	resp = {}
274	resp[1] = {
8b0f2ac7	275	qname = record:qname():toString(),
0e2063c3 PL	276	qtype = pdns.TXT,
	277	ttl = 99,
	278	content = "Hello Ahu!"
	279	}
	280	return 0, resp
	281	end
	282
	283	-- Grab each _tstamp TXT record and add a time stamp
8b0f2ac7	284	if record:qtype() == pdns.TXT and string.starts(record:qname():toString(), "_tstamp.") then
0e2063c3 PL	285	resp = {}
	286	resp[1] = {
	287	qname = record:qname():toString(),
	288	qtype = record:qtype(),
	289	ttl = record:ttl(),
	290	content = os.date("Ver %Y%m%d-%H:%M")
	291	}
	292	return 0, resp
	293	end
	294
	295	-- Append A records with this TXT
	296	if record:qtype() == pdns.A then
	297	resp = {}
	298	resp[1] = {
8b0f2ac7	299	qname = record:qname():toString(),
0e2063c3 PL	300	qtype = pdns.TXT,
	301	ttl = 99,
	302	content = "Hello Ahu, again!"
	303	}
	304	return 1, resp
	305	end
	306
	307	resp = {}
	308	return -1, resp
	309	end
	310
	311	function string.starts(s, start)
	312	return s.sub(s, 1, s.len(start)) == start
	313	end
	314
	315	Upon an incoming AXFR, PowerDNS calls our ``axfrfilter`` function for
	316	each record. All HINFO records are replaced by a TXT record with a TTL
	317	of 99 seconds and the specified string. TXT Records with names starting
	318	with ``_tstamp.`` get their value (rdata) set to the current time stamp.
	319	A records are appended with a TXT record. All other records are
	320	unhandled.