]> git.ipfire.org Git - thirdparty/pdns.git/blame - pdns/docs/pdns.sgml
projects / thirdparty / pdns.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
make our speed stats deal with multiple IP(v6) addresses per nameserver
[thirdparty/pdns.git] / pdns / docs / pdns.sgml
CommitLineData
12c86877 1<!DOCTYPE Book PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
cfd0f28a
BH		 2<book>
3 <bookinfo>
4 <title>PowerDNS manual</title>
5 <author>
12c86877
BH		 6 <affiliation>
7 <orgname>PowerDNS BV</orgname>
8 <address>
e6efd540 9 <email>pdns.bd@powerdns.com</email>
12c86877 10 </address>
12c86877
BH		 11 </affiliation>
12 </author>
13
279b6c46 14 <PubDate>v2.9.19 $Date$</PubDate>
12c86877
BH		 15
16 <Abstract>
17 <para>
18 <blockquote>
19 <LITERALLAYOUT>
20 It is a book about a Spanish guy called Manual. You should read it.
21 -- Dilbert
22 </LITERALLAYOUT>
23
cfd0f28a 24 </blockquote>
12c86877
BH		 25 </para>
26 </Abstract>
27
28
29 </BookInfo>
30
31 <Chapter id="powerdns">
32 <Title>The PowerDNS dynamic nameserver</Title>
33
34 <Para>
35 The PowerDNS daemon is a versatile nameserver which supports a large number
36 of backends. These backends can either be <link linkend="bindbackend">plain zonefiles</link> or be
37 <link linkend="pipebackend">more dynamic</link> in nature.
38 </Para>
12c86877
BH		 39 <Para>
40 Prime examples of backends include relational databases, but also
41 loadbalancing and failover algorithms.
42 </Para>
43 <para>
44 The company is called PowerDNS BV, the nameserver daemon is called PDNS.
45 </para>
46
47 <sect1 id="function-design"><title>Function &amp; design of PDNS</title>
48 <para>
49 PDNS is an authoritative only nameserver. It will answer questions about domains it knows about,
50 but will not go out on the net to resolve queries about other domains. However, it can use a
820c22a6
BH		 51 <link linkend="recursion">recursing backend</link> to provide that functionality. Depending
52 on your needs, this backend can either be the PowerDNS recursor or an external one.
12c86877
BH		 53 </para>
54 <para>
55 When PDNS answers a question, it comes out of the database, and can be trusted as being authoritative. There is
56 no way to pollute the cache or to confuse the daemon.
57 </para>
58 <para>
59 PDNS has been designed to serve both the needs of small installations by being easy to setup, as well as
60 for serving very large query volumes on large numbers of domains.
61 </para>
62 <para>
63 Another prime goal is <link linkend="security">security</link>. By the use of language features, the PDNS source code
64 is very small (in the order of 10.000 lines) which makes auditing easy. In the same way, library features have been used
65 to mitigate the risks of buffer overflows.
66 </para>
67 <para>
68 Finally, PDNS is able to give a lot of <link linkend="monitoring">statistics</link> on its operation which is both helpful in
69 determining the scalability of an installation as well as for spotting problems.
70 </para>
71 </sect1>
72 <sect1 id="about"><title>About this document</title>
73 <para>
74 If you are reading this document from disk, you may want to check <ulink url="http://doc.powerdns.com">http://doc.powerdns.com</ulink>
75 for updates. The PDF version is available on <ulink url="http://doc.powerdns.com/pdf">http://doc.powerdns.com/pdf</ulink>, a text file is
76 on <ulink url="http://doc.powerdns.com/txt">http://doc.powerdns.com/txt/</ulink>.
77 </para>
78 <sect1 id="changelog">
79 <title>Release notes</title>
80 <para>
81 Before proceeding, it is advised to check the release notes for your PDNS version, as specified in the name of the distribution
82 file.
83 </para>
124ff80a
BH		 84 <sect2 id="changelog-recursor-3-0-1"><title>Recursor version 3.0.1</title>
85 <para>
86 Released 25th of April 2006, <ulink url="http://www.powerdns.com/en/downloads.aspx">download</ulink>.
87 </para>
88 <para>
89 This release consists of nothing but tiny fixes to 3.0, including one with security implications. An upgrade is highly recommended.
90 </para>
91 <para>
92 <itemizedlist>
93 <listitem>
94 <para>
95 Compilation used both <filename>cc</filename> and <filename>gcc</filename>, leading to the possibility of compiling with different compiler versions (c766).
96 </para>
97 </listitem>
98 <listitem>
99 <para>
100 <command>rec_control</command> would leave files named <filename>lsockXXXXXX</filename> around in the configured socket-dir. Operators
101 may wish to remove these files from their socket-dir (often <filename>/var/run</filename>), quite a few might have accumulated already (c767).
102 </para>
103 </listitem>
104
105 <listitem>
106 <para>
107 Certain malformed packets could crash the recursor. As far as we can determine these packets could only lead to a crash,
108 but as always, there are no guarantees. A quick upgrade is highly recommended (commits C760, C761). Reported by David Gavarret.
109 </para>
110 </listitem>
111
112 <listitem>
113 <para>
114 Recursor would not distinguish between NXDOMAIN and NXRRSET (c756). Reported and debugged by Jorn Ekkelenkamp.
115 </para>
116 </listitem>
117 <listitem>
118 <para>
119 Some error messages and trace logging statements were improved (commits C756, C758, C759).
120 </para>
121 </listitem>
122 <listitem>
123 <para>
124 stderr was closed during daemonizing, but not dupped to /dev/null, leading to slight chance of odd behaviour on reporting errors (c757)
125 </para>
126 </listitem>
127 </itemizedlist>
128 Operating system specific fixes:
129 <itemizedlist>
130 <listitem>
131 <para>
132 The stock Debian sarge Linux kernel, 2.6.8, claims to support epoll but fails at runtime. The epoll self-testing code has been improved,
133 and PowerDNS will fall back to a select based multiplexer if needed (c758) Reported by Michiel van Es.
134 </para>
135 </listitem>
136 <listitem>
137 <para>
138 Solaris 8 compilation and runtime issues were addressed. See the README for details (c765). Reported by Juergen Georgi and Kenneth Marshall.
139 </para>
140 </listitem>
141 <listitem>
142 <para>
143 Solaris 10 x86_64 compilation issues were addressed (c755). Reported and debugged by Eric Sproul.
144 </para>
145 </listitem>
146 </itemizedlist>
147 </para>
148 </sect2>
6a5b669b
BH		 149 <sect2 id="changelog-recursor-3-0"><title>Recursor version 3.0</title>
150 <para>
151 Released 20th of April 2006, <ulink url="http://www.powerdns.com/en/downloads.aspx">download</ulink>.
152 </para>
153 <para>
154 This is the first separate release of the PowerDNS Recursor. There are many reasons for this, one of the most important ones is that
155 previously we could only do a release when both the recursor and the authoritative nameserver were fully tested and in good shape. The split
156 allows us to release new versions when each part is ready.
157 </para>
158 <para>
159 Now for the real news. This version of the PowerDNS recursor powers the network access of over two million internet connections. Two large
160 access providers have been running pre-releases of 3.0 for the past few weeks and results are good. Furthermore, the various pre-releases
161 have been tested nearly non-stop with DNS traffic replayed at 3000 queries/second.
162 </para>
163 <para>
164 As expected, the 2 million househoulds shook out some very rare bugs. But even a rare bug happens once in a while when there are this many users.
165 </para>
166 <para>
167 We consider this version of the PowerDNS recursor to be the most advanced resolver publicly available. Given current levels of spam, phishing
168 and other forms of internet crime we think no recursor should offer less than the best in spoofing protection. We urge all
169 operators of resolvers without proper spoofing countermeasures to consider PowerDNS, as it is a Better Internet Nameserver Daemon.
170 </para>
171 <para>
172 A good article on DNS spoofing can be found <ulink url="http://www.securesphere.net/download/papers/dnsspoof.htm">here</ulink>. Some
173 more information, based on a previous version of PowerDNS, can be found on the
174 <ulink url="http://blog.netherlabs.nl/articles/2006/04/14/holy-cow-1-3-million-additional-ip-addresses-served-by-powerdns">PowerDNS development blog</ulink>.
175 </para>
176 <para>
177 <warning>
178 <para>
179 Because of recent DNS based denial of service attacks, running an open recursor has become a security risk. Therefore, unless configured otherwise
180 this version of PowerDNS will only listen on localhost, which means it does not resolve for hosts on your network.
181 To fix, configure the <command>local-address</command> setting with all addresses you want to listen on. Additionally, by default
182 service is restricted to RFC 1918 private IP addresses. Use <command>allow-from</command> to selectively open up the recursor
183 for your own network. See <xref linkend="recursor-settings"> for details.
184 </para>
185 </warning>
186 </para>
187 <para>
188 Important new features of the PowerDNS recursor 3.0:
189 <itemizedlist>
190 <listitem>
191 <para>
192 Best spoofing protection and detection we know of. Not only is spoofing made harder by using a new network address for each query,
193 PowerDNS detects when an attempt is made to spoof it, and temporarily ignores the data. For details, see <xref linkend="anti-spoofing">.
194 </para>
195 </listitem>
196 <listitem>
197 <para>
198 First nameserver to benefit from epoll/kqueue/Solaris completion ports event reporting framework, for stellar performance.
199 </para>
200 </listitem>
201 <listitem>
202 <para>
203 Best statistics of any recursing nameserver we know of, see <xref linkend="recursor-stats">.
204 </para>
205 </listitem>
206 <listitem>
207 <para>
208 Last-recently-used based cache cleanup algorithm, keeping the 'best' records in memory
209 </para>
210 </listitem>
211 <listitem>
212 <para>
213 First class Solaris support, built on a 'try and buy' Sun CoolThreads T&nbsp;2000.
214 </para>
215 </listitem>
216 <listitem>
217 <para>
218 Full IPv6 support, implemented natively.
219 </para>
220 </listitem>
221 <listitem>
222 <para>
223 Access filtering, both for IPv4 and IPv6.
224 </para>
225 </listitem>
226 <listitem>
227 <para>
228 Experimental SMP support for nearly double performance. See <xref linkend="recursor-performance">.
229 </para>
230 </itemizedlist>
231 </para>
232 <para>
233 Many people helped package and test this release. Jorn Ekkelenkamp of ISP-Services helped find the '8000 SOAs' bug and spotted
234 many other oddities and <ulink url="http://www.xs4all.nl">XS4ALL</ulink> internet funded a lot of the recent development.
235 Joaqu&iacute;n M L&oacute;pez Mu&ntilde;oz of the boost::multi_index_container was again of great help.
236 </para>
237 </sect2>
820c22a6
BH		 238 <sect2 id="changelog-2-9-20"><title>Version 2.9.20</title>
239 <para>
3fdc8bb3 240 Released the 15th of March 2006
820c22a6 241 </para>
cfd0f28a
BH		 242 <para>
243 Besides adding OpenDBX, this release is mostly about fixing problems and speeding up the recursor. This release has been made possible by
820c22a6
BH		 244 <ulink url="http://www.xs4all.nl">XS4ALL</ulink> and <ulink url="http://true.nl">True</ulink>. Thanks!
245 </para>
246 <para>
247 Furthermore, we are very grateful for the help of Andrew Pinski, who hacks on gcc, and of Joaqu&iacute;n M L&oacute;pez Mu&ntilde;oz, the
248 author of <ulink url="http://www.boost.org/libs/multi_index/doc/index.html">boost::multi_index_container</ulink>. Without their
249 near-realtime help this release would've been delayed a lot. Thanks!
cfd0f28a
BH		 250 </para>
251 <para>
252 Bugs fixed in the recursor:
253 <itemizedlist>
254 <listitem>
255 <para>
256 Possible stability issues in the recursor on encountering errors (c532, c533)
257 </para>
258 </listitem>
259 <listitem>
260 <para>
261 Memory leaks in recursor fixed (c534, c572). In a test 800 million real life DNS packets have been sent to the
262 recursor, representing several days of traffic from a major ISP, memory use was high (500MB), but stable.
263 </para>
264 </listitem>
265 <listitem>
266 <para>
267 Prune all data in PowerDNS - previously per-nameserver and per-query performance
268 statistics were kept around forever (c535)
269 </para>
270 </listitem>
271 <listitem>
272 <para>
273 IPv6 additional processing was broken. Reported by Lionel Elie Mamane, who also provided a fix. The problem
274 was fixed differently in the end. c562.
275 </para>
276 </listitem>
277 <listitem>
278 <para>
279 pdns_recursor did not shuffle answers since 2.9.19, leading to problems sending mail to the Hotmail servers.
280 Reported in t54, fixed in c567.
281 </para>
282 </listitem>
283 <listitem>
284 <para>
285 If a single nameserver had multiple IP addresses listed, PowerDNS would only use one of them. Noted by
286 Mark Martin, fixed in c570, who depends on a domain with 4 nameserver IP addresses of which 2 are broken.
287 </para>
288 </listitem>
289
290
291
292 </itemizedlist>
293
294 Improvements to the recursor:
295 <itemizedlist>
296 <listitem>
297 <para>
99173b8b 298 Commits C535, C540, C541, C542, C543, C544, C545, C547 and C548, C574 all speed up the recursor by a large factor,
cfd0f28a
BH		 299 without altering the DNS algorithm.
300 </para>
301 </listitem>
99173b8b
BH		 302 <listitem>
303 <para>
92294b60
BH		 304 Move recursor to the incredible boost::multi_index_container (c580). This brings a huge improvement
305 in cache pruning times.
99173b8b
BH		 306 </para>
307 </listitem>
cfd0f28a
BH		 308 <listitem>
309 <para>
310 c549 and c550 work around gcc bug <ulink url="http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24704">24704</ulink>
311 if requested, which speeds up the recursor a lot, but involves a dirty hack. Enable with
312 <command>./configure --enable-gcc-skip-locking</command>. No guarantees!
313 </para>
314 </listitem>
315 </itemizedlist>
316
317 Bugs fixed in the authoritative nameserver:
318 <itemizedlist>
319 <listitem>
320 <para>
321 PowerDNS would no longer allow a '/' in domain names, fixed by c537, reported in t48.
322 </para>
323 </listitem>
99173b8b
BH		 324 <listitem>
325 <para>
326 Parameters to <command>pdns_control notify-host</command> were not checked, leading to
327 possible crashes. Reported in t24, fixed in c565.
328 </para>
329 </listitem>
cfd0f28a
BH		 330 <listitem>
331 <para>
332 On some compilers, processing of NAPTR records could cause the server to crash. Reported by Bernd Froemel
333 in t29, fixed in c538.
334 </para>
335 </listitem>
92294b60
BH		 336 <listitem>
337 <para>
338 Backend errors could make the whole nameserver exit under some circumstances, notably using the LDAP backend. Fixed in c583, reported in
339 t62.
340 </para>
341 </listitem>
cfd0f28a
BH		 342 <listitem>
343 <para>
344 Referrals were subtly broken by recent CNAME/Wildcard improvements, fixed in c539. Fix and other
345 improvements sponsored by <ulink url="http://true.nl">True</ulink>.
346 </para>
347 </listitem>
348 <listitem>
349 <para>
350 PowerDNS would try to insert records it has no knowledge about in slave zones, which did not work. Reported
351 in t60, fixed in c566. A superior fix would be to implement the relevant unknown record standard.
352 </para>
353 </listitem>
354 </itemizedlist>
355 Improvements to the authoritative nameserver:
356 <itemizedlist>
357 <listitem>
358 <para>
359 Pipebackend did not properly propagate the ABI version to its children, fixed in c546, reported by
360 kickdaddy@gmail.com in t45.
361 </para>
362 </listitem>
363 <listitem>
364 <para>
365 <ulink url="http://www.linuxnetworks.de/pdnsodbx/index.html">OpenDBX</ulink> backend added
366 (c559, c560, c561) by Norbert Sendetzky. From the website:
367 <quote>
368 The OpenDBX backend enables it to fetch DNS information from every DBMS supported by the OpenDBX library
369 and combines the power of one of the best DNS server implementations with the flexibility of the OpenDBX
370 library.
371 </quote>
372 OpenDBX adds some other features like database failover. Thanks Norbert!
373 </para>
374 </listitem>
375 <listitem>
376 <para>
377 LDAP fixes as reported in t37, fixed in c558, which maked <command>pdns_control notify</command>
378 work.
379 </para>
380 </listitem>
381 <listitem>
382 <para>
383 Arjo Hooimeijer added support for soa-refresh-default, soa-retry-default,
384 soa-expire-default, which were previously hardcoded. c563 and fallout in c573 (thanks to Wolfram Schlich).
385 </para>
386 </listitem>
387 </itemizedlist>
388 Miscellaneous:
389 <itemizedlist>
390 <listitem>
391 <para>
392 Fixes for g++ 4.1. Compiling with 4.1 realizes notable speedups. c568, c569.
393 </para>
394 </listitem>
395 <listitem>
396 <para>
397 PowerDNS now reports if it is running in 32 or 64 bit mode, useful for bi-arch users that need
398 to know if they are benefitting from <ulink url="http://www.amd.com">their great processor</ulink>. c571.
399 </para>
400 </listitem>
401 <listitem>
402 <para>
99173b8b
BH		 403 <command>dnsscope</command> compiles again, c551, c564 (FreeBSD 64-bit time_t).
404 </para>
405 </listitem>
406 <listitem>
407 <para>
408 <command>dnsreplay_mindex</command> compiles again, fixed by c572. Its performance, and the performance of the recursor
409 was improved by c559.
cfd0f28a
BH		 410 </para>
411 </listitem>
412 <listitem>
413 <para>
414 Build scripts were added, mostly for internal use but we know some PowerDNS users build their
415 own packages too. c553, c554, c555, c556, c557.
416 </para>
417 </listitem>
418 <listitem>
419 <para>
420 <filename>bootstrap</filename> script was not included in release. Thanks to Stefan Arentz for noticing. Fixed in c574.
421 </para>
422 </listitem>
423 </itemizedlist>
424 </para>
425 </sect2>
279b6c46 426 <sect2 id="changelog-2-9-19"><title>Version 2.9.19</title>
b0d4fb45 427 <para>
279b6c46 428 Released 29th of October 2005.
b0d4fb45
BH		 429 </para>
430 <para>
431 As with other recent releases, the usage of PowerDNS appears to have skyrocketed. Informal, though strict, measurements show
432 that PowerDNS now powers around 50% of all German domains, and somewhere in the order of 10-15% of the rest of the world. Furthermore,
433 DNS is set to take a central role in connecting Voice over IP providers, with PowerDNS offering a very good feature set for these ENUM
434 deployments. PowerDNS is already powering the E164.info ENUM zone and also acts as the backend for a major VoIP provisioning platform.
435 </para>
436 <para>
437 Included in this release is the now complete packet parsing/generating, record parsing/generating infrastructure. Furthermore,
438 this framework is used by the recursor, hopefully making it very fast, memory efficient and robust. Many records are now processed
279b6c46
BH		 439 using a single line of code. This has made the recursor a lot stricter in packet parsing, you will see some error messages
440 which did not appear before. Rest assured however that these only happen for queries which have no valid answer in any case.
b0d4fb45
BH		 441 </para>
442 <para>
443 Furthermore, support for DNSSEC records is available in the new infrastructure, although is should be emphasised that there is more
444 to DNSSEC than parsing records. There is no real support for DNSSEC (yet).
445 </para>
446 <para>
447 Additionally, the BIND Backend has been replaced by what was up to now known as the 'Bind2Backend'. Initial benchmarking appears
448 to show that this backend is faster, uses less memory and has shorter startup times. The code is also shorter.
449 </para>
450 <para>
451 This release fixes a number of embarassing bugs and is a recommended upgrade.
452 </para>
279b6c46
BH		 453 <para>
454 Thanks are due to <ulink url="http://www.xs4all.nl">XS4ALL</ulink> who are supporting continuing development of PowerDNS,
455 the fruits of which can be found in this release already. Furthermore, a remarkable number of people have helped report bugs,
456 validate solutions or have submitted entire patches. Many thanks!
457 </para>
b0d4fb45
BH		 458 <para>
459 Improvements:
460 <itemizedlist>
461 <listitem>
462 <para>
463 dnsreplay now has a help message and has received further massive updates, making the code substantially faster. It turns out that dnsreplay
279b6c46 464 is often 'heavier' than the PowerDNS process being benchmarked.
b0d4fb45
BH		 465 </para>
466 </listitem>
467 <listitem>
468 <para>
469 PowerDNS recursor no longer prints out its queries by default as most recursor deployments have too much traffic
470 for this to be useful.
471 </para>
472 </listitem>
049c0511
BH		 473 <listitem>
474 <para>
475 PowerDNS recursor is now able to read its root-hints from disk, which is useful to operate with
476 alternate roots, like the <ulink url="http://www.orsn.org">Open Root Server Network</ulink>. See
477 <xref linkend="built-in-recursor">.
478 </para>
479 </listitem>
eab7dbda
BH		 480 <listitem>
481 <para>
482 PowerDNS can now send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth
483 but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken
484 recursors.
485 </para>
486 </listitem>
b0d4fb45
BH		 487 <listitem>
488 <para>
489 PowerDNS now prints out a warning when running with legacy LinuxThreads implementation instead of the high performance NPTL
cfd0f28a 490 library, see <xref linkend="nptl">. c455.
b0d4fb45
BH		 491 </para>
492 </listitem>
493 <listitem>
494 <para>
495 A lot of superfluous calls to gettimeofday() have been removed, making PowerDNS and especially the recursor faster. Suggested by Kai.
496 </para>
497 </listitem>
498 <listitem>
499 <para>
cfd0f28a 500 SPF records are now supported natively. c472, closing t22.
b0d4fb45
BH		 501 </para>
502 </listitem>
503 <listitem>
504 <para>
cfd0f28a 505 Improved IPv6 'bound to' messages. Thanks to Niels Bakker, Wichert Akkerman and Gerty de Wolf for suggestions.
b0d4fb45
BH		 506 </para>
507 </listitem>
508 <listitem>
509 <para>
cfd0f28a 510 Separate graphs can now be made of IPv6 queries and answers. c485.
b0d4fb45
BH		 511 </para>
512 </listitem>
513 <listitem>
514 <para>
cfd0f28a 515 Out of zone additional processing is now on by default to better comply with standards. c487.
b0d4fb45
BH		 516 </para>
517 </listitem>
518 <listitem>
519 <para>
520 Regression tests have been expanded to deal with more record types (SRV, NAPTR, TXT, duplicate SRV).
521 </para>
522 </listitem>
523 <listitem>
524 <para>
525 Improved query-logging in Bindbackend, which can be used for debugging purposes.
526 </para>
527 </listitem>
279b6c46
BH		 528 <listitem>
529 <para>
530 Dropped libpcap dependency, making compilation easier
531 </para>
532 </listitem>
b0d4fb45
BH		 533 <listitem>
534 <para>
535 pdns_control now has a help message.
536 </para>
537 </listitem>
538 <listitem>
539 <para>
540 Add RRSIG, DNSKEY, DS and NSEC records for DNSSEC-bis to new parser infrastructure.
541 </para>
542 </listitem>
543 <listitem>
544 <para>
545 Recursor now honours EDNS0 allowing it to send out larger answers.
546 </para>
547 </listitem>
548 </itemizedlist>
549 </para>
550
551 <para>
552 Bugs fixed:
553 <itemizedlist>
554 <listitem>
555 <para>
556 Domain name validation has been made a lot stricter - it turns out PostgreSQL was interpreting some (corrupt) domain names
cfd0f28a 557 as unicode. Tested and suggested by Register.com (c451).
b0d4fb45
BH		 558 </para>
559 </listitem>
560 <listitem>
561 <para>
cfd0f28a 562 LDAP backend did not compile (commits C452, C453) due to partially applied patch (Norbert Sendetzky)
b0d4fb45
BH		 563 </para>
564 </listitem>
565 <listitem>
566 <para>
cfd0f28a 567 Incoming zone transfers work reliably again. Fixed in c460 and beyond. And c523 - closing Debian bug 330184.
b0d4fb45
BH		 568 </para>
569 </listitem>
570 <listitem>
571 <para>
cfd0f28a 572 Recent g++ versions exposed a mistake in the PowerDNS recursor cache pruning code, causing random crashes. Fixed in c465. Reported by
b0d4fb45
BH		 573 several Red Hat users.
574 </para>
575 </listitem>
576 <listitem>
577 <para>
cfd0f28a
BH		 578 PowerDNS recursor, and MTasker in general, did not work on Solaris. Patch by Juergen Ilse, c471. Also moved most of PowerDNS over to
579 uint32_t style typedefs, which eases compilation problems on Solaris, c477.
b0d4fb45
BH		 580 </para>
581 </listitem>
582 <listitem>
583 <para>
cfd0f28a 584 Bindbackend2 did not properly search its include path for $INCLUDE statements. Noted by Mark Bergsma, c474.
b0d4fb45
BH		 585 </para>
586 </listitem>
587 <listitem>
588 <para>
589 Bindbackend did not notice changed zones, this problem has been fixed by the move to Bind2.
590 </para>
591 </listitem>
751f7add
BH		 592 <listitem>
593 <para>
cfd0f28a 594 Pipebackend did not clean up, leading to an additional pipe backend per AXFR or pdns_control reload. Discovered by Marc Jauvin, fixed by c525.
751f7add
BH		 595 </para>
596 </listitem>
279b6c46 597
751f7add
BH		 598 <listitem>
599 <para>
600 Bindbackend (both old and current versions) did not honour 'include' statements in <filename>named.conf</filename>
cfd0f28a 601 on <command>pdns_control rediscover</command>. Noted by Marc Jauvin, fixed by c526.
751f7add
BH		 602 </para>
603 </listitem>
b0d4fb45
BH		 604 <listitem>
605 <para>
cfd0f28a 606 Zone transfers were sometimes shuffled, which wastes useless time, c478.
b0d4fb45
BH		 607 </para>
608 </listitem>
609 <listitem>
610 <para>
cfd0f28a 611 CNAMEs and Wildcards now work as in Bind, fixing many complaints, c487.
b0d4fb45
BH		 612 </para>
613 </listitem>
614 <listitem>
615 <para>
cfd0f28a 616 NAPTR records were compressed, which would work, but was in violation of the RFC, commit 493.
b0d4fb45
BH		 617 </para>
618 </listitem>
619 <listitem>
620 <para>
cfd0f28a 621 NAPTR records were not always parsed correctly from BIND zonefiles, fixed, commit 494.
b0d4fb45
BH		 622 </para>
623 </listitem>
624 <listitem>
625 <para>
cfd0f28a 626 Geobackend needed additional include statement to compile on more recent Linux distrbutions, commit 496.
b0d4fb45
BH		 627 </para>
628 </listitem>
629 </itemizedlist>
630 </para>
631 </sect2>
2deee4d2
BH		 632 <sect2 id="changelog-2-9-18"><title>Version 2.9.18</title>
633 <para>
5a0f9e64 634 Released on the 16th of July 2005.
2deee4d2 635 </para>
50c56696 636 <para>
d3fa6582
BH		 637 The '8 million domains' release, which also marks the battle readiness of the PowerDNS Recursor. The latest improvements have been made possible
638 by financial support and contributions by <ulink url="http://register.com">Register.com</ulink> and
2deee4d2 639 <ulink url="http://www.xs4all.nl/">XS4ALL</ulink>. Thanks!
d3fa6582
BH		 640 </para>
641 <para>
5a0f9e64
BH		 642 This release brings a number of new features (vastly improved recursor, Generic Oracle Support, DNS analysis and replay tools, and more)
643 but also has a new build dependency, the <ulink url="http://www.boost.org">Boost library</ulink> (version 1.31 or higher).
50c56696 644 </para>
9c6f5deb
BH		 645 <para>
646 Currently several big ISPs are evaluating the PowerDNS recursor for their resolving needs, some of them have switched already.
d3fa6582 647 In the course of testing, over 350 million actual queries have been recorded and replayed, the answers turn out to be satisfactorily.
9c6f5deb
BH		 648 </para>
649 <para>
650 This testing has verified that the pdns recursor, as shipped in this release, can stand up to heavy duty ISP loads
2deee4d2 651 (over 20000 queries/second) and in fact does so better than major other nameservers, giving more complete answers and being faster to boot.
9c6f5deb
BH		 652 </para>
653 <para>
654 We invite ISPs who note recursor problems to record their problematic traffic and replay it using the tools described in
655 <xref linkend="analysis"> to discover if PowerDNS does a better job, and to let us know the results.
656 </para>
5a0f9e64
BH		 657 <para>
658 Additionally, the bind2backend is almost ready to replace the stock bind backend. If you run with Bind zones, you are cordially invited
659 to substitute 'launch=bind2' for 'launch=bind'. This will happen automatically in 2.9.19!
660 </para>
9c6f5deb
BH		 661 <para>
662 In other news, the entire Wikipedia constellation now runs on PowerDNS using the Geo Backend! Thanks to Mark Bergsma
663 for keeping us updated.
664 </para>
50c56696 665 <para>
5a0f9e64
BH		 666 There are two bugs with security implications, which only apply to installations running with the LDAP backend, or installations providing recursion
667 to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised:
50c56696
BH		 668 <itemizedlist>
669 <listitem>
670 <para>
5a0f9e64
BH		 671 The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved,
672 but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)
50c56696
BH		 673 </para>
674 </listitem>
675 <listitem>
676 <para>
5a0f9e64
BH		 677 Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan.
678 This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and
679 not a denial of a domain's existence.
50c56696
BH		 680 </para>
681 </listitem>
5a0f9e64
BH		 682 </itemizedlist>
683 </para>
684 <para>
685 General bugs fixed:
686 <itemizedlist>
50c56696
BH		 687 <listitem>
688 <para>
5a0f9e64 689 TCP authoritative server would not relaunch a backend after failure (reported by Norbert Sendetzky)
50c56696
BH		 690 </para>
691 </listitem>
692 <listitem>
693 <para>
5a0f9e64 694 Fix backend restarting logic (reported, and fix suggested by Norbert Sendetzky)
50c56696
BH		 695 </para>
696 </listitem>
5a0f9e64
BH		 697 <listitem>
698 <para>
699 Launching identical backends multiple times, with different settings, did not work. Reported by Mario Manno.
700 </para>
701 </listitem>
702
50c56696
BH		 703 <listitem>
704 <para>
705 Master/slave queries did not honour the <command>query-local-address</command> setting. Spotted by David Levy of Register.com.
706 The fix also randomises the local port used, slightly improving security.
707 </para>
708 </listitem>
709 </itemizedlist>
710 </para>
711 <para>
712 Compilation fixes:
713 <itemizedlist>
714 <listitem>
715 <para>
716 Fix compile on Solaris, they define 'PC' for some reason. Reported by Eric Yiu.
717 </para>
718 </listitem>
719 <listitem>
720 <para>
721 PowerDNS recursor would not compile on FreeBSD due to Linux specific defines, as reported in cvstrac ticket 26 (Ralf van der Enden)
722 </para>
723 </listitem>
724 <listitem>
725 <para>
726 Several 64 bits issues have been fixed, especially in the Logging subsystem.
727 </para>
728 </listitem>
729 <listitem>
730 <para>
731 SSQLite would fail to compile on recent Debian systems (Matthijs Mohlmann)
732 </para>
733 </listitem>
9c6f5deb
BH		 734 <listitem>
735 <para>
736 Generic MySQL would not compile on 64-bit platforms.
737 </para>
738 </listitem>
50c56696
BH		 739 </itemizedlist>
740 </para>
741 <para>
742 Improvements:
743 <itemizedlist>
744 <listitem>
745 <para>
746 PowerDNS now reports stray command line arguments, like when running '--local-port 5300' instead of '--local-port=5300'. Reported by Christian Welzel.
747 </para>
748 </listitem>
749 <listitem>
750 <para>
751 We now warn against erroneous logging-facility specification, ie specifying an unknown facility.
752 </para>
753 </listitem>
754 <listitem>
755 <para>
756 <command>--version</command> now outputs gcc version used, so we can tell people 2.95 is no longer supported.
757 </para>
758 </listitem>
759 <listitem>
760 <para>
9c6f5deb 761 Extended regression tests, moved them to the new 'sdig' tool (see below).
50c56696
BH		 762 </para>
763 </listitem>
764 <listitem>
765 <para>
9c6f5deb
BH		 766 Bind2backend is now blazingly fast, and highly memory efficient to boot. As a special bonus it can read gzipped zones directly. The '.NET' zone
767 is hosted using 401MB of memory, the same size as the zone on disk.
50c56696
BH		 768 </para>
769 </listitem>
770 <listitem>
771 <para>
772 The Pipe Backend has been improved such that it can send out different answers based on the IP address the question was received ON. See
773 <xref linkend="pipebackend-protocol"> for how this changed the Pipe Backend protocol. Note that you need to set
774 <command>pipebackend-abi-version</command> to benefit from this change, existing clients are not affected. Change and documentation contributed
775 by Marc Jauvin of Register4Less.
776 </para>
777 </listitem>
9c6f5deb
BH		 778 <listitem>
779 <para>
780 LDAP backend has been updated (Norbert Sendetzky).
781 </para>
782 </listitem>
50c56696
BH		 783 </itemizedlist>
784 </para>
785 <para>
9c6f5deb
BH		 786 Recursor improvements and fixes.
787 See <xref linkend="recursion"> for details. The changes below mean that all of the caveats listed for the recursor have now been addressed.
50c56696
BH		 788 <itemizedlist>
789 <listitem>
790 <para>
791 After half an hour of uptime, the entire cache would be pruned for each packet, which is a tad slow. It now appears
792 the pdns recursor is among the faststest around.
793 </para>
794 </listitem>
d3fa6582
BH		 795 <listitem>
796 <para>
797 Under high loads, or when unlucky, some query mthreads would get 'stuck', and show up in the statistics as eternally running queries.
798 </para>
799 </listitem>
50c56696
BH		 800 <listitem>
801 <para>
802 Lots of redundant gettimeofday() and time() calls were removed, which has resulted in a measurable speedup.
803 </para>
804 </listitem>
805 <listitem>
806 <para>
807 pdns_recursor can now listen on several addresses simultaneously.
808 </para>
809 </listitem>
810 <listitem>
811 <para>
812 Now supports setuid and setgid operation to allow running as a less privileged user (Bram Vandoren)
813 </para>
814 </listitem>
815 <listitem>
816 <para>
817 Return code of pdns_recursor binary did not make sense (Matthijs Mohlmann and Thomas Hood)
818 </para>
819 </listitem>
820 <listitem>
821 <para>
822 Timeouts and errors are now split out in statistics.
823 </para>
824 </listitem>
825 <listitem>
826 <para>
827 Many people reported broken statistics, it turned out that no statistics were being reported if there had been no questions to base them on.
828 We now log a message to that effect.
829 </para>
830 </listitem>
831 <listitem>
832 <para>
833 Add <command>query-local-address</command> support, which allows the recursor to send questions from a specific IP address. Useful
834 for anycast setups.
835 </para>
836 </listitem>
837 <listitem>
838 <para>
839 Add outgoing TCP query support and proper truncated answer support. Needed for Worldnic Denial of Service protection, which
840 sends out truncated packets to force clients to connect over TCP, which prevents spoofing.
841 </para>
842 </listitem>
843 <listitem>
844 <para>
845 Properly truncate our own answers.
846 </para>
847 </listitem>
848 <listitem>
849 <para>
850 Improve our TCP answers by using writev, which is slightly friendlier to the network.
851 </para>
852 </listitem>
2deee4d2
BH		 853 <listitem>
854 <para>
855 On FreeBSD, TCP errors could cause the recursor to exit suddenly due to a SIGPIPE signal.
856 </para>
857 </listitem>
50c56696
BH		 858 <listitem>
859 <para>
860 Maximum number of simultaneous client TCP connections can now be limited with the <command>max-tcp-clients</command> setting.
861 </para>
862 </listitem>
863 <listitem>
864 <para>
865 Add agressive timeouts for TCP clients to make sure resources are not wasted. Defaults to two seconds, can be
866 configured with the <command>client-tcp-timeout</command> setting.
867 </para>
868 </listitem>
869 </itemizedlist>
870 </para>
871 <para>
872 Backend fixes:
873 <itemizedlist>
874 <listitem>
875 <para>
876 SQLite backend would not slave properly (Darron Broad)
877 </para>
878 </listitem>
879 <listitem>
880 <para>
881 Generic MySQL would not compile on 64-bit platforms.
882 </para>
883 </listitem>
884 </itemizedlist>
885 </para>
886 <para>
887 New technology:
888 <itemizedlist>
889 <listitem>
890 <para>
891 Added the new DNS parser logic, called MOADNSParser. Completely modular, every memory access checked.
892 </para>
893 </listitem>
894 <listitem>
895 <para>
896 'sdig', a simple dig workalike with 'canonical' output, which is used for the regression tests. Based on the new DNS parser logic.
897 </para>
898 </listitem>
899 <listitem>
900 <para>
901 <command>dnswasher</command>, <command>dnsreplay</command> and <command>dnsscope</command>, all DNS analysis tools. See <xref linkend="analysis">
902 for more details.
903 </para>
904 </listitem>
50c56696
BH		 905 <listitem>
906 <para>
907 Generic Oracle Backend, sponsored by Register.COM. See <xref linkend="goracle">.
908 </para>
909 </listitem>
910 </itemizedlist>
911 </para>
912 </sect2>
913
11a2091b
BH		 914 <sect2 id="changelog-2-9-17"><title>Version 2.9.17</title>
915 <para>
50c56696 916 See <ulink url="http://wiki.powerdns.com/projects/trac/timeline">the new timeline</ulink> for progress reports.
11a2091b
BH		 917 </para>
918 <para>
cfa31ebd
BH		 919 The 'million domains' release - PowerDNS has now firmly established itself as a major player with the
920 unofficial count (ie, guesswork) now at over two million PowerDNS domains! Also, the GeoBackend has been tested
921 by a big website and may soon see wider deployment. Thanks to Mark Bergsma for spreading the word!
922 </para>
923 <para>
924 It is also a release with lots of changes and fixes. Take care when deploying!
925 </para>
926 <para>
927 Security issues:
11a2091b
BH		 928 <itemizedlist>
929 <listitem>
930 <para>
cfa31ebd
BH		 931 PowerDNS could be temporarily DoSed using a random stream of bytes. Reported cause of this has been fixed.
932 </para>
933 </listitem>
934 </itemizedlist>
935 </para>
936 <para>
937 Enhancements:
938 <itemizedlist>
939 <listitem>
940 <para>
941 Reported version can be changed, or removed - see the "version-string" setting.
942 </para>
943 </listitem>
944 <listitem>
945 <para>
946 Duplicate MX records are now no longer considered duplicate if their priorities differ. Some people need this feature for
947 spam filtering.
948 </para>
949 </listitem>
950 </itemizedlist>
951 </para>
952 <para>
953 Bug fixes:
954 <para>
955 <itemizedlist>
956 <listitem>
957 <para>
958 NAPTR records can now be slaved, patch by Lorens Kockum.
11a2091b
BH		 959 </para>
960 </listitem>
961 <listitem>
962 <para>
cfa31ebd 963 GMySQL now works on Solaris
11a2091b
BH		 964 </para>
965 </listitem>
966 <listitem>
967 <para>
cfa31ebd 968 PowerDNS could be confused by questions with a %-sign in them - fixing cvstrac ticket #16 (reported by dilinger at voxel.net)
11a2091b
BH		 969 </para>
970 </listitem>
cfa31ebd 971
11a2091b
BH		 972 <listitem>
973 <para>
cfa31ebd
BH		 974 An authentication bug in the webserver was possibly fixed, please report if you were suffering from this. Being unable
975 to authenticate to the webserver was what you would've noticed.
11a2091b
BH		 976 </para>
977 </listitem>
978 <listitem>
979 <para>
cfa31ebd
BH		 980 Fix for cvstrac ticket #2, PowerDNS could lose sync when sending out a very large number of notifications. Excellent bug report
981 by Martin Hoffman, who also improved our original bugfix.
982 </para>
983 </listitem>
984 <listitem>
985 <para>
986 Fix the oldest PowerDNS bug in existence - under some circumstances, PowerDNS would log to syslog one character at a time.
987 This was cvstrac ticket #4
988 </para>
989 </listitem>
990 <listitem>
991 <para>
992 HINFO records can now be slaved, fixing cvstrac ticket #8.
993 </para>
994 </listitem>
995 <listitem>
996 <para>
997 pdns_recursor could block under some circumstances, especially in case of corrupt UDP packets. Reported by Wichert Akkerman. Fix by
998 Christopher Meer. This was cvstrac ticket #13.
999 </para>
1000 </listitem>
1001 <listitem>
1002 <para>
1003 Large SOA serial numbers would sometimes be logged as a signed integer, leading to negative numbers in the log.
1004 </para>
1005 </listitem>
1006 <listitem>
1007 <para>
1008 PowerDNS now fully supports 32 bit SOA serial numbers (thanks to Mark Bergsma), closing cvstrac ticket #5.
1009 </para>
1010 </listitem>
1011 <listitem>
1012 <para>
1013 pdns_recursor --local-address help text was wrong.
1014 </para>
1015 </listitem>
1016 <listitem>
1017 <para>
1018 Very devious bug - PowerDNS did not clear its cache before sending out update notifications, leading slaves
1019 to conclude there was no update to AXFR. Excellent debugging by mkuchar at wproduction.cz.
1020 </para>
1021 </listitem>
1022 <listitem>
1023 <para>
1024 Probably fixed cvstrac ticket #26, which caused pdns_recursor to fail on recent FreeBSD 5.3 systems. Please check,
1025 I have no such system to test on.
1026 </para>
1027 </listitem>
1028 <listitem>
1029 <para>
1030 Geobackend did not get built for Debian.
11a2091b
BH		 1031 </para>
1032 </listitem>
1033 </itemizedlist>
1034 </para>
1035 </sect2>
a899e13a
BH		 1036 <sect2 id="changelog-2-9-16"><title>Version 2.9.16</title>
1037 <para>
1038 The 'it must still be Friday somewhere' release. Massive number of fixes, portability improvements and
1039 the new Geobackend by Mark Bergsma &amp; friends.
1040 </para>
1041 <para>
1042 New:
1043 <itemizedlist>
1044 <listitem>
1045 <para>
1046 The Geobackend which makes it possible to send different answers to different IP ranges. Initial documentation
1047 can be found in pdns/modules/geobackend/README.
1048 </para>
1049 </listitem>
1050 <listitem>
1051 <para>
1052 qgen query generation tool. Nearly completely undocumented and hard to build too, it requires Boost. But very
1053 spiffy. Use <command>cd pdns; make qgen</command> to build it.
1054 </para>
1055 </listitem>
1056 </itemizedlist>
1057 </para>
1058 <para>
1059 Bugfixes:
1060 <itemizedlist>
1061 <listitem>
1062 <para>
99bd2dae 1063 The most reported bug ever was fixed. Zone2sql required the inclusion of unistd.h, except on Debian unstable.
a899e13a
BH		 1064 </para>
1065 </listitem>
1066 <listitem>
1067 <para>
1068 PowerDNS tried to listen on its control "pipe" which does not work. Probably harmless, but might have caused some
1069 oddities.
1070 </para>
1071 </listitem>
1072 <listitem>
1073 <para>
1074 The Packet Cache did not always set its TTL immediately, causing some packets to be inserted, even when running
1075 with the cache disabled (Mark Bergsma).
1076 </para>
1077 </listitem>
1078 <listitem>
1079 <para>
1080 Valgrind found some unitialized reads, causing bogus values in the priority field when it was not needed
1081 </para>
1082 </listitem>
1083 <listitem>
1084 <para>
1085 Valgrind found a bug in MTasker where we used delete instead of delete[].
1086 </para>
1087 </listitem>
1088 <listitem>
1089 <para>
1090 SOA serials and other parameters are unsigned.
1091 This means that very large SOA serial numbers would be messed up (Michel Stol, Stefano Straus)
1092 </para>
1093 </listitem>
1094 <listitem>
1095 <para>
1096 PowerDNS left its controlsocket around after exit and reported confusing errors if a socket was
1097 already in use.
1098 </para>
1099 </listitem>
1100 <listitem>
1101 <para>
1102 The recursor proxy did not work on big endian systems like SPARC and some MIPS processors (Remco Post)
1103 </para>
1104 </listitem>
1105 <listitem>
1106 <para>
1107 We no longer dump core on processing LOC records on UltraSPARC (Andrew Mulholland supplied a testing machine)
1108 </para>
1109 </listitem>
1110 </itemizedlist>
1111 </para>
1112 <para>
1113 Improvements:
1114 <itemizedlist>
1115 <listitem>
1116 <para>
1117 MySQL can now connect to a specified port again (Chris Anderton)
1118 </para>
1119 </listitem>
1120 <listitem>
1121 <para>
1122 When running chroot()ed and with master or slave support active, PowerDNS needs to resolve domain names
1123 to find slaves. This in turn may require access to certain libraries. Previously, these needed to be available
1124 in the chroot directory but by forcing an initial lookup, these libraries are now loaded before the chrooting.
1125 </para>
1126 </listitem>
1127 <listitem>
1128 <para>
1129 pdns_recursor was very slow after having done a larger number of queries because of the checks
1130 to see if a query should be throttled. This is now done using a set which is a lot faster than the previous
1131 full sequential scan.
1132 </para>
1133 </listitem>
1134 <listitem>
1135 <para>
1136 The throttling code may not have throttled as much as was configured.
1137 </para>
1138 </listitem>
1139 <listitem>
1140 <para>
1141 Yet another big LDAP update. The LDAP backend now loadbalances connections over several hosts (Norbert Sendetzky)
1142 </para>
1143 </listitem>
1144 <listitem>
1145 <para>
1146 Updated b.root-servers.net address in the recursor
1147 </para>
1148 </listitem>
1149 </itemizedlist>
1150 </para>
1151 </sect2>
15c7a99d 1152
d8d0bb8f
BH		 1153 <sect2 id="changelog-2-9-15"><title>Version 2.9.15</title>
1154 <para>
1155 This release fixes up some of the shortcomings in 2.9.14, and adds some new features too.
1156 </para>
1157 <para>
1158 Bugfixes:
1159 <itemizedlist>
1160 <listitem>
1161 <para>
1162 <command>allow-recursion-override</command> was on by default, it was meant to be off.
1163 </para>
1164 </listitem>
1165 <listitem>
1166 <para>
1167 Logging was still off in daemon mode, fixed.
1168 </para>
1169 </listitem>
1170 <listitem>
1171 <para>
1172 debian/rules forgot to build an sqllite package
1173 </para>
1174 </listitem>
1175 <listitem>
1176 <para>
1177 Recursor accidentally linked in MySQL - this was the result of an experiment with a persistent recursor cache.
1178 </para>
1179 </listitem>
1180 <listitem>
1181 <para>
1182 The PowerDNS recursor had stability problems. It now sorts nameservers (roughly) by responsiveness. The 'roughly' part
1183 upset the sorting algorithm used, the speeds being sorted on changed during sorting.
1184 </para>
1185 </listitem>
1186 <listitem>
1187 <para>
1188 The recursor now outputs the nameserver average response times in trace mode
1189 </para>
1190 </listitem>
1191 <listitem>
1192 <para>
1193 LDAP compiles again.
1194 </para>
1195 </listitem>
1196 </itemizedlist>
1197 </para>
1198 <para>
1199 Improvements:
1200 <itemizedlist>
1201 <listitem>
1202 <para>
1203 zone2sql can now accept <filename>-</filename> as a filename which causes it to read stdin. This allows the following
1204 to work: <command>dig axfr ds9a.nl | zone2sql --gmysql --zone=- | mysql pdns</command>, which is a nice way to
1205 import a zone.
1206 </para>
1207 </listitem>
1208 <listitem>
1209 <para>
1210 zone2sql now ignores duplicate SOA records which are identical - which also makes the above possible.
1211 </para>
1212 </listitem>
1213 <listitem>
1214 <para>
1215 Remove libpqpp dependencies - since we now use the native C API for PostgreSQL
1216 </para>
1217 </listitem>
1218 </itemizedlist>
1219 </para>
1220 </sect2>
1221 <sect2 id="changelog-2-9-14"><title>Version 2.9.14</title>
eefd15f9
BH		 1222 <para>
1223 Big release with the fix for the all important 2^30 seconds problem and a lot of other news.
1224 </para>
1225 <para>
1226 <itemizedlist>
1227 <listitem>
1228 <para>
1229 errno problems would cause compilation problems when using LDAP (Norbert Sendetzky)
1230 </para>
1231 </listitem>
1232 <listitem>
1233 <para>
1234 The Generic SQL backend could cause crashes on PostgreSQL when using pdns_control notify (Georg Bauer)
1235 </para>
fe1ce82e
BH		 1236 </listitem>
1237 <listitem>
1238 <para>
1239 Debian compatible init.d script (Wichert Akkerman)
1240 </para>
1241 </listitem>
eefd15f9
BH		 1242 <listitem>
1243 <para>
1244 If using the master or slave features, pdns had the notion of eternity ending in 2038, except that due
1245 to a thinko, eternity ended out to be the 10th of January 2004. This caused a loop to timeout immediately.
1246 Many thanks to Jasper Spaans for spotting the bug within five minutes.
1247 </para>
1248 </listitem>
1249 <listitem>
1250 <para>
fe1ce82e 1251 Parts of the SOA field were not cannonicalized
eefd15f9
BH		 1252 </para>
1253 </listitem>
1254 <listitem>
1255 <para>
1256 The loglevel could in fact cause nothing to be logged (Norbert Sendetzky)
1257 </para>
1258 </listitem>
1259 </itemizedlist>
1260 </para>
1261 <para>
1262 Improvements:
1263 <itemizedlist>
1264 <listitem>
1265 <para>
1266 The recursor now chooses the fastest nameserver, which causes a big speedup!
1267 </para>
1268 </listitem>
1269 <listitem>
1270 <para>
1271 LDAP now has different lookup models
1272 </para>
1273 </listitem>
1274 <listitem>
1275 <para>
1276 Cleanups, better load distribution, better exception handling, zone2ldap improvements
1277 </para>
1278 </listitem>
1279 <listitem>
1280 <para>
1281 The recursor was somewhat chatty about TCP connections
1282 </para>
1283 </listitem>
1284 <listitem>
1285 <para>
1286 PostgreSQL now only depends on the C API and not on the deprecated C++ one
1287 </para>
1288 </listitem>
1289 <listitem>
1290 <para>
1291 PowerDNS can now fully overrule external zones when doing recursion. See <xref linkend="recursion">.
1292 </para>
1293 </listitem>
1294 </itemizedlist>
1295 </para>
1296 </sect2>
1297 <sect2 id="changelog-2-9-13"><title>Version 2.9.13</title>
e1d03bb0 1298 <para>
8d69ac3a
BH		 1299 Big news! Windows is back! Our great friend Michel Stol found the time to update the PowerDNS code so it works
1300 again under windows.
1301 </para>
eb66c805
BH		 1302 <para>
1303 Furthermore, big thanks go out to Dell who quickly repaired my trusty <ulink url="http://ds9a.nl/dell-d800">laptop</ulink>.
1304 </para>
8d69ac3a
BH		 1305 <para>
1306 His changes:
1307 <itemizedlist>
1308 <listitem>
1309 <para>
1310 Generic SQLite support added
1311 </para>
1312 </listitem>
1313 <listitem>
1314 <para>
1315 Removed the ODBC backend, replaced it by the Generic ODBC Backend, which has all the cool configurability
1316 of the Generic MySQL and PostgreSQL backends.
1317 </para>
1318 </listitem>
1319 <listitem>
1320 <para>
1321 The PowerDNS Recursor now runs as a Service. It defaults to running on port 5300, PowerDNS itself is configured
1322 to expect the Recursor on port 5300 now.
1323 </para>
1324 </listitem>
1325 <listitem>
1326 <para>
1327 The PowerDNS Service is now known as 'PowerDNS' to Windows.
1328 </para>
1329 </listitem>
1330 <listitem>
1331 <para>
1332 The Installer was redone, this time with <ulink url="http://nsis.sf.net">NSIS2</ulink>.
1333 </para>
1334 </listitem>
1335 <listitem>
1336 <para>
1337 General updates and fixes.
1338 </para>
1339 </listitem>
1340 </itemizedlist>
1341 </para>
1342 <para>
1343 Other news:
e1d03bb0 1344 </para>
9d2d3364
BH		 1345 <para>
1346 <note>
1347 <para>
1348 There appears to be a problem with PowerDNS on Red Hat 7.3 with GCC 2.96 and self-compiled binaries. The symptoms are
1349 that PowerDNS works on the foreground but fails as a daemon. We're working on it.
1350 </para>
1351 <para>
1352 If you do note problems, let the list know, if you don't, please do so as well. Tell us if you use the RPM or
1353 compiled yourself.
1354 </para>
1355 <para>
1356 It is known that not compiling in MySQL support helps solve the problem, but then you don't have MySQL.
1357 </para>
1358 </note>
eb66c805
BH		 1359 </para>
1360 <para>
1361 There have been a number of reports on MySQL connections being dropped on FreeBSD 4.x, which sometimes causes PowerDNS to give up and reload itself.
1362 To combat this, MySQL error messages have been improved in some places in hopes of figuring out what is up. The initial indication is
1363 that MySQL itself sometimes terminates the connection and, amazingly, that switching to a Unix domain socket instead of TCP solves
1364 the problem.
1365 </para>
e1d03bb0
BH		 1366 <para>
1367 Bug fixes:
1368 <itemizedlist>
1369 <listitem>
1370 <para>
1371 <command>allow-axfr-ips</command> did not work for individual IP addresses (bug &amp; fix by Norbert Sendetzky)
1372 </para>
1373 </listitem>
1374 </itemizedlist>
1375 </para>
1376
1377 <para>
1378 Improvements:
1379 <itemizedlist>
1380 <listitem>
1381 <para>
1382 Opteron support! Thanks to Jeff Davey for providing a shell on an Opteron. The fixes should
1383 also help PowerDNS on other platforms with a 64 bit userspace.
1384 </para>
1385 <para>
1386 Btw, the PowerDNS team has a strong desire for an Opteron :-)
1387 </para>
1388 </listitem>
1389 <listitem>
1390 <para>
1391 pdns_recursor jumbles answers now. This means that you can do poor man's roundrobin
1392 by supplying multiple A, MX or AAAA records for a service, and get a random one on top
1393 each time. Interestingly, this feature appeared out of nowhere, this change was made to the
1394 authoritative code but due to the wonders of code-reuse had an effect on pdns_recursor too.
1395 </para>
1396 </listitem>
1397 <listitem>
1398 <para>
1399 Big LDAP cleanup. Support for TLS was added. Zone2LDAP also gained the ability to
1400 generate ldif files containing a tree or a list of entries. (Norbert Sendetzky)
1401 </para>
1402 </listitem>
1403 <listitem>
1404 <para>
1405 Zone2sql is now somewhat clearer when reporting malformed line errors - it did not always
1406 include the name of the file causing a problem, especially for big installations. Problem noted
1407 by Thom May.
1408 </para>
1409 </listitem>
1410 <listitem>
1411 <para>
1412 pdns_recursor now survives the expiration of all its root records, most often caused by prolonged
1413 disconnection from the net.
1414 </para>
1415 </listitem>
1416 </itemizedlist>
1417 </para>
1418 </sect2>
1419
15c7a99d 1420 <sect2 id="changelog-2-9-12"><title>Version 2.9.12</title>
e1d03bb0 1421 <para>
15c7a99d
BH		 1422 Release rich in features. Work on Verisign oddities, addition of SQLite backend, pdns_recursor maturity.
1423 </para>
1424 <para>
1425 New features:
1426 <itemizedlist>
1427 <listitem>
1428 <para>
1429 --version command (requested by Mike Benoit)
1430 </para>
1431 </listitem>
1432 <listitem>
1433 <para>
cd553f6c 1434 delegation-only, a Verisign special.
15c7a99d
BH		 1435 </para>
1436 </listitem>
1437 <listitem>
1438 <para>
fededf47 1439 Generic <ulink url="http://www.sqlite.org">SQLite</ulink> support, by Michel 'Who da man?' Stol. See <xref linkend="gsqlite">.
15c7a99d
BH		 1440 </para>
1441 </listitem>
1442 <listitem>
1443 <para>
1444 init.d script for pdns_recursor
1445 </para>
1446 </listitem>
1447 <listitem>
1448 <para>
1449 Recursor now actually purges its cache, saving memory.
1450 </para>
1451 </listitem>
dd233db7
BH		 1452 <listitem>
1453 <para>
1454 Slave configuration now no longer falls over when presented with a NULL master
1455 </para>
1456 </listitem>
1457 <listitem>
1458 <para>
1459 Bindbackend2 now has supermaster support (Mark Bergsma, untested)
1460 </para>
1461 </listitem>
1462 <listitem>
1463 <para>
642e1a27
BH		 1464 Answers are now shuffled! It turns out a few recursors don't do shuffling (pdns_recursor, djbdns), so we do it now. Requested by Jorn Ekkelenkamp of ISP-Services. This means that if you have
1465 multiple IP addresses for one host, they will be returned in differing order every once in a while.
dd233db7
BH		 1466 </para>
1467 </listitem>
15c7a99d
BH		 1468 </itemizedlist>
1469 </para>
1470 <para>
1471 Bugs:
1472 </para>
1a47fd7c 1473 <para>
15c7a99d
BH		 1474 <itemizedlist>
1475 <listitem>
1476 <para>
1477 0.0.0.0/0 didn't use to work (Norbert Sendetzky)
1478 </para>
1479 </listitem>
1480 <listitem>
1481 <para>
1482 pdns_recursor would try to resolve IP address which to bind to, potentially causing chicken/egg problem
1483 </para>
1484 </listitem>
1485 <listitem>
1486 <para>
1487 gpgsql no longer reports as gmysql (Sherwin Daganoto)
1488 </para>
1489 <listitem>
1490 <para>
1491 SRV would not be parsed right from disk (Christof Meerwald)
1492 </para>
1493 </listitem>
1494 <listitem>
1495 <para>
1496 An AXFR from a zone hosted on the LDAP backend no longer transmits all the reverse entries too (Norbert Sendetzky)
1497 </para>
1498 </listitem>
dd233db7
BH		 1499 <listitem>
1500 <para>
1501 PostgreSQL backend now does error checking. It would be a bit too trusting before.
1502 </para>
1503 </listitem>
15c7a99d
BH		 1504 </itemizedlist>
1505 </para>
1506 <para>
1507 Improvements, cleanups:
1508 <itemizedlist>
1509 <listitem>
1510 <para>
1511 PowerDNS now reports the numerical IP addresses it binds to instead of the, possibly, alphanumeric names the operator passed.
1512 </para>
1513 </listitem>
1514 <listitem>
1515 <para>
1516 Removed only-soa hackery (noticed by Norbert Sendetzky)
1517 </para>
1518 </listitem>
1519 <listitem>
1520 <para>
1521 Debian packaging fixes (Wichert Akkerman)
1522 </para>
1523 </listitem>
1524 <listitem>
1525 <para>
1526 Some parameter descriptions were improved.
1527 </para>
1528 </listitem>
1529 <listitem>
1530 <para>
1531 Cleanups by Norbert: getAuth moved to chopOff, arguments::contains massive cleanup, more.
1532 </listitem>
1533 </itemizedlist>
1534 </sect2>
1535
1536 <sect2 id="changelog-2-9-11"><title>Version 2.9.11</title>
1537 <para>
1a47fd7c
BH		 1538 Yet another iteration, hopefully this will be the last silly release.
1539 <para>
1540 <warning>
1541 <para>
1542 There has been a change in behaviour whereby <command>disable-axfr</command> does what it means now! From now
1543 on, setting <command>allow-axfr-ips</command> automatically disables AXFR from unmentioned subnets.
1544 </para>
1545 </warning>
1546 </para>
1547 <para>
1548 This release enables AXFR again, <command>disable-axfr</command> did the opposite of what it claimed. Furthermore, the pdns_recursor now cleans its cache, which should save some memory in the long run. Norbert contributed some small LDAP work which should come in useful in the future.
1549 </para>
1550 </sect2>
dcf9bd8f 1551 <sect2 id="changelog-2-9-10"><title>Version 2.9.10</title>
318c3ec6 1552 <para>
dcf9bd8f
BH		 1553 Small bugfixes, LDAP update. Released 3rd of July 2003. Apologies for the long delay, real life keeps interfering.
1554 </para>
1555 <para>
1556 <warning>
1557 <para>
1558 Do not use or try to use 2.9.9, it was a botched release!
1559 </para>
1560 </warning>
1561 </para>
1562 <para>
1563 <warning>
1564 <para>
1565 There has been a change in behaviour whereby <command>disable-axfr</command> does what it means now! From now
1566 on, setting <command>allow-axfr-ips</command> automatically disables AXFR from unmentioned subnets.
1567 </para>
1568 </warning>
318c3ec6
BH		 1569 </para>
1570 <para>
1571 <itemizedlist>
1572 <listitem>
1573 <para>
dcf9bd8f 1574 2.9.8 was prone to crash on adding additional records. Thanks to excellent debugging by PowerDNS users worldwide, the bug was found
318c3ec6
BH		 1575 quickly and is in fact present in all earlier PowerDNS releases, but for some reason doesn't cause crashes there.
1576 </para>
1577 </listitem>
1578 <listitem>
1579 <para>
1580 Notifications now jump in front of the queue of domains that need to be checked for changes, giving much greater perceived performance.
1581 This is needed if you have tens of thousands of slave domains and your master server is on a high latency link. Thanks to Mark Jeftovic
1582 of EasyDNS for suggesting this change and testing it on their platform.
1583 </para>
1584 </listitem>
1585 <listitem>
1586 <para>
1587 Dean Mills reported that PowerDNS does confusing logging about changing GIDs and UIDs, fixed. Cosmetic only.
1588 </para>
1589 </listitem>
1590 <listitem>
1591 <para>
dcf9bd8f 1592 pdns_recursor may have logged empty lines for some users, fixed. Solution suggested by Norbert Sendetzky.
318c3ec6
BH		 1593 </para>
1594 </listitem>
1595 <listitem>
1596 <para>
dcf9bd8f
BH		 1597 LDAP: DNS TTLs were random values (Norbert Sendetzky, Stefan Pfetzing). New <command>ldap-default-ttl</command>
1598 option.
1599 </para>
1600 </listitem>
1601 <listitem>
1602 <para>
1603 LDAP: Now works with OpenLDAP 2.1 (Norbert Sendetzky)
318c3ec6
BH		 1604 </para>
1605 </listitem>
1606 <listitem>
1607 <para>
1608 LDAP: error handling for invalid MX records implemented (Norbert Sendetzky)
1609 </para>
1610 </listitem>
1611 <listitem>
1612 <para>
1613 LDAP: better exception handling (Norbert Sendetzky)
1614 </para>
1615 </listitem>
1616 <listitem>
1617 <para>
1618 LDAP: code cleanup of lookup() (Norbert Sendetzky)
1619 </para>
1620 </listitem>
dcf9bd8f
BH		 1621 <listitem>
1622 <para>
1623 LDAP: added support for scoped searches (Norbert Sendetzky)
1624 </para>
1625 </listitem>
318c3ec6
BH		 1626 </itemizedlist>
1627 </sect2>
4aeebd85 1628 <sect2 id="changelog-2-9-8"><title>Version 2.9.8</title>
9c495589 1629 <para>
4aeebd85 1630 Queen's day release! 30th of April 2003.
9c495589
BH		 1631 </para>
1632 <para>
4aeebd85
BH		 1633 Added support for AIX, fixed negative SOA caching. Some other cleanups. Not a major release but enough reasons to upgrade.
1634 </para>
1635 <para>
1636 Bugs fixed:
1637 <itemizedlist>
1638 <listitem>
1639 <para>
1640 Recursor had problems expiring negatively cached entries, which wasted memory and also led to the continued non-existence of
1641 hosts that since had come into existence.
1642 </para>
1643 </listitem>
1644 <listitem>
1645 <para>
1646 The Generic SQL backends did not lowercase the names of records, which led to new records not being found by case sensitive
1647 databases (notably PostgreSQL). Found by Volker Goetz.
1648 </para>
1649 </listitem>
1650 <listitem>
1651 <para>
1652 NS queries for zones for which we did not carry authority, but only had delegation information, had their NS records in the
1653 wrong section. Minor detail, but a standards violation on etheless. Spotted by Stephane Bortzmeyer.
1654 </para>
1655 </listitem>
1656 </itemizedlist>
1657 </para>
1658 <para>
1659 Improvements:
1660 <itemizedlist>
1661 <listitem>
1662 <para>
1663 Removed crypt.h dependency from powerldap.hh, which was a problem on some platforms (Richard Arends)
1664 </para>
1665 </listitem>
1666 <listitem>
1667 <para>
1668 PowerDNS can't parse so called binary labels which we now detect and ignore, after printing a warning.
1669 </para>
1670 </listitem>
1671 <listitem>
1672 <para>
1673 Specifying allow-axfr-ips now automatically disables AXFR for all non-mentioned addresses.
1674 </para>
1675 </listitem>
1676 <listitem>
1677 <para>
1678 A Solaris ready init.d script is now part of the tar.gz (contributed, but I lost by whom).
1679 </para>
1680 </listitem>
1681 <listitem>
1682 <para>
1683 Added some fixes to PowerDNS can work on AIX (spotted by Markus Heimhilcher).
1684 </para>
1685 </listitem>
1686 <listitem>
1687 <para>
1688 Norbert Sendetzky contributed <filename>zone2ldap</filename>.
1689 </para>
1690 </listitem>
1691 <listitem>
1692 <para>
1693 Everybody's favorite compiler warning from <filename>zone2sql.cc</filename> was removed!
1694 </para>
1695 </listitem>
1696 <listitem>
1697 <para>
1698 Recursor now listens on TCP!
1699 </para>
1700 </listitem>
1701 </itemizedlist>
9c495589
BH		 1702 </para>
1703 </sect2>
1704
ffd62047 1705 <sect2 id="changelog-2-9-7"><title>Version 2.9.7</title>
016e4ae9
BH		 1706 <para>
1707 Released on 2003-03-20.
1708 </para>
ffd62047
BH		 1709 <para>
1710 This is a sweeping release in the sense of cleanup. There are some new features but mostly a lot of cleanup going on. Hiding inside is the
016e4ae9
BH		 1711 <filename>bind2backend</filename>, the next generation of the bind backend. A work in progress. Those of you with overlapping zones,
1712 as mentioned in the changelog of 2.9.6, are invited to check it out by replacing <command>launch=bind</command>
1713 by <command>launch=bind2</command> and renaming all <command>bind-</command> parameters to
1714 <command>bind2-</command>. Be aware that if you run with many small zones, this backend is faster, but if you run with a few large ones, it is slower. This will improve.
ffd62047
BH		 1715 </para>
1716 <para>
1717 Features:
1718 <itemizedlist>
1719 <listitem>
1720 <para>
016e4ae9 1721 Mark Bergsma contributed <command>query-local-address</command> which allows the operator to select which source address to
ffd62047
BH		 1722 use. This is useful on servers with multiple source addresses and the operating system selecting an unintended one, leading to
1723 remotes denying access.
1724 </para>
1725 </listitem>
1726 <listitem>
1727 <para>
1728 PowerDNS can now perform AAAA additional processing optionally, turned on by setting <command>do-ipv6-additional-processing</command>.
1729 Thanks to Stephane Bortzmeyer for pointing out the need.
1730 </para>
1731 </listitem>
016e4ae9
BH		 1732 <listitem>
1733 <para>
1734 Bind2backend, which is almost in compliance with the new IETF AXFR-clarify (some would say
1735 'redefinition') draft.
1736 </para>
1737 <para>
1738 This backend is not ready for primetime but you may want to try it if you currently have overlapping
1739 zones and note problems. An overlapping zone would be having "ipv6.powerdns.com" and "powerdns.com" zones
1740 on one server.
1741 </para>
1742 </listitem>
ffd62047
BH		 1743 </itemizedlist>
1744 </para>
1745 <para>
1746 Improvements:
1747 <itemizedlist>
1748 <listitem>
1749 <para>
1750 Zone2sql would happily try to read from a directory and not give a useful error about this.
1751 </para>
1752 </listitem>
1753 <listitem>
1754 <para>
1755 PowerDNS now reports the case where it can't figure out any IP address of slave nameservers for a zone
1756 </para>
1757 </listitem>
1758 <listitem>
1759 <para>
1760 Removed <command>receiver-threads</command> setting which was experimental and in fact only made things worse.
1761 </para>
1762 </listitem>
1763 <listitem>
1764 <para>
1765 LDAP backend updates from its author Norbert Sendetzky. Reverse lookups should work now too.
1766 </para>
1767 </listitem>
1768 <listitem>
1769 <para>
1770 An error message about unparseable packets did not include the originating IP address (fixed by Mark Bergsma)
1771 </para>
1772 </listitem>
1773 <listitem>
1774 <para>
1775 PowerDNS can now be started via path resolution while running with a guardian. Suggested by Maurice Nonnekes.
1776 </para>
1777 </listitem>
1778 <listitem>
1779 <para>
1780 <filename>pdns_recursor</filename> moved to <filename>sbin</filename> (reported by Norbert Sendetzky)
1781 </para>
1782 </listitem>
1783 <listitem>
1784 <para>
1785 Retuned some logger errorlevels, a lot of master/slave chatter was logged as 'Error'. Reported by Willem de Groot.
1786 </para>
1787 </listitem>
1788 </itemizedlist>
1789 </para>
1790 <para>
1791 Bugs fixed:
1792 <itemizedlist>
1793 <listitem>
1794 <para>
1795 <filename>zone2sql</filename> did not remove trailing dots in SOA records.
1796 </para>
1797 </listitem>
1798 <listitem>
1799 <para>
1800 ldapbackend did not include <filename>utility.hh</filename> which caused compilation problems on Solaris (reported by Remco Post)
1801 </para>
1802 </listitem>
1803 <listitem>
1804 <para>
1805 <filename>pdns_control</filename> could leave behind remnants in case PowerDNS was not running (reported by dG)
1806 </para>
1807 </listitem>
1808 <listitem>
1809 <para>
1810 Incoming AXFR did not work on Solaris and other big-endian systems (Willem de Groot helped debugging this long standing problem).
1811 </para>
1812 </listitem>
1813 <listitem>
1814 <para>
1815 Recursor could crash on convoluted CNAME loops. Thanks to Dan Faerch for delivering coredumps.
1816 </para>
1817 </listitem>
1818 <listitem>
1819 <para>
1820 Silly 'wuh' debugging output in zone2sql and bindbackend removed (spotted by Ivo van der Wijk)
1821 </para>
1822 </listitem>
1823 <listitem>
1824 <para>
1825 Recursor neglected to differentiate between negative cache of NXDOMAIN and NOERROR, leading to problems
1826 with IPv6 enabled Windows clients. Thanks to Stuart Walsh for reporting this and testing the fix.
1827 </para>
1828 </listitem>
1829 <listitem>
1830 <para>
1831 PowerDNS set the 'aa' bit on serving NS records in a zone for which it was authoritative. Most implementations
1832 drop the 'aa' bit in this case and Stephane Bortzmeyer informed us of this. PowerDNS now also drops the 'aa'
1833 bit in this case.
1834 </para>
1835 </listitem>
016e4ae9
BH		 1836 <listitem>
1837 <para>
1838 The webserver tended to fail after prolonged operation on FreeBSD, this was due to an uninitialised timeout, other platforms were lucky. Thanks to G.P. de Boer for helping debug this.
1839 </para>
1840 </listitem>
ffd62047
BH		 1841 <listitem>
1842 <para>
1843 getAnswers() in dnspacket.cc could be forced to read bytes beyond the end of the packet, leading to crashes in the
1844 PowerDNS recursor. This is an ongoing project that needs more work. Reported by Dan Faerch, with a coredump proving the problem.
1845 </para>
1846 </listitem>
1847 </itemizedlist>
1848 </para>
1849 </sect2>
1850
c4bee46c
BH		 1851 <sect2 id="changelog-2-9-6"><title>Version 2.9.6</title>
1852 <para>
b5502fb4 1853 Two new backends - Generic ODBC (windows only) and LDAP. Furthermore, a few important bugs have been fixed which may have hampered sites seeing a lot of
c4bee46c
BH		 1854 outgoing zonetransfers. Additionally, the pdns recursor now has 'query throttling' which is pretty cool. In short this makes sure that PowerDNS
1855 does not send out heaps of queries if a nameserver is unable to provide an answer. Many operators of authoritative setups are all too aware of
1856 recursing nameservers that hammer them for zones they don't have, PowerDNS won't do that anymore now, no matter what clients request of it.
1857 </para>
1858 <para>
1859 <warning>
1860 <para>
1861 There is an unresolved issue with the BIND backend and 'overlapping' slave zones. So if you have 'example.com' and also have a separate
1862 slave zone called 'external.example.com', things may go wrong badly. Thanks to Christian Laursen for working with us a lot in finding
1863 this issue. We hope to resolve it soon.
1864 </para>
1865 </warning>
1866 <para>
1867 <itemizedlist>
1868 <listitem>
1869 <para>
1870 BIND Backend now honours notifies, code to support this was accidentally left out. Thanks to Christian Laursen for noticing this.
1871 </para>
1872 </listitem>
1873 <listitem>
1874 <para>
1875 Massive speedup for those of you using the slightly deprecated MBOXFW records. Thanks to Jorn of <ulink url="http://www.ISP-Services.nl">
1876 ISP Services</ulink> for helping and testing this improvement.
1877 </para>
1878 </listitem>
1879 <listitem>
1880 <para>
1881 $GENERATE had an off-by-one bug where it would omit the last record to be generated (Christian Laursen)
1882 </para>
1883 </listitem>
1884 <listitem>
1885 <para>
1886 Simultaneous AXFRs may have been problematic on some backends. Thanks to Jorn of ISP-Services again for helping us resolve this issue.
1887 </para>
1888 </listitem>
1889 <listitem>
1890 <para>
1891 Added LDAP backend by Norbert Sendetzky, see <xref linkend="ldap">.
1892 </para>
1893 </listitem>
1894 <listitem>
1895 <para>
b5502fb4 1896 Added Generic ODBC backend for Windows by Michel Stol.
c4bee46c
BH		 1897 </para>
1898 </listitem>
1899 <listitem>
1900 <para>
1901 Simplified 'out of zone data' detection in incoming AXFR support, hopefully removing a case sensitivity bug there. Thanks again
1902 to Christian Laursen for reporting this issue.
1903 </para>
1904 </listitem>
1905 <listitem>
1906 <para>
1907 $include in-zonefile was broken under some circumstances, losing the last character of a filename. Thanks to Joris Vandalon for noticing this.
1908 </para>
1909 </listitem>
1910 <listitem>
1911 <para>
1912 The zoneparser was more case-sensitive than BIND, refusing to accept 'in' as well as 'IN'. Thanks to Joris Vandalon for noticing this.
1913 </para>
1914 </listitem>
1915 </itemizedlist>
1916 </para>
1917 </sect2>
4a4dd34e
BH		 1918 <sect2 id="changelog-2-9-5"><title>Version 2.9.5</title>
1919 <para>
1920 Released on 2002-02-03.
1921 </para>
b636533b
BH		 1922 <para>
1923 This version is almost entirely about recursion with major changes to both the pdns recursor, which is renamed to
1924 '<filename>pdns_recursor</filename>' and to the main PowerDNS binary to make it interact better with the recursing component.
1925 </para>
1926 <para>
1927 Sadly, due to <ulink url="http://sources.redhat.com/ml/libc-alpha/2003-01/msg00245.html">technical reasons</ulink>, compiling
1928 the pdns recursor and pdns authoritative nameserver into one binary is not immediately possible. During the release of 2.9.4 we
1929 stated that the recursing nameserver would be integrated in the next release - this won't happen now.
1930 </para>
1931 <para>
1932 However, this turns out to not be that bad at all. The recursor can now be restarted without having to restart the rest of the nameserver,
1933 for example. Cooperation between the both halves of PDNS is also almost seamless. As a result, 'non-lazy recursion' has been dropped. See
1934 <xref linkend="recursion"> for more details.
1935 </para>
c75a6a9e 1936 <para>
24a18a4b
BH		 1937 Furthermore, the recursor only works on Linux, Windows and Solaris (not entirely). FreeBSD does not support the required functions.
1938 If you know any important FreeBSD people, plea with them to support set/get/swapcontext! Alternatively, FreeBSD coders could read
1939 the solution presented here <ulink url="http://www.eng.uwaterloo.ca/~ejones/software/threading.html">in figure 5</ulink>.
c75a6a9e 1940 </para>
b636533b
BH		 1941 <para>
1942 The 'Contributor of the Month' award goes to Mark Bergsma who has responded to our plea for help with the label compressor and contributed
d3491d5a
BH		 1943 a wonderfully simple and right fix that allows PDNS to compress just as well as Other namerervers out there. An honorary mention goes to
1944 Ueli Heuer who, despite having no C++ experience, submitted an excellent SRV record implementation.
b636533b 1945 </para>
24a18a4b
BH		 1946 <para>
1947 Excellent work was also performed by Michel Stol, the Windows guy, in fixing all our non-portable stuff again. Christof Meerwald has also done
1948 wonderful work in porting MTasker to Windows, which was then used by Michel to get the recursor functioning on Windows.
1949 </para>
b636533b
BH		 1950 <para>
1951 Other changes:
1952 <itemizedlist>
1953 <listitem>
1954 <para>
1955 dnspacket.cc was cleaned up by factoring out common operations
1956 </para>
1957 </listitem>
1958 <listitem>
1959 <para>
1960 Heaps of work on the recursing nameserver. Has now achieved *days* of uptime!
1961 </para>
1962 </listitem>
1963 <listitem>
1964 <para>
1965 Recursor renamed from syncres to <filename>pdns_recursor</filename>
1966 </para>
1967 </listitem>
1968 <listitem>
1969 <para>
1970 PowerDNS can now serve records it does not know about. To benefit from this slightly undocumented feature, add
1971 1024 to the numerical type of a record and include the record in binary form in your database. Used internally by the
1972 recursing nameserver but you can use it too.
1973 </para>
1974 </listitem>
1975 <listitem>
1976 <para>
1977 PowerDNS now knows about SIG and KEY records *names*. It does not support them yet but can at least report so now.
1978 </para>
1979 </listitem>
1980 <listitem>
1981 <para>
1982 HINFO records can now be transferred from a master to PowerDNS (thanks to Ueli Heuer for noticing it didn't work).
1983 </para>
1984 </listitem>
1985 <listitem>
1986 <para>
1987 Yet more UltraSPARC alignment issues fixed (Chris Andrews).
1988 </para>
1989 </listitem>
c75a6a9e
BH		 1990 <listitem>
1991 <para>
4a4dd34e
BH		 1992 Dropped non-lazy recursion, nobody was using it. Lazy recursion became even more lazy after Dan Bernstein pointed out that additional
1993 processing is not vital, so PowerDNS does its best to do additional processing on recursive queries, but does not scream murder if it does
1994 not succeed. Due to caching, the next identical query will be successfully additionally processed.
c75a6a9e
BH		 1995 </para>
1996 </listitem>
d3491d5a
BH		 1997 <listitem>
1998 <para>
1999 Label compression was improved so we can now fit all . records in 436 bytes, this used to be 460! (Code &amp; formal
2000 proof of correctness by Mark Bergsma).
2001 </para>
2002 </listitem>
2003 <listitem>
2004 <para>
2005 SRV support (incoming and outgoing), submitted by Ueli Heuer.
2006 </para>
2007 </listitem>
c75a6a9e
BH		 2008 <listitem>
2009 <para>
2010 Generic backends do not support SOA serial autocalculation, it appears. Could lead to random SOA serials in case
2011 of a serial of 0 in the database. Fixed so that 0 stays zero in that case. Don't set the SOA serial to 0 when using
2012 Generic MySQL or Generic PostgreSQL!
2013 </para>
2014 </listitem>
24a18a4b
BH		 2015 <listitem>
2016 <para>
2017 J root-server address was updated to its new location.
2018 </para>
2019 </listitem>
2020 <listitem>
2021 <para>
4a4dd34e 2022 SIGUSR1 now forces the recursor to print out statistics to the log.
24a18a4b
BH		 2023 </para>
2024 </listitem>
2025 <listitem>
2026 <para>
2027 Meaning of recursor logging was changed a bit - a cache hit is now a question that was answered with 0 outgoing packets needed. Used to
2028 be a weighted average of internal cache hits.
2029 </para>
2030 </listitem>
2031 <listitem>
2032 <para>
2033 MySQL compilation did not include -lz which causes problems on some platforms. Thanks to James H. Cloos Jr for reporting this.
2034 </para>
2035 </listitem>
2036 <listitem>
2037 <para>
2038 After a suggestion by Daniel Meyer and Florus Both, the built in webserver now reports the configuration name when multiple PowerDNS
2039 instances are active.
2040 </para>
2041 </listitem>
2042 <listitem>
2043 <para>
2044 Brad Knowles noticed that zone2sql had problems with the root.zone, fixed. This also closes some other zone2sql annoyances with converting
2045 single zones.
2046 </para>
2047 </listitem>
2048
b636533b
BH		 2049 </itemizedlist>
2050 </para>
2051 </sect2>
20177d1d
BH		 2052 <sect2 id="changelog-2-9-4"><title>Version 2.9.4</title>
2053 <para>
2054 Yet another grand release. Big news is the addition of a recursing nameserver which has sprung into existence
2055 over the past week. It is in use on several computers already but it is not ready for prime time. Complete integration
2056 with PowerDNS is expected around 2.9.5, for now the recursor is a separate program.
2057 </para>
2058 <para>
2059 In preliminary tests, the recursor appears to be four times faster than BIND 9 on a naive benchmark starting from a cold cache. BIND 9
2060 managed to get through to some slower nameservers however, which were given up on by PowerDNS. We will continue to tune the recursor.
2061 See <xref linkend="built-in-recursor"> for further details.
2062 </para>
2063 <para>
2064 The BIND Backend has also been tested (see the <command>bind-domain-status</command> item below) rather heavily by several parties. After some
2065 discussion online, one of the BIND authors ventured that the newsgroup comp.protocols.dns.bind may now in fact be an appropriate venue
2066 for discussing PowerDNS. Since this discussion, traffic to the PowerDNS pages has increased sixfold and shows no signs of slowing down.
2067 </para>
2068 <para>
2069 From this, it is apparent that far more people are interested in PowerDNS than yet know about it. So spread the word!
2070 </para>
2071 <para>
0d8612f2
BH		 2072 In other news, we now have a security page at <xref linkend="security-policy">. Furthermore, Maurice Nonnekes contributed an OpenBSD
2073 port! See <ulink url="http://www.codeninja.nl/openbsd/powerdns/">his page</ulink> for more details!
20177d1d
BH		 2074 </para>
2075 <para>
2076 New features and improvements:
2077 <itemizedlist>
2078 <listitem>
2079 <para>
2080 All SQL queries in the generic backends are now available for configuration. (Martin Klebermass/bert hubert).
2081 See <xref linkend="generic-mypgsql-backends">.
2082 </para>
2083 </listitem>
2084 <listitem>
2085 <para>
2086 A recursing nameserver! See <xref linkend="built-in-recursor">.
2087 </para>
2088 </listitem>
2089 <listitem>
2090 <para>
2091 An incoming AXFR now only starts a backend zone replacement transaction after the first record arrived successfully, thus making
2092 sure no work is done when a remote nameserver is unable/unwilling to AXFR a zone to us.
2093 </para>
2094 </listitem>
2095 <listitem>
2096 <para>
2097 Zoneparser error messages were improved slightly (thanks to Stef van Dessel for spotting this shortcoming)
2098 </para>
2099 </listitem>
2100 <listitem>
2101 <para>
2102 XS4ALL's Erik Bos checked how PowerDNS reacted to a BIND installation with almost 60.000 domains, some of which
2103 with >100.000 records, and he discovered the pdns_control <command>bind-domain-status</command> command
2104 became very slow with larger numbers of domains. Fixed, 60.000 domains are now listed in under one second.
2105 </para>
2106 </listitem>
2107 <listitem>
2108 <para>
2109 If a remote nameserver disconnects during an incoming AXFR, the update is now rolled back, unless the AXFR was
2110 properly terminated.
2111 </para>
2112 </listitem>
2113 <listitem>
2114 <para>
2115 The migration chapter mentioned the use of deprecated backends.
2116 </para>
2117 </listitem>
2118 </itemizedlist>
2119 </para>
2120 <para>
2121 A tremendous number of bugs were discovered and fixed:
2122 <itemizedlist>
2123 <listitem>
2124 <para>
2125 Zone parser would only accept $include and not $INCLUDE
2126 </para>
2127 </listitem>
2128 <listitem>
2129 <para>
2130 Zone parser had problems with $lines with comments on the end
2131 </para>
2132 </listitem>
2133 <listitem>
2134 <para>
2135 Wildcard ANY queries were broken (thanks Colemarcus for spotting this)
2136 </para>
2137 </listitem>
2138 <listitem>
2139 <para>
2140 A connection failure with the Generic backends would lead to a powerdns reload (cast of many)
2141 </para>
2142 </listitem>
2143 <listitem>
2144 <para>
2145 Generic backends had some semantic problems with slave support. Symptoms were oft-repeated notifications
2146 and transfers (thanks to Mark Bergsma for helping resolve this).
2147 </para>
2148 </listitem>
2149 <listitem>
2150 <para>
2151 Solaris version compiles again. Thanks to Mohamed Lrhazi for reporting that it didn't.
2152 </para>
2153 </listitem>
2154 <listitem>
2155 <para>
2156 Some UltraSPARC alignment fixes. Thanks to Mohamed Lrhazi for being helpful in spotting these.
2157 One problem is still outstanding, Mohamed sent a core dump that tells us where the problem is. Expect the
2158 fix to be in 2.9.5. Volunteers can grep the source for 'UltraSPARC' to find where the problem is.
2159 </para>
2160 </listitem>
2161 <listitem>
2162 <para>
2163 Our support of IPv6 on FreeBSD had phase of moon dependent bugs, fixed by Peter van Dijk.
2164 </para>
2165 </listitem>
2166 <listitem>
2167 <para>
2168 Some crashes of and by pdns_control were fixed, thanks to Mark Bergsma for helping resolve these.
2169 </para>
2170 </listitem>
2171 <listitem>
2172 <para>
2173 Outgoing AXFR in pdns installations with multiple loaded backends was broken (thanks to Stuart Walsh for reporting this).
2174 </para>
2175 </listitem>
2176 <listitem>
2177 <para>
2178 A failed BIND Backend incoming AXFR would block the zone until it succeeded again.
2179 </para>
2180 </listitem>
2181 <listitem>
2182 <para>
2183 Generic PostgreSQL backend wouldn't compile with newer libpq++, fixed by Julien Lemoine/SpeedBlue.
2184 </para>
2185 </listitem>
2186 <listitem>
2187 <para>
2188 Potential bug (not observed) when listening on multiple interfaces fixed.
2189 </para>
2190 </listitem>
2191 <listitem>
2192 <para>
2193 Some typos in manpages fixed (reported by Marco Davids).
2194 </para>
2195 </listitem>
2196 </itemizedlist>
2197 </para>
2198 </sect2>
2199
3529858d
BH		 2200 <sect2 id="changelog-2-9-3"><title>Version 2.9.3a</title>
2201 <para>
2202 <note><para>2.9.3a is identical to 2.9.3 except that zone2sql does work</para></note></para>
973ad2b5 2203 <para>
fafe636c 2204 Broad range of huge improvements. We now have an all-static .rpm and .deb for Linux users and a link to an OpenBSD port.
973ad2b5
BH		 2205 Major news is that work on the Bind backend has progressed to the point that we've just retired our last Bind server and
2206 replaced it with PowerDNS in Bind mode! This server is operating a number of master and slave setups so it should stress the Bind backend
ef1d2f44 2207 somewhat.
973ad2b5 2208 </para>
068c8c1f
BH		 2209 <para>
2210 This version is rapidly approaching the point where it is a better-Bind-than-Bind and nearly a drop-in replacement for authoritative
2211 setups. PowerDNS is now equipped with a powerful
2212 master/slave apparatus that offers a lot of insight and control to the user, even when operating from Bind zonefiles and a
2213 Bind configuration. Observe.
2214 </para>
2215 <para>
2216 After the SOA of ds9a.nl was raised:
2217 <screen>
2218pdns[17495]: All slave domains are fresh
2219pdns[17495]: 1 domain for which we are master needs notifications
2220pdns[17495]: Queued notification of domain 'ds9a.nl' to 195.193.163.3
2221pdns[17495]: Queued notification of domain 'ds9a.nl' to 213.156.2.1
2222pdns[17520]: AXFR of domain 'ds9a.nl' initiated by 195.193.163.3
2223pdns[17520]: AXFR of domain 'ds9a.nl' to 195.193.163.3 finished
2224pdns[17521]: AXFR of domain 'ds9a.nl' initiated by 213.156.2.1
2225pdns[17521]: AXFR of domain 'ds9a.nl' to 213.156.2.1 finished
2226pdns[17495]: Removed from notification list: 'ds9a.nl' to 195.193.163.3 (was acknowledged)
2227pdns[17495]: Removed from notification list: 'ds9a.nl' to 213.156.2.1 (was acknowledged)
2228pdns[17495]: No master domains need notifications
2229 </screen>
2230 If however our slaves would ignore us, as some are prone to do, we can send some additional notifications:
2231 <screen>
2232$ sudo pdns_control notify ds9a.nl
2233Added to queue
2234pdns[17492]: Notification request for domain 'ds9a.nl' received
2235pdns[17492]: Queued notification of domain 'ds9a.nl' to 195.193.163.3
2236pdns[17492]: Queued notification of domain 'ds9a.nl' to 213.156.2.1
2237pdns[17495]: Removed from notification list: 'ds9a.nl' to 195.193.163.3 (was acknowledged)
2238pdns[17495]: Removed from notification list: 'ds9a.nl' to 213.156.2.1 (was acknowledged)
2239 </screen>
2240 Conversely, if PowerDNS needs to be reminded to retrieve a zone from a master, a command is provided:
2241 <screen>
2242$ sudo pdns_control retrieve forfun.net
2243Added retrieval request for 'forfun.net' from master 212.187.98.67
2244pdns[17495]: AXFR started for 'forfun.net', transaction started
2245pdns[17495]: Zone 'forfun.net' (/var/cache/bind/forfun.net) reloaded
2246pdns[17495]: AXFR done for 'forfun.net', zone committed
2247 </screen>
2248 Also, you can force PowerDNS to reload a zone from disk immediately with <command>pdns_control bind-reload-now</command>.
2249 All this happens 'live', per your instructions. Without instructions, the right things also happen, but the operator is in charge.
2250 </para>
2251 <para>
11a45617 2252 For more about all this coolness, see <xref linkend="pdnscontrol"> and <xref linkend="bind-control-commands">.
068c8c1f 2253 </para>
973ad2b5
BH		 2254 <para>
2255 <warning>
2256 <para>
2257 Again some changes in compilation instructions. The hybrid pgmysql backend has been split up into 'gmysql' and 'gpgsql', sharing
2258 a common base within the PowerDNS server itself. This means that you can no longer compile
2259 <command>--with-modules="pgmysql" --enable-mysql --enable-pgsql</command> but that you should now use:
2260 <command>--with-modules="gmysql gpgsql"</command>. The old launch-names remain available.
2261 </para>
2262 <para>
2263 If you launch the Generic PgSQL backend as gpgsql2, all parameters will have gpsql2 as a prefix, for example
2264 <command>pgsql2-dbname</command>. If launched as gpsql, the regular names are in effect.
2265 </para>
2266 </warning>
2267 </para>
11a45617
BH		 2268 <para>
2269 <warning>
2270 <para>
2271 The pdns_control protocol was changed which means that older pdns_controls cannot talk to 2.9.3. The other way around is
2272 broken too. This may lead to problems with automatic upgrade scripts, so pay attention if your daemon is truly restarted.
2273 </para>
2274 <para>
2275 Also make sure no old pdns_control command is around to confuse things.
2276 </para>
2277 </warning>
2278 </para>
973ad2b5
BH		 2279 <para>
2280 Improvements:
2281 <itemizedlist>
2282 <listitem>
2283 <para>
2284 Bind backend can now deal with missing files and try to find them later.
2285 </para>
2286 </listitem>
11a45617
BH		 2287 <listitem>
2288 <para>
2289 Bind backend is now explicitly master capable and triggers the sending of notifications.
2290 </para>
2291 </listitem>
973ad2b5
BH		 2292 <listitem>
2293 <para>
2294 General robustness improvements in Bind backend - many errors are now non-fatal.
2295 </para>
2296 </listitem>
ef1d2f44
BH		 2297 <listitem>
2298 <para>
2299 Accessability, Serviceability. New <command>pdns_server</command> commands like <command>bind-list-rejects</command>
2300 (lists zones that could not be loaded, and the reason why), <command>bind-reload-now</command> (reload a zone from disk NOW),
2301 <command>rediscover</command> (reread named.conf NOW). More is coming up.
2302 </para>
2303 </listitem>
973ad2b5
BH		 2304 <listitem>
2305 <para>
2306 Added support for retrieving RP (Responsible Person) records from remote masters. Serving them was already possible.
2307 </para>
2308 </listitem>
2309 <listitem>
2310 <para>
2311 Added support for LOC records, which encode the geographical location of a host, both serving and retrieving (thanks to Marco Davids
2312 using them on our last Bind server, forcing us to implement this silly record).
2313 </para>
2314 </listitem>
2315 <listitem>
2316 <para>
2317 Configuration file parser now strips leading spaces too, allowing "chroot= /tmp" to work, as well as "chroot=/tmp"
2318 (Thanks to Hub Dohmen for reporting this for months on end).
2319 </para>
2320 </listitem>
068c8c1f
BH		 2321 <listitem>
2322 <para>
2323 Added <command>bind-domain-status</command> command that shows the status of all domains (when/if they were parsed, any errors
2324 encountered while parsing them).
2325 </para>
2326 </listitem>
2327 <listitem>
2328 <para>
2329 Added <command>bind-reload-now</command> command that tries to reload a zone from disk NOW, and reports back errors to the operator
2330 immediatly.
2331 </para>
2332 </listitem>
2333 <listitem>
2334 <para>
2335 Added <command>retrieve</command> command that queues a request to retrieve a zone from its master.
2336 </para>
2337 </listitem>
2338 <listitem>
2339 <para>
2340 Zones retrieved from masters are now stored way smaller on disk because the domain is stripped from records, which is derived
2341 from the configuration file. Retrieved zones are now prefixed with some information on where they came from.
2342 </para>
2343 </listitem>
973ad2b5
BH		 2344 </itemizedlist>
2345 </para>
2346 <para>
2347 Changes:
2348 <itemizedlist>
2349 <listitem>
2350 <para>
068c8c1f
BH		 2351 gpgsql and gmysql backends split out of the hybrid pgmysqlbackend. This again changed compilation instructions!
2352 </para>
2353 </listitem>
11a45617
BH		 2354 <listitem>
2355 <para>
2356 <command>pdns_control</command> now uses the rarely seen SOCK_STREAM Unix Domain socket variety so it can transport
2357 large amounts of text, which is needed for the <command>bind-domain-status</command> command, for which see
2358 <xref linkend="bind-control-commands">. This breaks compatability with older pdns_control and pdns_server binaries!
2359 </para>
2360 </listitem>
068c8c1f
BH		 2361 <listitem>
2362 <para>
2363 Bind backend now ignores 'hint' and 'forward' and other unsupported zone types.
2364 </para>
2365 </listitem>
2366 <listitem>
2367 <para>
2368 AXFRs are now logged more heavily by default. An AXFR is a heavy operation anyhow, some more logging does not further
2369 increase the load materially. Does help in clearing up what slaves are doing.
2370 </para>
2371 </listitem>
2372 <listitem>
2373 <para>
2374 A lot of master/slave chatter has been silenced, making output more relevant. No more repetitive 'No master domains need notifications' etc, only changes are reported now.
973ad2b5
BH		 2375 </para>
2376 </listitem>
2377 </itemizedlist>
2378 </para>
2379 <para>
2380 Bugfixes:
2381 <itemizedlist>
2382 <listitem>
2383 <para>
2384 Windows version did not compile without minor changes.
2385 </para>
2386 </listitem>
2387 <listitem>
2388 <para>
2389 Confusing error reporting on Windows 98 (which does not support PowerDNS) fixed
2390 </para>
2391 </listitem>
2392 <listitem>
2393 <para>
2394 Potential crashes with shortened packets addressed. An upgrade is advised!
2395 </para>
2396 </listitem>
068c8c1f
BH		 2397 <listitem>
2398 <para>
2399 <command>notify</command> (which was already there, just badly documented) no longer prints out debugging garbage.
2400 </para>
2401 </listitem>
973ad2b5
BH		 2402 <listitem>
2403 <para>
2404 pgmysql backend had problems launching when not compiled in but available as a module. Workaround for 2.9.2 is 'load-modules=pgmysql',
2405 but even then gpgsql would not work! gmysql would then, however. These modules are now split out, removing such issues.
2406 </para>
2407 </listitem>
2408 </itemizedlist>
2409 </para>
2410 </sect2>
731f58b8
BH		 2411 <sect2 id="changelog-2-9-2"><title>Version 2.9.2</title>
2412 <para>
152b4591
BH		 2413 Bugfixes galore. Solaris porting created some issues on all platforms. Great news is that PowerDNS is now in Debian 'sid' (unstable). The 2.9.1
2414 packages in there currently aren't very good but the 2.9.2 ones will be. Many thanks to Wichert Akkerman, our 'downstream' for making this possible.
731f58b8 2415 </para>
d022a079
BH		 2416 <warning>
2417 <para>
2418 The Generic MySQL backend, part of the Generic MySQL &amp; PostgreSQL backend, is now the DEFAULT! The previous default, the
2419 'mysql' backend (note the lack of 'g') is now DEPRECATED. This was the source of much confusion. The 'mysql' backend
2420 does not support MASTER or SLAVE operation. The Generic backends do.
2421 </para>
2422 <para>
2423 To get back the mysql backend, add --with-modules="mysql" or --with-dynmodules="mysql" if you prefer to load your modules at runtime.
2424 </para>
2425 </warning>
731f58b8 2426 <para>
d022a079 2427 Bugs fixed:
731f58b8
BH		 2428 <itemizedlist>
2429 <listitem>
2430 <para>
2431 Silly debugging output removed from the webserver (found by Paul Wouters)
2432 </para>
2433 </listitem>
2434 <listitem>
2435 <para>
2436 SEVERE: due to Solaris portability fixes, qtypes&lt;127 were broken.
2437 These include NAPTR, ANY and AXFR. The upshot is that powerdns
2438 wasn't performing outgoing AXFRs nor ANY queries. These were the
2439 'question for type -1' warnings in the log
2440 </para>
2441 </listitem>
2442 <listitem>
2443 <para>
2444 incoming AXFR could theoretically miss some trailing records (not observed, but could happen)
2445 </para>
2446 </listitem>
2447 <listitem>
2448 <para>
2449 incoming AXFR did not support TXT records (spotted by Paul Wouters)
2450 </para>
2451 </listitem>
2452 <listitem>
2453 <para>
2454 with some remotes, an incoming AXFR would not terminate until a
2455 timeout occured (observed by Paul Wouters)
2456 </para>
2457 </listitem>
2458 <listitem>
2459 <para>
2460 Documentation bug, pgmysql != mypgsql
2461 </para>
2462 </listitem>
2463 </itemizedlist>
2464 </para>
d022a079
BH		 2465 <para>
2466 Documentation:
2467 <itemizedlist>
2468 <listitem>
2469 <para>
2470 Documented the 'random backend', see <xref linkend="randombackend">.
2471 </para>
2472 </listitem>
2473 <listitem>
2474 <para>
2475 Wichert Akkerman contributed three manpages.
2476 </para>
2477 </listitem>
2478 <listitem>
2479 <para>
2480 Building PowerDNS on Unix is now documented somewhat more, see <xref linkend="on-unix">.
2481 </para>
2482 </listitem>
2483 </itemizedlist>
2484 </para>
731f58b8
BH		 2485 <para>
2486 Features:
2487 <itemizedlist>
2488 <listitem>
2489 <para>
2490 pdns init.d script is now +x by default
2491 </para>
2492 </listitem>
2493 <listitem>
2494 <para>
d022a079
BH		 2495 OpenBSD is on its way of becoming a supported platform! As of 2.9.2, PowerDNS compiles on OpenBSD but swiftly crashes.
2496 Help is welcome.
2497 </para>
2498 </listitem>
2499 <listitem>
2500 <para>
2501 ODBC backend (for Windows only) was missing from the distribution, now added.
2502 </para>
2503 </listitem>
2504 <listitem>
2505 <para>
2506 xdb backend added - see <xref linkend="xdbbackend">. Designed for use by root-server operators.
2507 </para>
2508 </listitem>
2509 <listitem>
2510 <para>
2511 Dynamic modules are back which is good news for distributors who want to make a pdns packages that does not
2512 depend one every database under the sun.
731f58b8
BH		 2513 </para>
2514 </listitem>
2515 </itemizedlist>
2516 </para>
2517 </sect2>
2518
2519
178d5134
BH		 2520 <sect2 id="changelog-2-9-1"><title>Version 2.9.1</title>
2521 <para>
2522 Thanks to the great enthusiasm from around the world, powerdns is now available for Solaris and FreeBSD users again!
2523 Furthermore, the Windows build is back. We are very grateful for the help of:
2524 </para>
2525 <para>
2526 <itemizedlist>
2527 <listitem><para>Michel Stol</para></listitem>
2528 <listitem><para>Wichert Akkerman</para></listitem>
2529 <listitem><para>Edvard Tuinder</para></listitem>
2530 <listitem><para>Koos van den Hout</para></listitem>
2531 <listitem><para>Niels Bakker</para></listitem>
2532 <listitem><para>Erik Bos</para></listitem>
2533 <listitem><para>Alex Bleker</para></listitem>
2534 <listitem><para>steven stillaway</para></listitem>
2535 <listitem><para>Roel van der Made</para></listitem>
2536 <listitem><para>Steven Van Steen</para></listitem>
2537 </itemizedlist>
2538 </para>
2539 <para>
2540 We are happy to have been able to work with the open source community to improve PowerDNS!
2541 </para>
2542 <para>
2543 Changes:
2544 <itemizedlist>
2545 <listitem>
2546 <para>
2547 The monitor command <command>set</command> no longer allows the changing of non-existant variables.
2548 </para>
2549 </listitem>
2550 <listitem>
2551 <para>
2552 IBM Universal Database DB2 backend now included in source distribution (untested!)
2553 </para>
2554 </listitem>
2555 <listitem>
2556 <para>
2557 Oracle backend now included in source distribution (sligthly tested!)
2558 </para>
2559 </listitem>
2560 <listitem>
2561 <para>
2562 configure script now searches for postgresql and mysql includes
2563 </para>
2564 </listitem>
2565 <listitem>
2566 <para>
2567 Bind parser now no longer dies on records with a ' in them (Erik Bos)
2568 </para>
2569 </listitem>
2570 <listitem>
2571 <para>
2572 The pipebackend was accidentally left out of 2.9
2573 </para>
2574 </listitem>
2575 <listitem>
2576 <para>
2577 FreeBSD fixes (with help from Erik Bos, Alex Bleeker, Niels Bakker)
2578 </para>
2579 </listitem>
2580 <listitem>
2581 <para>
2582 Heap of Solaris work (with help from Edvard Tuinder, Stefan Van Steen, Koos van den Hout, Roel van der Made and
2583 especially Mark Bakker).
731f58b8 2584 Now compiles in 2.7 and 2.8, haven't tried 2.9. May be a bit dysfunctional on 2.7 though - it won't do IPv6 and it won't serve AAAA. Patches
178d5134
BH		 2585 welcome!
2586 </para>
2587 </listitem>
2588 <listitem>
2589 <para>
2590 Windows 32 build is back! Michel Stol updated his earlier work to the current version.
2591 </para>
2592 </listitem>
2593 <listitem>
2594 <para>
2595 S/Linux (Linux on Sparc) build works now (with help from steven stillaway).
2596 </para>
2597 </listitem>
2598 <listitem>
2599 <para>
2600 Silly debugging message ('sd.ttl from cache') removed
2601 </para>
2602 </listitem>
2603 <listitem>
2604 <para>
2605 .debs are back, hopefully in 'sid' soon! (Wichert Akkerman)
2606 </para>
2607 </listitem>
2608 <listitem>
2609 <para>
731f58b8 2610 Removal of bzero and other less portable constructs. Discovered that recent Linux glibc's need -D_GNU_SOURCE (Wichert Akkerman). </para>
178d5134
BH		 2611 </listitem>
2612 </itemizedlist>
2613 </para>
2614 </sect2>
12e6d4a9
BH		 2615 <sect2 id="changelog-2-9"><title>Version 2.9</title>
2616 <para>
2617 Open source release. Do not deploy unless you know what you are
2618doing. Stability is expected to return with 2.9.1, as are the binary builds.
2619 </para>
2620 <para>
2621 <itemizedlist>
2622 <listitem>
2623 <para>
2624 License changed to the GNU General Public License version 2.
2625 </para>
2626 </listitem>
2627 <listitem>
2628 <para>
2629 Cleanups by Erik Bos @ xs4all.
2630 </para>
2631 </listitem>
2632 <listitem>
2633 <para>
2634 Build improvements by Wichert Akkerman
2635 </para>
2636 </listitem>
2637 <listitem>
2638 <para>
2639 Lots of work on the build system, entirely revamped. By PowerDNS.
2640 </para>
2641 </listitem>
2642 </itemizedlist>
2643 </sect2>
2644
12c86877
BH		 2645 <sect2 id="changelog-2-8"><title>Version 2.8</title>
2646 <para>
2647 From this release onwards, we'll concentrate on stabilising for the 3.0 release. So if you have any must-have features,
2648 let us know soonest. The 2.8 release fixes a bunch of small stability issues and add two new features. In the spirit of the move to
2649 stability, this release has already been running 24 hours on our servers before release.
2650 </para>
2651 <para>
2652 <itemizedlist>
2653 <listitem>
2654 <para>
2655 pipe backend gains the ability to restricts its invocation to a limited number of requests. This allows a very busy nameserver
2656 to still serve packets from a slow perl backend.
2657 </para>
2658 </listitem>
2659 <listitem>
2660 <para>
2661 pipe backend now honors query-logging, which also documents which queries were blocked by the regex.
2662 </para>
2663 </listitem>
2664 <listitem>
2665 <para>
2666 pipe backend now has its own backend chapter.
2667 </para>
2668 </listitem>
2669 <listitem>
2670 <para>
2671 An incoming AXFR timeout at the wrong moment had the ability to crash the binary, forcing a reload. Thanks to our bug spotting
2672 champions Mike Benoit and Simon Kirby of NetNation for reporting this.
2673 </para>
2674 </listitem>
2675 </itemizedlist>
2676 </para>
2677 </sect2>
2678 <sect2 id="changelog-2-7"><title>Version 2.7 and 2.7.1</title>
2679 <para>
2680 This version fixes some very long standing issues and adds a few new features. If you are still running 2.6, upgrade yesterday. If you
2681 were running 2.6.1, an upgrade is still strongly advised.
2682 </para>
2683 <para>
2684 Features:
2685 <itemizedlist>
2686 <listitem>
2687 <para>
2688 The controlsocket is now readable and writable by the 'setgid' user. This allows for non-root
2689 access to PDNS which is nice for mrtg or cricket graphs.
2690 </para>
2691 </listitem>
2692 <listitem>
2693 <para>
2694 MySQL backend (the non-generic one) gains the ability to read from a different table using the
2695 <command>mysql-table</command> setting.
2696 </para>
2697 </listitem>
2698 <listitem>
2699 <para>
2700 pipe backend now has a configurable timeout using the <command>pipe-timeout</command> setting. Thanks fo Steve Bromwich
2701 for pointing out the need for this.
2702 </para>
2703 </listitem>
2704 <listitem>
2705 <para>
2706 Experimental backtraces. If PowerDNS crashes, it will log a lot of numbers and sometimes more to the syslog.
2707 If you see these, please report them to us. Only available under Linux.
2708 </para>
2709 </listitem>
2710 </itemizedlist>
2711 </para>
2712 <para>
2713 Bugs:
2714 <itemizedlist>
2715 <listitem>
2716 <para>
2717 2.7 briefly broke the mysql backend, so don't use it if you use that. 2.7.1 fixes this.
2718 </para>
2719 </listitem>
2720 <listitem>
2721 <para>
2722 SOA records could sometimes have the wrong TTL. Thanks to Jonas Daugaard for reporting this.
2723 </para>
2724 </listitem>
2725 <listitem>
2726 <para>
2727 An ANY query might lead to duplicate SOA records being returned under exceptional circumstances.
2728 Thanks to Jonas Daugaard for reporting this.
2729 </para>
2730 </listitem>
2731 <listitem>
2732 <para>
2733 Underlying the above bug, packet compression could sometimes suddenly be turned off, leading to
2734 overly large responses and non-removal of duplicate records.
2735 </para>
2736 </listitem>
2737 <listitem>
2738 <para>
2739 The <command>allow-axfr-ips</command> setting did not accept IP ranges (1.2.3.0/24) which the
2740 documentation claimed it did (thanks to Florus Both of Ascio technologies for being sufficiently persistent in reporting this).
2741 </para>
2742 </listitem>
2743 <listitem>
2744 <para>
2745 Killed backends were not being respawned, leading to suboptimal behaviour on intermittent database errors. Thanks to Steve Bromwich for
2746 reporting this.
2747 </para>
2748 </listitem>
2749 <listitem>
2750 <para>
2751 Corrupt packets during an incoming AXFR when acting as a slave would cause a PowerDNS reload instead of just failing that AXFR.
2752 Thanks to Mike Benoit and Simon Kirby of NetNation for reporting this.
2753 </para>
2754 </listitem>
2755 <listitem>
2756 <para>
2757 Label compression in incoming AXFR had problems with large offsets, causing the above mentioned errors. Thanks to Mike Benoit
2758 and Simon Kirby of NetNation for reporting this.
2759 </para>
2760 </listitem>
2761 </itemizedlist>
2762 </para>
2763 </sect2>
2764
2765 <sect2 id="changelog-2-6-1"><title>Version 2.6.1</title>
2766 <para>
2767 Quick fix release for a big cache problem.
2768 </para>
2769 </sect2>
2770 <sect2 id="changelog-2-6"><title>Version 2.6</title>
2771 <para>
2772 Performance release. A lot of work has been done to raise PDNS performance to staggering levels in order to take part
2773 in benchmarketing efforts. Together with our as yet unnamed partner, PDNS has been benchmarked at 60.000 mostly cached queries/second
2774 on off the shelf PC hardware. Uncached performance was 17.000 uncached DNS queries/second on the .ORG domain.
2775 </para>
2776 <para>
2777 Performance has been increased by both making PDNS itself quicker but also by lowering the number of backend queries typically needed. Operators
2778 will typically see PDNS taking less CPU and the backend seeing less load.
2779 </para>
2780 <para>
2781 Furthermore, some real bugs were fixed. A couple of undocumented performance switches may appear in --help output but you are advised to stay
2782 away from these.
2783 </para>
2784 <para>
2785 Developers: this version needs the pdns-2.5.1 development kit, available on <ulink url="http://downloads.powerdns.com/releases/dev">
2786 http://downloads.powerdns.com/releases/dev</ulink>. See also <xref linkend="backend-writers-guide">.
2787 </para>
2788 <para>
2789 Performance:
2790 <itemizedlist>
2791 <listitem>
2792 <para>
2793 A big error in latency calculations - cached packets were weighed 50 times less, leading to inflated latency reporting. Latency calculations
2794 are now correct and way lower - often in the microseconds range.
2795 </para>
2796 </listitem>
2797 <listitem>
2798 <para>
2799 It is now possible to run with 0 second cache TTLs. This used to cause very frequent cache cleanups, leading
2800 to performance degradation.
2801 </para>
2802 </listitem>
2803 <listitem>
2804 <para>
2805 Many tiny performance improvements, removing duplicate cache key calculations, etc. The cache itself has also been reworked
2806 to be more efficient.
2807 </para>
2808 </listitem>
2809 <listitem>
2810 <para>
2811 First 'CNAME' backend query replaced by an 'ANY' query, which most of the time returns the actual record,
2812 preventing the need for a separate CNAME lookup, halving query load.
2813 </para>
2814 </listitem>
2815 <listitem>
2816 <para>
2817 Much of the same for same-level-NS records on queries needing delegation.
2818 </para>
2819 </listitem>
2820 </itemizedlist>
2821 </para>
2822 <para>
2823 Bugs fixed:
2824 <itemizedlist>
2825 <listitem>
2826 <para>
2827 Incidentally, the cache count would show 'unknown' packets, which was harmless but confusing. Thanks to Mike and Simon of
2828 NetNation for reporting this.
2829 </para>
2830 </listitem>
2831 <listitem>
2832 <para>
2833 SOA hostmaster with a . in the local-part would be cached wrongly, leading to a stray backslash
2834 in case of multiple successively SOA queries. Thanks to Ascio Techologies for spotting this bug.
2835 </para>
2836 </listitem>
2837 <listitem>
2838 <para>
2839 zone2sql did not parse Verisign zonefiles correctly as these contained a $TTL statement in mid-record.
2840 </para>
2841 </listitem>
2842 <listitem>
2843 <para>
2844 Sometimes packets would not be accounted, leading to 'udp-queries' and 'udp-answers' divergence.
2845 </para>
2846 </listitem>
2847 </itemizedlist>
2848 </para>
2849 <para>
2850 Features:
2851 <itemizedlist>
2852 <listitem>
2853 <para>
2854 'cricket' command added to init.d scripts that provides unadorned output for parsing by 'Cricket'.
2855 </para>
2856 </listitem>
2857 </itemizedlist>
2858 </para>
2859 </sect2>
2860 <sect2 id="changelog-2-5-1"><title>Version 2.5.1</title>
2861 <para>
2862 <ulink url="http://www.tuxedo.org/~esr/jargon/html/entry/brown-paper-bag-bug.html">Brown paper bag</ulink> release fixing
2863 a huge memory leak in the new Query Cache.
2864 </para>
2865 <para>
2866 Developers: this version needs the new pdns-2.5.1 development kit, available on <ulink url="http://downloads.powerdns.com/releases/dev">
2867 http://downloads.powerdns.com/releases/dev</ulink>. See also <xref linkend="backend-writers-guide">.
2868 </para>
2869 <para>
2870 And some small changes:
2871 <itemizedlist>
2872 <listitem>
2873 <para>
2874 Added support for RFC2038 compliant negative-answer caching. This allows remotes to cache the fact that
2875 a domain does not exist and will not exist for a while. Thanks to Chris Thompson for <ulink url="http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg01697.html">pointing out how tiny our minds are</ulink>. This feature may cause a noticeable reduction
2876 in query load.
2877 </para>
2878 </listitem>
2879 <listitem>
2880 <para>
2881 Small speedup to non-packet-cached queries, incidentally fixing the huge memory leak.
2882 </para>
2883 </listitem>
2884 <listitem>
2885 <para>
2886 <command>pdns_control ccounts</command> command outputs statistics on what is in the cache, which is
2887 useful to help optimize your caching strategy.
2888 </para>
2889 </listitem>
2890 </itemizedlist>
2891 </para>
2892 </sect2>
2893 <sect2 id="changelog-2-5"><title>Version 2.5</title>
2894 <para>
2895 An important release which has seen quite a lot of trial and error testing. As a result, PDNS can now run with a huge cache
2896 and concurrent invalidations. This is useful when running of a slower database or under high traffic load with a fast database.
2897 </para>
2898 <para>
2899 Furthermore, the gpgsql2 backend has been validated for use and will soon supplant the gpgsql backend entirely. This also bodes
2900 well for the gmysql backend which is the same code.
2901 </para>
2902 <para>
2903 Also, a large amount of issues biting large scale slave operators were addressed. Most of these issues would only show up
2904 after prolonged uptime.
2905 </para>
2906 <para>
2907 New features:
2908 <itemizedlist>
2909 <listitem>
2910 <para>
2911 Query cache. The old Packet Cache only cached entire questions and their answers. This is very CPU efficient but
2912 does not lead to maximum hitrate. Two packets both needing to resolve smtp.you.com internally would not benefit
2913 from any caching. Furthermore, many different DNS queries lead to the same backend queries, like 'SOA for .COM?'.
2914 </para>
2915 <para>
2916 PDNS now also caches backend queries, but only those having no answer (the majority) and those having one answer
2917 (almost the rest).
2918 </para>
2919 <para>
2920 In tests, these additional caches appear to halve the database backend load numerically and perhaps even more in terms
2921 of CPU load. Often, queries with no answer are more expensive than those having one.
2922 </para>
2923 <para>
2924 The default <command>ttl</command>s for the query-cache and negquery-cache are set to safe values (20 and 60 seconds
2925 respectively), you should be seeing an improvement in behaviour without sacrificing a lot in terms of quick updates.
2926 </para>
2927 <para>
2928 The webserver also displays the efficiency of the new Query Cache.
2929 </para>
2930 <para>
2931 The old Packet Cache is still there (and useful) but see <xref linkend="performance"> for more details.
2932 </para>
2933 </listitem>
2934 <listitem>
2935 <para>
2936 There is now the ability to shut off some logging at a very early stage. High performance sites doing thousands of
2937 queries/second may in fact spend most of their CPU time on attempting to write out logging, even though it is ignored
2938 by syslog. The new flag <command>log-dns-details</command>, on by default, allows the operator to kill most
2939 informative-only logging before it takes any cpu.
2940 </para>
2941 </listitem>
2942 <listitem>
2943 <para>
2944 Flags which can be switched 'on' and 'off' can now also be set to 'off' instead of only to 'no' to turn them off.
2945 </para>
2946 </listitem>
2947 </itemizedlist>
2948 </para>
2949 <para>
2950 Enhancements:
2951 <itemizedlist>
2952 <listitem>
2953 <para>
2954 Packet Cache is now case insensitive, leading to a higher hitrate because identical queries only differing in case
2955 now both match. Care is taken to restore the proper case in the answer sent out.
2956 </para>
2957 </listitem>
2958 <listitem>
2959 <para>
2960 Packet Cache stores packets more efficiently now, savings are estimated at 50%.
2961 </para>
2962 </listitem>
2963 <listitem>
2964 <para>
2965 The Packet Cache is now asynchronous which means that PDNS continues to answer questions while the cache
2966 is busy being purged or queried. Incidentally this will mean a cache miss where previously the question would
2967 wait until the cache became available again.
2968 </para>
2969 <para>
2970 The upshot of this is that operators can call <command>pdns_control purge</command> as often as desired without
2971 fearing performance loss. Especially the full, non-specific, purge was speeded up tremendously.
2972 </para>
2973 <para>
2974 This optimization is of little merit for small sites but is very important when running with a large packetcache, such
2975 as when using recursion under high load.
2976 </para>
2977 </listitem>
2978 <listitem>
2979 <para>
2980 AXFR log messages now all contain the word 'AXFR' to ease grepping.
2981 </para>
2982 </listitem>
2983 <listitem>
2984 <para>
2985 Linux static version now compiled with gcc 3.2 which is known to output better and faster code than the previously
2986 used 3.0.4.
2987 </para>
2988 </listitem>
2989 </itemizedlist>
2990 </para>
2991 <para>
2992 Bugs fixed:
2993 <itemizedlist>
2994 <listitem>
2995 <para>
2996 Packetcache would sometimes send packets back with slightly modified flags if these differed from the flags
2997 of the cached copy.
2998 </para>
2999 </listitem>
3000 <listitem>
3001 <para>
3002 Resolver code did bad things with filedescriptors leading to fd exhaustion after prolonged uptimes and many slave
3003 SOA currency checks.
3004 </para>
3005 </listitem>
3006 <listitem>
3007 <para>
3008 Resolver code failed to properly log some errors, leading to operator uncertainty regarding to AXFR problems with
3009 remote masters.
3010 </para>
3011 </listitem>
3012 <listitem>
3013 <para>
3014 After prolonged uptime, slave code would try to use privileged ports for originating queries, leading to bad
3015 replication efficiency.
3016 </para>
3017 </listitem>
3018 <listitem>
3019 <para>
3020 Masters sending back answers in differing case from questions would lead to bogus
3021 'Master tried to sneak in out-of-zone data' errors and failing AXFRs.
3022 </para>
3023 </listitem>
3024 </itemizedlist>
3025 </para>
3026 </sect2>
3027 <sect2 id="changelog-2-4"><title>Version 2.4</title>
3028 <para>
3029 Developers: this version is compatible with the pdns-2.1 development kit, available on <ulink url="http://downloads.powerdns.com/releases/dev">
3030 http://downloads.powerdns.com/releases/dev</ulink>. See also <xref linkend="backend-writers-guide">.
3031 </para>
3032 <para>
3033 This version fixes some stability issues with malformed or malcrafted packets. An upgrade is advised. Furthermore, there are interesting new
3034 features.
3035 </para>
3036 <para>
3037 New features:
3038 </para>
3039 <para>
3040 <itemizedlist>
3041 <listitem>
3042 <para>
3043 Recursive queries are now also cached, but in a separate namespace so non-recursive queries don't get recursed answers and
3044 vice versa. This should mean way lower database load for sites running with the current default lazy-recursion. Up to now,
3045 each and every recursive query would lead to a large amount of SQL queries.
3046 </para>
3047 <para>
3048 To prevent the packetcache from becoming huge, a separate <command>recursive-cache-ttl</command> can be specified.
3049 </para>
3050 </listitem>
3051 <listitem>
3052 <para>
3053 The ability to change parameters at runtime was added. Currently, only the new <command>query-logging</command> flag
3054 can be changed.
3055 </para>
3056 </listitem>
3057 <listitem>
3058 <para>
3059 Added <command>query-logging</command> flag which hints a backend that it should output a textual representation of queries
3060 it receives. Currently only gmysql and gpgsql2 honor this flag.
3061 </para>
3062 </listitem>
3063 <listitem>
3064 <para>
3065 Gmysql backend can now also talk to PgSQL, leading to less code. Currently, the old postgresql driver ('gpgsql') is still the default,
3066 the new driver is available as 'gpgsql2' and has the benefit that it does query logging. In the future, gpgsql2 will become the default
3067 gpgsql driver.
3068 </para>
3069 </listitem>
3070 <listitem>
3071 <para>
3072 DNS recursing proxy is now more verbose in logging odd events which may be caused by buggy recursing backends.
3073 </para>
3074 </listitem>
3075 <listitem>
3076 <para>
3077 Webserver now displays peak queries/second 1 minute average.
3078 </para>
3079 </listitem>
3080 </itemizedlist>
3081 </para>
3082 <para>
3083 Bugs fixed:
3084 <itemizedlist>
3085 <listitem>
3086 <para>
3087 Failure to connect to database in master/slave communicator thread could lead to an unclean reload, fixed.
3088 </para>
3089 </listitem>
3090 </itemizedlist>
3091 <para>
3092 Documentation: added details for <command>strict-rfc-axfrs</command>. This feature can be used if very old clients need to be able
3093 to do zone transfers with PDNS. Very slow.
3094 </para>
3095
3096 </sect2>
3097 <sect2 id="changelog-2-3"><title>Version 2.3</title>
3098 <para>
3099 Developers: this version is compatible with the pdns-2.1 development kit, available on <ulink url="http://downloads.powerdns.com/releases/dev">
3100 http://downloads.powerdns.com/releases/dev</ulink>. See also <xref linkend="backend-writers-guide">.
3101 </para>
3102 <para>
3103 This release adds the Generic MySQL backend which allows full master/slave semantics with MySQL and InnoDB tables (or other tables that support
3104 transactions). See <xref linkend="generic-mypgsql-backends">.
3105 </para>
3106 <para>
3107 Other new features:
3108 </para>
3109 <para>
3110 <itemizedlist>
3111 <listitem>
3112 <para>
3113 Improved error messages in master/slave communicator will help down track problems.
3114 </para>
3115 </listitem>
3116 <listitem>
3117 <para>
3118 <command>slave-cycle-interval</command> setting added. Very large sites with thousands of slave domains may need to raise this value
3119 above the default of 60. Every cycle, domains in undeterminate state are checked for their condition. Depending on the health of the masters,
3120 this may entail many SOA queries or attempted AXFRs.
3121 </para>
3122 </listitem>
3123 </itemizedlist>
3124 </para>
3125 <para>
3126 Bugs fixed:
3127 </para>
3128 <para>
3129 <itemizedlist>
3130 <listitem>
3131 <para>
3132 'pdns_control purge <userinput>domain</userinput>' and 'pdns_control purge <userinput>domain$</userinput>' were broken in version 2.2 and
3133 did not in fact purge the cache. There is a slight risk that domain-specific purge commands could force a reload in previous version.
3134 Thanks to Mike Benoit of NetNation for discovering this.
3135 </para>
3136 </listitem>
3137 <listitem>
3138 <para>
3139 Master/slave communicator thread got confused in case of delayed answers from slow masters. While not causing harm, this caused inefficient
3140 behaviour when testing large amounts of slave domains because additional 'cycles' had to pass before all domains would have their status
3141 ascertained.
3142 </para>
3143 </listitem>
3144 <listitem>
3145 <para>
3146 Backends implementing special SOA semantics (currently only the undocumented 'pdns express backend', or homegrown backends) would
3147 under some circumstances not answer the SOA record in case of an ANY query. This should put an end to the last DENIC problems. Thanks to
3148 DENIC for helping us find the problem.
3149 </para>
3150 </listitem>
3151 </itemizedlist>
3152 </para>
3153 </sect2>
3154 <sect2 id="changelog-2-2"><title>Version 2.2</title>
3155 <para>
3156 Developers: this version is compatible with the pdns-2.1 development kit, available on <ulink url="http://downloads.powerdns.com/releases/dev">
3157 http://downloads.powerdns.com/releases/dev</ulink>. See also <xref linkend="backend-writers-guide">.
3158 </para>
3159 <para>
3160 Again a big release. PowerDNS is seeing some larger deployments in more demanding environments and these are helping shake out remaining issues,
3161 especially with recursing backends.
3162 </para>
3163 <para>
3164 The big news is that wildcard CNAMEs are now supported, an oft requested feature and nearly the only part in which PDNS differed from BIND in
3165 authoritative capabilities.
3166 </para>
3167 <para>
3168 If you were seeing signal 6 errors in PDNS causing reloads and intermittent service disruptions, please upgrade to this version.
3169 </para>
3170 <para>
3171 For operators of PowerDNS Express trying to host .DE domains, the very special <command>soa-serial-offset</command> feature has been added
3172 to placate the new DENIC requirement that the SOA serial be at least six digits. PowerDNS Express uses the SOA serial as an actual serial and
3173 not to insert dates and hence often has single digit soa serial numbers, causing big problems with .DE redelegations.
3174 </para>
3175 <para>
3176 Bugs fixed:
3177 <itemizedlist>
3178 <listitem>
3179 <para>
3180 Malformed or shortened TCP recursion queries would cause a signal 6 and a reload. Same for EOF from the TCP recursing backend.
3181 Thanks to Simon Kirby and Mike Benoit of NetNation for helping debug this.
3182 </para>
3183 </listitem>
3184 <listitem>
3185 <para>
3186 Timeouts on the TCP recursing backend were far too long, leading to possible exhaustion of TCP resolving threads.
3187 </para>
3188 </listitem>
3189 <listitem>
3190 <para>
3191 <command>pdns_control purge domain</command> accidentally cleaned all packets with that name as a prefix. Thanks to Simon Kirby
3192 for spotting this.
3193 </para>
3194 </listitem>
3195 <listitem>
3196 <para>
3197 Improved exception error logging - in some circumstances PDNS would not properly log the cause of an exception, which hampered problem
3198 resolution.
3199 </para>
3200 </listitem>
3201 </itemizedlist>
3202 </para>
3203 <para>
3204 New features:
3205 <itemizedlist>
3206 <listitem>
3207 <para>
3208 Wildcard CNAMEs now work as expected!
3209 </para>
3210 </listitem>
3211 <listitem>
3212 <para>
3213 <command>pdns_control purge</command> can now also purge based on suffix, allowing operators to
3214 purge an entire domain from the packet cache instead of only specific records. See also <xref linkend="pdnscontrol">
3215 Thanks to Mike Benoit for this suggestion.
3216 </para>
3217 </listitem>
3218 <listitem>
3219 <para>
3220 <command>soa-serial-offset</command> for installations with small SOA serial numbers wishing to register .DE domains
3221 with DENIC which demands six-figure SOA serial numbers. See also <xref linkend="all-settings">.
3222 </para>
3223 </listitem>
3224 </itemizedlist>
3225 </para>
3226 </sect2>
3227 <sect2 id="changelog-2-1"><title>Version 2.1</title>
3228 <para>
3229 This is a somewhat bigger release due to pressing demands from customers. An upgrade is advised for installations using Recursion.
3230 If you are using recursion, it is vital that you are aware of changes in semantics. Basically, local data will now override data in your
3231 recursing backend under most circumstances. Old behaviour can be restored by turning <command>lazy-recursion</command> off.
3232 </para>
3233 <para>
3234 Developers: this version has a new pdns-2.1 development kit, available on <ulink url="http://downloads.powerdns.com/releases/dev">
3235 http://downloads.powerdns.com/releases/dev</ulink>. See also <xref linkend="backend-writers-guide">.
3236 </para>
3237 <para>
3238 <warning>
3239 <para>
3240 Most users will run a static version of PDNS which has no dependencies on external libraries. However, some may need to run the dynamic version.
3241 This warning applies to these users.
3242 </para>
3243 <para>
3244 To run the dynamic version of PDNS, which is needed for backend drivers which are only available in source form, gcc 3.0 is required.
3245 RedHat 7.2 comes with gcc 3.0 as an optional component, RedHat 7.3 does not. However, the RedHat 7.2 Update gcc rpms install just fine
3246 on RedHat 7.3. For Debian, we suggest running 'woody' and installing the g++-3.0 package. We expect to release a FreeBSD dynamic version
3247 shortly.
3248 </para>
3249 </warning>
3250 </para>
3251
3252 <para>
3253 Bugs fixed:
3254 <itemizedlist>
3255 <listitem>
3256 <para>
3257 RPM releases sometimes overwrote previous configuration files. Thanks to Jorn Ekkelenkamp of Hubris/ISP Services for reporting this.
3258 </para>
3259 </listitem>
3260 <listitem>
3261 <para>
3262 TCP recursion sent out overly large responses due to a byteorder mistake, confusing some clients. Thanks to the capable engineers
3263 of NetNation for bringing this to our attention.
3264 </para>
3265 </listitem>
3266 <listitem>
3267 <para>
3268 TCP recursion in combination with a recursing backend on a non-standard port did not work, leading to a
3269 non-functioning TCP listener. Thanks to the capable engineers of NetNation for bringing this to our attention.
3270 </para>
3271 </listitem>
3272 </itemizedlist>
3273 </para>
3274 <para>
3275 Unexpected behaviour:
3276 <itemizedlist>
3277 <listitem>
3278 <para>
3279 Wildcard URL records where not implemented because they are a performance penalty. To turn these on, enable
3280 <command>wildcard-url</command> in the configuration.
3281 </para>
3282 </listitem>
3283 <listitem>
3284 <para>
3285 Unlike other nameservers, local data did not override the internet for recursing queries. This has mostly been brought into conformance
3286 with user expectations. If a recursive question can be answered entirely from local data, it is. To restore old behaviour, disable
3287 <command>lazy-recursion</command>. Also see <xref linkend="recursion">.
3288 </para>
3289 </listitem>
3290 </itemizedlist>
3291 </para>
3292 <para>
3293 Features:
3294 <itemizedlist>
3295 <listitem>
3296 <para>
3297 Oracle support has been tuned, leading to the first public release of the Oracle backend. Zone2sql now outputs better SQL
3298 and the backend is now fully documented. Furthermore, the queries are compatible with the PowerDNS XML-RPC product, allowing
3299 PowerDNS express to run off Oracle. See <xref linkend="oracle">.
3300 </para>
3301 </listitem>
3302 <listitem>
3303 <para>
3304 Zone2sql now accepts --transactions to wrap zones in a transaction for PostgreSQL and Oracle output. This is a major speedup and also
3305 makes for better isolation of inserts. See <xref linkend="zone2sql">.
3306 </para>
3307 </listitem>
3308 <listitem>
3309 <para>
3310 <command>pdns_control</command> now has the ability to purge the PowerDNS cache or parts of it. This enables operators to
3311 raise the TTL of the Packet Cache to huge values and only to invalidate the cache when changes are made. See also <xref linkend="performance"> and
3312 <xref linkend="pdnscontrol">.
3313 </para>
3314 </listitem>
3315 </itemizedlist>
3316 </para>
3317 </sect2>
3318 <sect2 id="changelog-2-0-1"><title>Version 2.0.1</title>
3319 <para>
3320 Maintenance release, fixing three small issues.
3321 </para>
3322 <para>
3323 Developers: this version is compatible with 1.99.11 backends.
3324 </para>
3325 <para>
3326 <itemizedlist>
3327 <listitem>
3328 <para>
3329 PowerDNS ignored the <command>logging-facility</command> setting unless it was specified on the commandline.
3330 Thanks to Karl Obermayer from WebMachine Technologies for noticing this.
3331 </para>
3332 </listitem>
3333 <listitem>
3334 <para>
3335 Zone2sql neglected to preserve 'slaveness' of domains when converting to the slave capable PostgreSQL backend. Thanks
3336 to Mike Benoit of NetNation for reporting this. Zone2sql now has a <command>--slave</command> option.
3337 </para>
3338 </listitem>
3339 <listitem>
3340 <para>
3341 SOA Hostmaster addresses with dots in them before the @-sign were mis-encoded on the wire.
3342 </para>
3343 </listitem>
3344 </itemizedlist>
3345 </para>
3346 </sect2>
3347 <sect2 id="changelog-2-0"><title>Version 2.0</title>
3348 <para>
3349 Two bugfixes, one stability/security related. No new features.
3350 </para>
3351 <para>
3352 Developers: this version is compatible with 1.99.11 backends.
3353 </para>
3354 <para>
3355 Bugfixes:
3356 </para>
3357 <para>
3358 <itemizedlist>
3359 <listitem>
3360 <para>
3361 zone2sql refused to work under some circumstances, taking 100% cpu and not functioning. Thanks to Andrew Clark and Mike Benoit
3362 for reporting this.
3363 </para>
3364 </listitem>
3365 <listitem>
3366 <para>
3367 Fixed a stability issue where malformed packets could force PDNS to reload. Present in all earlier 2.0 versions.
3368 </para>
3369 </listitem>
3370 </itemizedlist>
3371 </para>
3372 </sect2>
3373 <sect2 id="changelog-2-0-rc2"><title>Version 2.0 Release Candidate 2</title>
3374 <para>
3375 Mostly bugfixes, no really new features.
3376 </para>
3377 <para>
3378 Developers: this version is compatible with 1.99.11 backends.
3379 </para>
3380 <para>
3381 Bugs fixed:
3382 </para>
3383 <para>
3384 <itemizedlist>
3385 <listitem>
3386 <para>
3387 chroot() works again - 2.0rc1 silently refused to chroot. Thanks to Hub Dohmen for noticing this.
3388 </para>
3389 </listitem>
3390 <listitem>
3391 <para>
3392 setuid() and setgid() security features were silently not being performed in 2.0rc1. Thanks to Hub Dohmen for noticing this.
3393 </para>
3394 </listitem>
3395 <listitem>
3396 <para>
3397 MX preferences over 255 now work as intended. Thanks to Jeff Crowe for noticing this.
3398 </para>
3399 </listitem>
3400 <listitem>
3401 <para>
3402 IPv6 clients can now also benefit from the recursing backend feature. Thanks to Andy Furnell for proving beyond any doubt that this
3403 did not work.
3404 </para>
3405 </listitem>
3406 <listitem>
3407 <para>
3408 Extremely bogus code removed from DNS notification reception code - please test! Thanks to Jakub Jermar for working with us
3409 in figuring out just how broken this was.
3410 </para>
3411 </listitem>
3412 <listitem>
3413 <para>
3414 AXFR code improved to handle more of the myriad different zonetransfer dialects available. Specifically, interoperability
3415 with Bind 4 was improved, as well as Bind 8 in 'strict rfc conformance' mode. Thanks again for Jakub Jermar for running many tests for us.
3416 If your transfers failed with 'Unknown type 14!!' or words to that effect, this was it.
3417 </para>
3418 </listitem>
3419 </itemizedlist>
3420 </para>
3421 <para>
3422 Features:
3423 <itemizedlist>
3424 <listitem>
3425 <para>
3426 Win32 version now has a zone2sql tool.
3427 </para>
3428 </listitem>
3429 <listitem>
3430 <para>
3431 Win32 version now has support for specifying how urgent messages should be before they go to the NT event log.
3432 </para>
3433 </listitem>
3434 </itemizedlist>
3435 </para>
3436 <para>
3437 Remaining issues:
3438 <itemizedlist>
3439 <listitem>
3440 <para>
3441 One persistent report of the default 'chroot=./' configuration not working.
3442 </para>
3443 </listitem>
3444 <listitem>
3445 <para>
3446 One report of disable-axfr and allow-axfr-ips not working as intended.
3447 </para>
3448 </listitem>
3449 <listitem>
3450 <para>
3451 Support for relative paths in zones and in Bind configuration is not bug-for-bug compatible with bind yet.
3452 </para>
3453 </listitem>
3454 </itemizedlist>
3455 </para>
3456 </sect2>
3457 <sect2 id="changelog-2-0-rc1"><title>Version 2.0 Release Candidate 1</title>
3458 <para>
3459 The MacOS X release! A very experimental OS X 10.2 build has been added. Furthermore, the Windows version is now in line with Unix with
3460 respect to capabilities. The ODBC backend now has the code to function as both a master and a slave.
3461 </para>
3462 <para>
3463 Developers: this version is compatible with 1.99.11 backends.
3464 </para>
3465 <para>
3466 <itemizedlist>
3467 <listitem>
3468 <para>
3469 Implemented native packet response parsing code, allowing Windows to perform AXFR and NS and SOA queries.
3470 </para>
3471 </listitem>
3472 <listitem>
3473 <para>
3474 This is the first version for which we have added support for Darwin 6.0, which is part of the forthcoming Mac OS X 10.2.
3475 Please note that although this version is marked RC1, that we have not done extensive testing yet. Consider this a technology
3476 preview.
3477 </para>
3478 <para>
3479 <itemizedlist>
3480 <listitem><para>
3481 The Darwin version has been developed on Mac OS X 10.2 (6C35). Other versions may or may not work.
3482 </para></listitem>
3483 <listitem><para>
3484 Currently only the random, bind, mysql and pdns backends are included.
3485 </para></listitem>
3486
3487 <listitem><para>
3488 The menu based installer script does not work, you will have to edit pathconfig by hand as outlined in chapter 2.
3489 </para></listitem>
3490
3491 <listitem><para>
3492 On Mac OS X Client, PDNS will fail to start because a system service is already bound to port 53.
3493 </para></listitem>
3494 </itemizedlist>
3495 </para>
3496 <para>
3497 This version is distributed as a compressed tar file. You should follow the generic UNIX installation instructions.
3498 </para>
3499 </listitem>
3500 </itemizedlist>
3501 </para>
3502 <para>
3503 Bugs fixed:
3504 <itemizedlist>
3505 <listitem>
3506 <para>
3507 Zone2sql PostgreSQL mode neglected to lowercase $ORIGIN. Thanks to Maikel Verheijen of Ladot for spotting this.
3508 </para>
3509 </listitem>
3510 <listitem>
3511 <para>
3512 Zone2sql PostgreSQL mode neglected to remove a trailing dot from $ORIGIN if present.
3513 Thanks to Thanks to Maikel Verheijen of Ladot for spotting this.
3514 </para>
3515 </listitem>
3516 <listitem>
3517 <para>
3518 Zonefile parser was not compatible with bind when $INCLUDING non-absolute filenames. Thanks to Jeff Miller for working out
3519 how this should work.
3520 </para>
3521 </listitem>
3522 <listitem>
3523 <para>
3524 Bind configuration parser was not compatible with bind when including non-absolute filenames. Thanks to Jeff Miller for working out
3525 how this should work.
3526 </para>
3527 </listitem>
3528 <listitem>
3529 <para>
3530 Documentation incorrectly listed the Bind backend as 'slave capable'. This is not yet true, now labeled 'experimental'.
3531 </para>
3532 </listitem>
3533 </itemizedlist>
3534 </para>
3535 <para>
3536 Windows changes. We are indebted to Dimitry Andric who educated us in the ways of distributing Windows software.
3537 <itemizedlist>
3538 <listitem>
3539 <para>
3540 <filename>pdns.conf</filename> is now read if available.
3541 </para>
3542 </listitem>
3543 <listitem>
3544 <para>
3545 Console version responds to ^c now.
3546 </para>
3547 </listitem>
3548 <listitem>
3549 <para>
3550 Default pdns.conf added to distribution
3551 </para>
3552 </listitem>
3553 <listitem>
3554 <para>
3555 Uninstaller missed several files, leaving remnants behind
3556 </para>
3557 </listitem>
3558
3559 <listitem>
3560 <para>
3561 DLLs are now installed locally, with the pdns executable.
3562 </para>
3563 </listitem>
3564
3565 <listitem>
3566 <para>
3567 pdns_control is now also available on Windows
3568 </para>
3569 </listitem>
3570 <listitem>
3571 <para>
3572 ODBC backend can now act as master and slave. Experimental.
3573 </para>
3574 </listitem>
3575 <listitem>
3576 <para>
3577 The example zone missed indexes and had other faults.
3578 </para>
3579 </listitem>
3580 <listitem>
3581 <para>
3582 A runtime DLL that is present on most windows systems (but not all!) was missing.
3583 </para>
3584 </listitem>
3585 </itemizedlist>
3586 </para>
3587 </sect2>
3588 <sect2 id="changelog-1-99-12"><title>Version 1.99.12 Prerelease</title>
3589 <para>
3590 The Windows release! See <xref linkend="windows">. Beware, windows support is still very fresh and untested. Feedback is very welcome.
3591 </para>
3592 <para>
3593 Developers: this version is compatible with 1.99.11 backends.
3594 </para>
3595 <para>
3596 <itemizedlist>
3597 <listitem>
3598 <para>
3599 Windows 2000 codebase merge completed. This resulted in quite some changes on the Unix end of things, so this may impact reliability
3600 </para>
3601 </listitem>
3602 <listitem>
3603 <para>
3604 ODBC backend added for Windows. See <xref linkend="odbc">.
3605 </para>
3606 </listitem>
3607 <listitem>
3608 <para>
3609 IBM DB2 Universal Database backend available for Linux. See <xref linkend="db2">.
3610 </para>
3611 </listitem>
3612 <listitem>
3613 <para>
3614 Zone2sql now understands $INCLUDE. Thanks to Amaze Internet for nagging about this
3615 </para>
3616 </listitem>
3617 <listitem>
3618 <para>
3619 The SOA Mininum TTL now has a configurable default (<command>soa-minimum-ttl</command>)value to placate the DENIC requirements.
3620 </para>
3621 </listitem>
3622 <listitem>
3623 <para>
3624 Added a limit on the simultaneous numbers of TCP connections to accept (<command>max-tcp-connections</command>). Defaults to 10.
3625 </para>
3626 </listitem>
3627 </itemizedlist>
3628 </para>
3629 <para>
3630 Bugs fixed:
3631 <itemizedlist>
3632 <listitem>
3633 <para>
3634 When operating in virtual hosting mode (See <xref linkend="virtual">), the additional init.d scripts would not function correctly
3635 and interface with other pdns instances.
3636 </para>
3637 </listitem>
3638 <listitem>
3639 <para>
3640 PDNS neglected to conserve case on answers. So a query for WwW.PoWeRdNs.CoM would get an answer listing the address of www.powerdns.com.
3641 While this did not confuse resolvers, it is better to conserve case. This has semantical concequences for all backends, which the documentation
3642 now spells out.
3643 </para>
3644 </listitem>
3645 <listitem>
3646 <para>
3647 PostgreSQL backend was case sensitive and returned only answers in case an exact match was found. The Generic PostgreSQL backend is now
3648 officially all lower case and zone2sql in PostgreSQL mode enforces this.
3649 Documentation has been been updated to reflect the case change. Thanks to Maikel Verheijen of Ladot for
3650 spotting this!
3651 </para>
3652 </listitem>
3653 <listitem>
3654 <para>
3655 Documentation bug - postgresql create/index statements created a duplicate index. If you've previously copy pasted the commands and
3656 not noticed the error, execute <command>CREATE INDEX rec_name_index ON records(name)</command> to remedy. Thanks to Jeff Miller for reporting
3657 this. This also lead to depressingly slow 'ANY' lookups for those of you doing benchmarks.
3658 </para>
3659 </listitem>
3660 </itemizedlist>
3661 </para>
3662 <para>
3663 Features:
3664 <itemizedlist>
3665 <listitem>
3666 <para>
3667 pdns_control (see <xref linkend="pdnscontrol">) now opens the local end of its socket in <filename>/tmp</filename> instead of next to the
3668 remote socket (by default <filename>/var/run</filename>). This eases the way for allowing non-root access to pdns_control. When running chrooted
3669 (see <xref linkend="security">), the local socket again moves back to <filename>/var/run</filename>.
3670 </para>
3671 </listitem>
3672 <listitem>
3673 <para>
3674 pdns_control now has a 'version' command. See <xref linkend="pdnscontrol">.
3675 </para>
3676 </listitem>
3677 </itemizedlist>
3678
3679 </sect2>
3680 <sect2 id="changelog-1-99-11"><title>Version 1.99.11 Prerelease</title>
3681 <para>
3682 This release is important because it is the first release which is accompanied by an Open Source Backend Development Kit, allowing external
3683 developers to write backends for PDNS. Furthermore, a few bugs have been fixed:
3684 </para>
3685 <para>
3686 <itemizedlist>
3687 <listitem>
3688 <para>
3689 Lines with only whitespace in zone files confused PDNS (thanks Henk Wevers)
3690 </para>
3691 </listitem>
3692 <listitem>
3693 <para>
3694 PDNS did not properly parse TTLs with symbolic sufixes in zone files, ie 2H instead of 7200 (thanks Henk Wevers)
3695 </para>
3696 </listitem>
3697 </itemizedlist>
3698 </para>
3699 </sect2>
3700 <sect2 id="changelog-1-99-10"><title>Version 1.99.10 Prerelease</title>
3701 <para>
3702 IMPORTANT: there has been a tiny license change involving free public webbased dns hosting, check out the changes before deploying!
3703 </para>
3704 <para>
3705 PDNS is now feature complete, or very nearly so. Besides adding features, a lot of 'fleshing out' work is done now. There is an important
3706 performance bug fix which may have lead to disappointing benchmarks - so if you saw any of that, please try either this version or 1.99.8 which
3707 also does not have the bug.
3708 </para>
3709 <para>
3710 This version has been very stable for us on multiple hosts, as was 1.99.9.
3711 </para>
3712 <para>
3713 PostgreSQL users should be aware that while 1.99.10 works with the schema as presented in earlier versions, advanced features
3714 such as master or slave support will not work unless you create the new 'domains' table as well.
3715 </para>
3716 <para>
3717 Bugs fixed:
3718 <itemizedlist>
3719 <listitem>
3720 <para>
3721 Wildcard AAAA queries sometimes received an NXDOMAIN error where they should have gotten an empty NO ERROR. Thanks to Jeroen Massar
3722 for spotting this on the .TK TLD!
3723 </para>
3724 </listitem>
3725 <listitem>
3726 <para>
3727 Do not disable the packetcache for 'recursion desired' packets unless a recursor was configured. Thanks to Greg Schueler for noticing this.
3728 </para>
3729 </listitem>
3730 <listitem>
3731 <para>
3732 A failing backend would not be reinstated. Thanks to 'Webspider' for discovering this problem with PostgreSQL connections that die after
3733 prolonged inactivity.
3734 </para>
3735 </listitem>
3736 <listitem>
3737 <para>
3738 Fixed loads of IPv6 transport problems. Thanks to Marco Davids and others for testing. Considered ready for production now.
3739 </para>
3740 </listitem>
3741
3742 <listitem>
3743 <para>
3744 <command>Zone2sql</command> printed a debugging statement on range $GENERATE commands. Thanks to Rene van Valkenburg for spotting this.
3745 </para>
3746 </listitem>
3747 </itemizedlist>
3748 </para>
3749 <para>
3750 Features:
3751 <itemizedlist>
3752 <listitem>
3753 <para>
3754 PDNS can now act as a master, sending out notifications in case of changes and allowing slaves to AXFR. Big rewording of replication support,
3755 domains are now either 'native', 'master' or 'slave'. See <xref linkend="replication"> for lots of details.
3756 </para>
3757 </listitem>
3758 <listitem>
3759 <para>
3760 <command>Zone2sql</command> in PostgreSQL mode now populates the 'domains' table for easy master, slave or native replication support.
3761 </para>
3762 </listitem>
3763 <listitem>
3764 <para>
3765 Ability to disable those annoying Windows DNS Dynamic Update messages from appearing in the log. See <function>log-failed-updates</function>
3766 in <xref linkend="all-settings">.
3767 </para>
3768 </listitem>
3769 <listitem>
3770 <para>
3771 Ability to run on IPv6 transport only
3772 </para>
3773 </listitem>
3774 <listitem>
3775 <para>
3776 Logging can now happen under a 'facility' so all PDNS messages appear in their own file. See <xref linkend="syslog">.
3777 </para>
3778 </listitem>
3779
3780 <listitem>
3781 <para>
3782 Different OS releases of PDNS now get different install path defaults. Thanks to Mark Lastdrager for nagging about this and to Nero Imhard and
3783 Frederique Rijsdijk for suggesting saner defaults.
3784 </para>
3785 </listitem>
3786 <listitem>
3787 <para>
3788 Infrastructure for 'also-notify' statements added.
3789 </para>
3790 </listitem>
3791
3792 </itemizedlist>
3793 </para>
3794 </sect2>
3795 <sect2 id="changelog-1-99-9"><title>Version 1.99.9 Early Access Prerelease</title>
3796 <para>
3797 This is again a feature and an infrastructure release. We are nearly feature complete and will soon start
3798 work on the backends to make sure that they are all master, slave and 'superslave' capable.
3799 </para>
3800 <para>
3801 Bugs fixed:
3802 <itemizedlist>
3803 <listitem>
3804 <para>
3805 PDNS sometimes sent out duplicate replies for packets passed to the recursing backend. Mostly a problem on SMP systems. Thanks to Mike Benoit
3806 for noticing this.
3807 </para>
3808 </listitem>
3809 <listitem>
3810 <para>
3811 Out-of-bailiwick CNAMES (ie, a CNAME to a domain not in PDNS) caused a 'ServFail' packet in 1.99.8, indicating failure, leading to hosts not
3812 resolving. Thanks to Martin Gillstrom for noticing this.
3813 </para>
3814 </listitem>
3815 <listitem>
3816 <para>
3817 Zone2sql balked at zones editted under operating sytems terminating files with ^Z (Windows). Thanks Brian Willcott for reporting this.
3818 </para>
3819 </listitem>
3820 <listitem>
3821 <para>
3822 PostgreSQL backend logged the password used to connect. Now only does so in case of failure to connect. Thanks to 'Webspider' for noticing this.
3823 </para>
3824 </listitem>
3825 <listitem>
3826 <para>
3827 Debian unstable distribution wrongly depended on home compiled PostgreSQL libraries. Thanks to Konrad Wojas for noticing this.
3828 </para>
3829 </listitem>
3830 </itemizedlist>
3831 </para>
3832 <para>
3833 Features:
3834 <itemizedlist>
3835 <listitem>
3836 <para>
3837 When operating as a slave, AAAA records are now supported in the zone. They were already supported in master zones.
3838 </para>
3839 </listitem>
3840 <listitem>
3841 <para>
3842 IPv6 transport support - PDNS can now listen on an IPv6 socket using the <command>local-ipv6</command> setting.
3843 </para>
3844 </listitem>
3845 <listitem>
3846 <para>
3847 Very silly randombackend added which appears in the documentation as a sample backend. See <xref linkend="backend-writers-guide">.
3848 </para>
3849 </listitem>
3850 <listitem>
3851 <para>
3852 When transferring a slave zone from a master, out of zone data is now rejected. Malicious operators might try to insert bad records otherwise.
3853 </para>
3854 </listitem>
3855 <listitem>
3856 <para>
3857 'Supermaster' support for automatic provisioning from masters. See <xref linkend="supermaster">.
3858 </para>
3859 </listitem>
3860 <listitem>
3861 <para>
3862 Recursing backend can now live on a non-standard (!=53) port. See <xref linkend="recursion">.
3863 </para>
3864 </listitem>
3865 <listitem>
3866 <para>
3867 Slave zone retrieval is now queued instead of immediate, which scales better and is more resilient to temporary failures.
3868 </para>
3869 </listitem>
3870 <listitem>
3871 <para>
3872 <command>max-queue-length</command> parameter. If this many packets are queued for database attention, consider the situation hopeless and
3873 respawn.
3874 </para>
3875 </listitem>
3876 </itemizedlist>
3877 </para>
3878 <para>
3879 Internal:
3880 <itemizedlist>
3881 <listitem>
3882 <para>
3883 SOA records are now 'special' and each backend can optionally generate them in special ways. PostgreSQL backend does so
3884 when operating as a slave.
3885 </para>
3886 </listitem>
3887 <listitem>
3888 <para>
3889 Writing backends is now a lot easier. See <xref linkend="backend-writers-guide">.
3890 </para>
3891 </listitem>
3892 <listitem>
3893 <para>
3894 Added Bindbackend to internal regression tests, confirming that it is compliant.
3895 </para>
3896 </listitem>
3897 </itemizedlist>
3898 </para>
3899 </sect2>
3900 <sect2 id="changelog-1-99-8"><title>Version 1.99.8 Early Access Prerelease</title>
3901 <para>
3902 A lot of infrastructure work gearing up to 2.0. Some stability bugs fixed and a lot of new features.
3903 </para>
3904 <para>
3905 Bugs fixed:
3906 <itemizedlist>
3907 <listitem>
3908 <para>
3909 Bindbackend was overly complex and crashed on some systems on startup. Simplified launch code.
3910 </para>
3911 </listitem>
3912 <listitem>
3913 <para>
3914 SOA fields were not always properly filled in, causing default values to go out on the wire
3915 </para>
3916 </listitem>
3917 <listitem>
3918 <para>
3919 Obscure bug triggered by malicious packets (we know who you are) in SOA finding code fixed.
3920 </para>
3921 </listitem>
3922 <listitem>
3923 <para>
3924 Magic serial number calculation contained a double free leading to instability.
3925 </para>
3926 </listitem>
3927 <listitem>
3928 <para>
3929 Standards violation, questions for domains for which PDNS was unauthoritative now get a SERVFAIL answer.
3930 Thanks to the IETF Namedroppers list for helping out with this.
3931 </para>
3932 </listitem>
3933 <listitem>
3934 <para>
3935 Slowly launching backends were being relaunched at a great rate when queries were coming in while launching backends.
3936 </para>
3937 </listitem>
3938 <listitem>
3939 <para>
3940 MySQL-on-unix-domain-socket on SMP systems was overwhelmed by the quick connection rate on launch, inserted a small 50ms delay.
3941 </para>
3942 </listitem>
3943 <listitem>
3944 <para>
3945 Some SMP problems appear to be compiler related. Shifted to GCC 3.0.4 for Linux.
3946 </para>
3947 </listitem>
3948 <listitem>
3949 <para>
3950 Ran ispell on documentation.
3951 </para>
3952 </listitem>
3953 </itemizedlist>
3954 </para>
3955 <para>
3956 Feature enhancements:
3957 <itemizedlist>
3958 <listitem>
3959 <para>
3960 Recursing backend. See <xref linkend="recursion">. Allows recursive and authoritative DNS on the same IP address.
3961 </para>
3962 </listitem>
3963 <listitem>
3964 <para>
3965 <link linkend="naptr">NAPTR support</link>, which is especially useful for the ENUM/E.164 community.
3966 </para>
3967 </listitem>
3968 <listitem>
3969 <para>
3970 Zone transfers can now be allowed per <link linkend="allow-axfr-ips">netmask instead of only per IP address</link>.
3971 </para>
3972 </listitem>
3973 <listitem>
3974 <para>
3975 Preliminary support for slave operation included. Only for the adventurous right now! See <xref linkend="slave">
3976 </para>
3977 </listitem>
3978 <listitem>
3979 <para>
3980 All record types now documented, see <xref linkend="types">.
3981 </para>
3982 </listitem>
3983 </itemizedlist>
3984 </para>
3985 <sect3><title>Known bugs</title>
3986 <para>
3987 Wildcard CNAMES do not work as they do with bind.
3988 </para>
3989 <para>
3990 Recursion sometimes sends out duplicate packets (fixed in 1.99.9 snapshots)
3991 </para>
3992 <para>
3993 Some stability issues which are caught by the guardian
3994 </para>
3995 </sect3>
3996 <sect3><title>Missing features</title>
3997 <para>
3998 Features present in this document, but disabled or withheld from the current release:
3999 <itemizedlist>
4000 <listitem>
4001 <para>
4002 gmysqlbackend, oraclebackend
4003 </para>
4004 </listitem>
4005 </itemizedlist>
4006
4007 </para>
4008 </sect3>
4009
4010 </sect2>
4011 <sect2 id="changelog-1-99-7"><title>Version 1.99.7 Early Access Prerelease</title>
4012 <para>
4013 Named.conf parsing got a lot of work and many more bind configurations can now be parsed. Furthermore, error reporting was improved.
4014 Stability is looking good.
4015 </para>
4016 <para>
4017 Bugs fixed:
4018 <itemizedlist>
4019 <listitem>
4020 <para>
4021 Bind parser got confused by filenames with underscores and colons.
4022 </para
4023 </listitem>
4024 <listitem>
4025 <para>
4026 Bind parser got confused by spaces in quoted names
4027 </para
4028 </listitem>
4029 <listitem>
4030 <para>
4031 FreeBSD version now stops and starts when instructed to do so.
4032 </para
4033 </listitem>
4034 <listitem>
4035 <para>
4036 Wildcards were off by default, which violates standards. Now on by default.
4037 </para
4038 </listitem>
4039 <listitem>
4040 <para>
4041 --oracle was broken in zone2sql
4042 </para
4043 </listitem>
4044 </itemizedlist>
4045 </para>
4046 <para>
4047 Feature enhancements:
4048 <itemizedlist>
4049 <listitem>
4050 <para>
4051 Line number counting goes on as it should when including files in named.conf
4052 </para>
4053 </listitem>
4054 <listitem>
4055 <para>
4056 Added --no-config to enable users to start the pdns daemon without parsing the configuration file.
4057 </para>
4058 </listitem>
4059 <listitem>
4060 <para>
4061 zone2sql now has --bare for unformatted output which can be used to generate insert statements for different database layouts
4062 </para>
4063 </listitem>
4064 <listitem>
4065 <para>
4066 zone2sql now has --gpgsql, which is an alias for --mysql, to output in a format useful for the default Generic PgSQL backend
4067 </para>
4068 </listitem>
4069 <listitem>
4070 <para>
4071 zone2sql is now documented.
4072 </para>
4073 </listitem>
4074 </itemizedlist>
4075 </para>
4076 <sect3><title>Known bugs</title>
4077 <para>
4078 Wildcard CNAMES do not work as they do with bind.
4079 </para>
4080 </sect3>
4081 <sect3><title>Missing features</title>
4082 <para>
4083 Features present in this document, but disabled or withheld from the current release:
4084 <itemizedlist>
4085 <listitem>
4086 <para>
4087 gmysqlbackend, oraclebackend
4088 </para>
4089 </listitem>
4090 </itemizedlist>
4091
4092 Some of these features will be present in newer releases.
4093 </para>
4094 </sect3>
4095
4096 </sect2>
4097 <sect2><title>Version 1.99.6 Early Access Prerelease</title>
4098 <para>
4099 This version is now running on dns-eu1.powerdns.net and working very well for us. But please remain cautious before
4100 deploying!
4101 </para>
4102 <para>
4103 Bugs fixed:
4104 <itemizedlist>
4105 <listitem>
4106 <para>
4107 Webserver neglected to show log messages
4108 </para
4109 </listitem>
4110 <listitem>
4111 <para>
4112 TCP question/answer miscounted multiple questions over one socket. Fixed misnaming of counter
4113 </para
4114 </listitem>
4115 <listitem>
4116 <para>
4117 Packetcache now detects clock skew and times out entries
4118 </para>
4119 </listitem>
4120 <listitem>
4121 <para>
4122 named.conf parser now reports errors with line number and offending token
4123 </para>
4124 </listitem>
4125 <listitem>
4126 <para>
4127 Filenames in named.conf can now contain :
4128 </para>
4129 </listitem>
4130 </itemizedlist>
4131 </para>
4132 <para>
4133 Feature enhancements:
4134 <itemizedlist>
4135 <listitem>
4136 <para>
4137 The webserver now by default does not print out configuration statements, which might contain database backends. Use
4138 <command>webserver-print-arguments</command> to restore the old behaviour.
4139 </para>
4140 </listitem>
4141 <listitem>
4142 <para>
4143 Generic PostgreSQL backend is now included. Still rather beta.
4144 </para>
4145 </listitem>
4146 </itemizedlist>
4147 </para>
4148 <sect3><title>Known bugs</title>
4149 <para>
4150 FreeBSD version does not stop when requested to do so.
4151 </para>
4152 <para>
4153 Wildcard CNAMES do not work as they do with bind.
4154 </para>
4155 </sect3>
4156 <sect3><title>Missing features</title>
4157 <para>
4158
4159 Features present in this document, but disabled or withheld from the current release:
4160 <itemizedlist>
4161 <listitem>
4162 <para>
4163 gmysqlbackend, oraclebackend
4164 </para>
4165 </listitem>
4166 </itemizedlist>
4167
4168 Some of these features will be present in newer releases.
4169 </para>
4170 </sect3>
4171
4172 </sect2>
4173 <sect2><title>Version 1.99.5 Early Access Prerelease</title>
4174 <para>
4175 The main focus of this release is stability and TCP improvements. This is the first release PowerDNS-the-company actually considers for running
4176 on its production servers!
4177 </para>
4178 <para>
4179 Major bugs fixed:
4180 <itemizedlist>
4181 <listitem>
4182 <para>
4183 Zone2sql received a floating point division by zero error on named.confs with less than 100 domains.
4184 </para
4185 </listitem>
4186 <listitem>
4187 <para>
4188 Huffman encoder failed without specific error on illegal characters in a domain
4189 </para
4190 </listitem>
4191 <listitem>
4192 <para>
4193 Fixed huge memory leaks in TCP code.
4194 </para>
4195 </listitem>
4196 <listitem>
4197 <para>
4198 Removed further file descriptor leaks in guardian respawning code
4199 </para>
4200 </listitem>
4201 <listitem>
4202 <para>
4203 Pipebackend was too chatty.
4204 </para>
4205 </listitem>
4206 <listitem>
4207 <para>
4208 pdns_server neglected to close fds 0, 1 &amp; 2 when daemonizing
4209 </para>
4210 </listitem>
4211 </itemizedlist>
4212 </para>
4213 <para>
4214 Feature enhancements:
4215 <itemizedlist>
4216 <listitem>
4217 <para>
4218 bindbackend can be instructed not to check the ctime of a zone by specifying <command>bind-check-interval=0</command>,
4219 which is also the new default.
4220 </para>
4221 </listitem>
4222 <listitem>
4223 <para>
4224 <command>pdns_server --list-modules</command> lists all available modules.
4225 </para>
4226 </listitem>
4227 </itemizedlist>
4228 </para>
4229 <para>
4230 Performance enhancements:
4231 <itemizedlist>
4232 <listitem>
4233 <para>
4234 TCP code now only creates a new database connection for AXFR.
4235 </para>
4236 </listitem>
4237 <listitem>
4238 <para>
4239 TCP connections timeout rather quickly now, leading to less load on the server.
4240 </para>
4241 </listitem>
4242 </itemizedlist>
4243 </para>
4244 <sect3><title>Known bugs</title>
4245 <para>
4246 FreeBSD version does not stop when requested to do so.
4247 </para>
4248 <para>
4249 Wildcard CNAMES do not work as they do with bind.
4250 </para>
4251 </sect3>
4252 <sect3><title>Missing features</title>
4253 <para>
4254
4255 Features present in this document, but disabled or withheld from the current release:
4256 <itemizedlist>
4257 <listitem>
4258 <para>
4259 gmysqlbackend, oraclebackend, gpgsqlbackend
4260 </para>
4261 </listitem>
4262 </itemizedlist>
4263
4264 Some of these features will be present in newer releases.
4265 </para>
4266 </sect3>
4267
4268 </sect2>
4269 <sect2><title>Version 1.99.4 Early Access Prerelease</title>
4270 <para>
4271 A lot of new named.confs can now be parsed, zone2sql &amp; bindbackend have gained features and stability.
4272 </para>
4273 <para>
4274 Major bugs fixed:
4275 <itemizedlist>
4276 <listitem>
4277 <para>
4278 Label compression was not always enabled, leading to large reply packets sometimes.
4279 </para
4280 </listitem>
4281 <listitem>
4282 <para>
4283 Database errors on TCP server lead to a nameserver reload by the guardian.
4284 </para
4285 </listitem>
4286 <listitem>
4287 <para>
4288 MySQL backend neglected to close its connection properly.
4289 </para>
4290 </listitem>
4291 <listitem>
4292 <para>
4293 BindParser miss parsed some IP addresses and netmasks.
4294 </para>
4295 </listitem>
4296 <listitem>
4297 <para>
4298 Truncated answers were also truncated on the packetcache, leading to truncated TCP answers.
4299 </para>
4300 </listitem>
4301 </itemizedlist>
4302 </para>
4303 <para>
4304 Feature enhancements:
4305 <itemizedlist>
4306 <listitem>
4307 <para>
4308 Zone2sql and the bindbackend now understand the Bind $GENERATE{} syntax.
4309 </para>
4310 </listitem>
4311 <listitem>
4312 <para>
4313 Zone2sql can optionally gloss over non-existing zones with <command>--on-error-resume-next</command>.
4314 </para>
4315 </listitem>
4316 <listitem>
4317 <para>
4318 Zone2sql and the bindbackend now properly expand @ also on the right hand side of records.
4319 </para>
4320 </listitem>
4321 <listitem>
4322 <para>
4323 Zone2sql now sets a default TTL.
4324 </para>
4325 </listitem>
4326 <listitem>
4327 <para>
4328 DNS UPDATEs and NOTIFYs are now logged properly and sent the right responses.
4329 </para>
4330 </listitem>
4331 </itemizedlist>
4332 </para>
4333 <para>
4334 Performance enhancements:
4335 <itemizedlist>
4336 <listitem>
4337 <para>
4338 'Fancy records' are no longer queried for on ANY queries - this is a big speedup.
4339 </para>
4340 </listitem>
4341 </itemizedlist>
4342 </para>
4343 <sect3><title>Known bugs</title>
4344 <para>
4345 FreeBSD version does not stop when requested to do so.
4346 </para>
4347 <para>
4348 Zone2sql refuses named.confs with less than 100 domains.
4349 </para>
4350 <para>
4351 Wildcard CNAMES do not work as they do with bind.
4352 </para>
4353 </sect3>
4354 <sect3><title>Missing features</title>
4355 <para>
4356
4357 Features present in this document, but disabled or withheld from the current release:
4358 <itemizedlist>
4359 <listitem>
4360 <para>
4361 gmysqlbackend, oraclebackend, gpgsqlbackend
4362 </para>
4363 </listitem>
4364 </itemizedlist>
4365
4366 Some of these features will be present in newer releases.
4367 </para>
4368 </sect3>
4369
4370 </sect2>
4371
4372 <sect2><title>Version 1.99.3 Early Access Prerelease</title>
4373 <para>
4374 The big news in this release is the BindBackend which is now capable of parsing many more named.conf Bind configurations.
4375 Furthermore, PDNS has successfully parsed very large named.confs with large numbers of small domains, as well as small numbers of
4376 large domains (TLD).
4377 </para>
4378 <para>
4379 Zone transfers are now also much improved.
4380 </para>
4381 <para>
4382 Major bugs fixed:
4383 <itemizedlist>
4384 <listitem>
4385 <para>
4386 zone2sql leaked file descriptors on each domain, used wrong Bison recursion leading to
4387 parser stack overflows. This limited the amount of domains that could be parsed to 1024.
4388 </para
4389 </listitem>
4390 <listitem>
4391 <para>
4392 zone2sql can now read all known zonefiles, with the exception of those containing $GENERATE
4393 </para
4394 </listitem>
4395 <listitem>
4396 <para>
4397 Guardian relaunching a child lost two file descriptors
4398 </para>
4399 </listitem>
4400 <listitem>
4401 <para>
4402 Don't die on a connection reset by peer during zone transfer.
4403 </para>
4404 </listitem>
4405 <listitem>
4406 <para>
4407 Webserver does not crash anymore on ringbuffer resize
4408 </para>
4409 </listitem>
4410 </itemizedlist>
4411 </para>
4412 <para>
4413 Feature enhancements:
4414 <itemizedlist>
4415 <listitem>
4416 <para>
4417 AXFR can now be disabled, and re-enabled per IP address
4418 </para>
4419 </listitem>
4420 <listitem>
4421 <para>
4422 --help accepts a parameter, will then show only help items with that prefix.
4423 </para>
4424 </listitem>
4425 <listitem>
4426 <para>
4427 zone2sql now accepts a --zone-name parameter
4428 </para>
4429 </listitem>
4430 <listitem>
4431 <para>
4432 BindBackend maturing - 9500 zones parsed in 3.5 seconds. No longer case sensitive.
4433 </para>
4434 </listitem>
4435 </itemizedlist>
4436 </para>
4437 <para>
4438 Performance enhancements:
4439 <itemizedlist>
4440 <listitem>
4441 <para>
4442 Implemented RFC-breaking AXFR format (which is the industry standard). Zone transfers now zoom along
4443 at wirespeed (many megabits/s).
4444 </para>
4445 </listitem>
4446 </itemizedlist>
4447 </para>
4448 <sect3><title>Known bugs</title>
4449 <para>
4450 FreeBSD version does not stop when requested to do so.
4451 </para>
4452 <para>
4453 BindBackend cannot parse zones with $GENERATE statements.
4454 </para>
4455 </sect3>
4456 <sect3><title>Missing features</title>
4457 <para>
4458
4459 Features present in this document, but disabled or withheld from the current release:
4460 <itemizedlist>
4461 <listitem>
4462 <para>
4463 gmysqlbackend, oraclebackend, gpgsqlbackend
4464 </para>
4465 </listitem>
4466 </itemizedlist>
4467
4468 Some of these features will be present in newer releases.
4469 </para>
4470 </sect3>
4471
4472 </sect2>
4473
4474 <sect2><title>Version 1.99.2 Early Access Prerelease</title>
4475 <para>
4476 Major bugs fixed:
4477 <itemizedlist>
4478 <listitem>
4479 <para>
4480 Database backend reload does not hang the daemon anymore
4481 </para>
4482 </listitem>
4483 <listitem>
4484 <para>
4485 Buffer overrun in local socket address initialisation may have caused binding problems
4486 </para>
4487 </listitem>
4488 <listitem>
4489 <para>
4490 setuid changed the uid to the gid of the selected user
4491 </para>
4492 </listitem>
4493 <listitem>
4494 <para>
4495 zone2sql doesn't coredump on invocation anymore. Fixed lots of small issues.
4496 </para>
4497 </listitem>
4498 <listitem>
4499 <para>
4500 Don't parse configuration file when creating configuration file. This was a problem with reinstalling.
4501 </para>
4502 </listitem>
4503 </itemizedlist>
4504 Performance improvements:
4505 <itemizedlist>
4506 <listitem>
4507 <para>
4508 removed a lot of unnecessary gettimeofday calls
4509 </para>
4510 </listitem>
4511 <listitem>
4512 <para>
4513 removed needless select(2) call in case of listening on only one address
4514 </para>
4515 </listitem>
4516 <listitem>
4517 <para>
4518 removed 3 useless syscalls in the fast path
4519 </para>
4520 </listitem>
4521 </itemizedlist>
4522 Having said that, more work may need to be done. Testing on a 486 saw packet rates in a simple setup
4523 (question/wait/answer/question..) improve from 200 queries/second to over 400.
4524 </para>
4525 <para>
4526 Usability improvements:
4527 <itemizedlist>
4528 <listitem>
4529 <para>
4530 Fixed error checking in init.d script (<command>show</command>, <command>mrtg</command>)
4531 </para>
4532 </listitem>
4533 <listitem>
4534 <para>
4535 Added 'uptime' to the mrtg output
4536 </para>
4537 </listitem>
4538 <listitem>
4539 <para>
4540 removed further GNUisms from installer and init.d scripts for use on FreeBSD
4541 </para>
4542 </listitem>
4543 <listitem>
4544 <para>
4545 Debian package and apt repository, thanks to Wichert Akkerman.
4546 </para>
4547 </listitem>
4548 <listitem>
4549 <para>
4550 FreeBSD /usr/ports, thanks to Peter van Dijk (in progress).
4551 </para>
4552 </listitem>
4553 </itemizedlist>
4554
4555
4556 </para>
4557 <para>
4558 Stability may be an issue as well as performance. This version has a tendency to log a bit too much which slows
4559 the nameserver down a lot.
4560 </para>
4561 <sect3><title>Known bugs</title>
4562 <para>
4563 Decreasing a ringbuffer on the website is a sure way to crash the daemon. Zone2sql, while improved, still
4564 has problems with a zone in the following format:
4565
4566 <programlisting>
4567name IN A 1.2.3.4
4568 IN A 1.2.3.5
4569 </programlisting>
4570
4571 To fix, add 'name' to the second line.
4572 </para>
4573 <para>
4574 Zone2sql does not close filedescriptors.
4575 <para>
4576
4577 <para>
4578 FreeBSD version does not stop when requested via the init.d script.
4579 <para>
4580
4581 </sect3>
4582 <sect3><title>Missing features</title>
4583 <para>
4584 Features present in this document, but disabled or withheld from the current release:
4585 <itemizedlist>
4586 <listitem>
4587 <para>
4588 gmysqlbackend, oraclebackend, gpgsqlbackend
4589 </para>
4590 </listitem>
4591 <listitem>
4592 <para>
4593 fully functioning bindbackend - will try to parse named.conf, but probably fail
4594 </para>
4595 </listitem>
4596 </itemizedlist>
4597
4598 Some of these features will be present in newer releases.
4599
4600
4601 </para>
4602 </sect3>
4603 </sect2>
4604 <sect2><title>Version 1.99.1 Early Access Prerelease</title>
4605 <para>
4606 This is the first public release of what is going to become PDNS 2.0. As such, it is not of production quality.
4607 Even PowerDNS-the-company does not run this yet.
4608 </para>
4609 <para>
4610 Stability may be an issue as well as performance. This version has a tendency to log a bit too much which slows
4611 the nameserver down a lot.
4612 </para>
4613 <sect3><title>Known bugs</title>
4614 <para>
4615 Decreasing a ringbuffer on the website is a sure way to crash the daemon. Zone2sql is very buggy.
4616 </para>
4617 </sect3>
4618 <sect3><title>Missing features</title>
4619 <para>
4620 Features present in this document, but disabled or withheld from the current release:
4621 <itemizedlist>
4622 <listitem>
4623 <para>
4624 gmysqlbackend, oraclebackend, gpgsqlbackend
4625 </para>
4626 </listitem>
4627 <listitem>
4628 <para>
4629 fully functioning bindbackend - will not parse configuration files
4630 </para>
4631 </listitem>
4632 </itemizedlist>
4633
4634 Some of these features will be present in newer releases.
4635
4636
4637 </para>
4638 </sect3>
4639 </sect2>
4640 </sect1>
20177d1d
BH		 4641 <sect1 id="security-policy"><title>Security</title>
4642 <para>
124ff80a 4643 As of the 25th of April 2006, no actual security problems with PowerDNS 2.9.18, Recursor 3.0.1, or later are known about. This page
20177d1d 4644 will be updated with all bugs which are deemed to be security problems, or could conceivably lead to those. Any such notifications
5a0f9e64
BH		 4645 will also be sent to all PowerDNS mailinglists.
4646 </para>
124ff80a
BH		 4647 <para>
4648 Version 3.0 of the PowerDNS recursor contains a denial of service bug which can be exploited remotely. This bug, which we believe to only lead to a crash,
4649 has been fixed in 3.0.1. There are no guarantees however, so an upgrade from 3.0 is highly recommended.
4650 </para>
5a0f9e64
BH		 4651 <para>
4652 All versions of PowerDNS before 2.9.18 contain the following two bugs, which only apply to installations running with the LDAP backend, or installations providing recursion
4653 to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised:
4654 <itemizedlist>
4655 <listitem>
4656 <para>
4657 The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved,
4658 but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)
4659 </para>
4660 </listitem>
4661 <listitem>
4662 <para>
4663 Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan.
4664 This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and
4665 not a denial of a domain's existence.
4666 </para>
4667 </listitem>
4668 </itemizedlist>
20177d1d
BH		 4669 </para>
4670 <para>
cdc01a90
BH		 4671 All versions of PowerDNS before 2.9.17 are known to suffer from remote denial of service problems which can disrupt operation. Please upgrade
4672 to 2.9.17 as this page will only contain detailed security information from 2.9.17 onwards.
20177d1d
BH		 4673 </para>
4674 <para>
4675 If you have a security problem to report, please email us at both <email>powerdns@powerdns.com</email> and at
4676 <email>ahu@ds9a.nl</email>. We adhere to the <ulink url="http://www.wiretrip.net/rfp/policy.html">Rain Forest Puppy
4677 Full Disclosure Policy (RFPolicy) v2.0</ulink> and we ask you to do the same.
4678 </para>
4679 <para>
4680 We remind PowerDNS users that under the terms of the GNU General Public License, PowerDNS comes with ABSOLUTELY NO WARRANTY.
4681 This license is included in the distribution and in this documentation, see <xref linkend="license">.
4682 </para>
4683 </sect1>
4684
12c86877
BH		 4685 <sect1 id="thanks-to"><title>Acknowledgements</title>
4686 <para>
4687 PowerDNS is grateful for the help of the following people or institutions:
4688 <itemizedlist>
4689 <listitem><para>Dave Aaldering</para></listitem>
4690 <listitem><para>Wichert Akkerman</para></listitem>
4691 <listitem><para>Antony Antony</para></listitem>
4692 <listitem><para>Mike Benoit (NetNation Communication Inc.)</para></listitem>
4693 <listitem><para>Peter van Dijk</para></listitem>
4694 <listitem><para>Koos van den Hout</para></listitem>
4695 <listitem><para>Andre Koopal</para></listitem>
4696 <listitem><para>Eric Veldhuyzen</para></listitem>
4697 <listitem><para>Paul Wouters</para></listitem>
4698 <listitem><para>Thomas Wouters</para></listitem>
4699 <listitem><para>IETF Namedroppers mailinglist</para></listitem>
4700 </itemizedlist>
4701 Thanks!
4702 </para>
4703 <para>
4704 (these people don't share the blame for any errors or mistakes in powerdns - those are all ours)
4705 </para>
4706 </Chapter>
4707
4708<Chapter id="installing-on-unix">
731f58b8
BH		 4709 <Title>Installing on Unix</Title>
4710 <para>
4711 You will typically install PDNS &gt; 2.9 via source or via a package. Earlier versions used a clumsy binary installer.
4712 </para>
12c86877
BH		 4713 <sect1 id="problems">
4714 <title>Possible problems at this point</title>
4715 <para>
4716 At this point some things may have gone wrong. Typical errors include:
4717 <variablelist>
4718 <varlistentry>
4719 <term><errortype>error while loading shared libraries: libstdc++.so.x: cannot open shared object file: No such file or directory</errortype></term>
4720 <listitem>
4721 <para>
4722 Errors looking like this indicate a mismatch between your PDNS distribution and your Unix operating system. Download the static PDNS
4723 distribution for your operating system and try again. Please contact <email>pdns@powerdns.com</email> if this is impractical.
4724 </para>
4725 </listitem>
4726 </varlistentry>
12c86877
BH		 4727 </variablelist>
4728 </para>
4729 </sect1>
4730
4731<Sect1 id="testing">
4732<Title>Testing your install</Title>
4733 <para>
4734 After installing, it is a good idea to test the basic functionality of the software before configuring database backends.
4735 For this purpose, PowerDNS contains the 'bindbackend' which has a domain built in example.com, which is
4736 officially reserved for testing.
4737
4738 To test, edit <filename>pdns.conf</filename> and add the following if not already present:
4739
4740 <screen>
4741 launch=bind
4742 bind-example-zones
4743 </screen>
4744
4745 This configures powerdns to 'launch' the bindbackend, and enable the example zones. To fire up PDNS in testing mode, execute:
4746 <command>/etc/init.d/pdns monitor</command>, where you may have to substitute the location of your SysV init.d location you
4747 specified earlier.
4748
4749 In monitor mode, the pdns process runs in the foreground and is very verbose, which is perfect for testing your install.
4750
4751 If everything went all right, you can query the example.com domain like this:
4752 <screen>
4753 <command>host www.example.com 127.0.0.1</command>
4754 </screen>
4755 www.example.com should now have IP address 1.2.3.4. The <command>host</command> command can usually be found in the dnsutils
4756 package of your operating system. Alternate command is: <command>dig www.example.com A @127.0.0.1</command> or even
4757 <command>nslookup www.example.com 127.0.0.1</command>, although nslookup is not advised for DNS diagnostics.
4758
4759 <itemizedlist>
4760 <listitem>
4761 <para>
4762 example.com SOA record
4763 </para>
4764 </listitem>
4765 <listitem>
4766 <para>
4767 example.com NS record pointing to ns1.example.com
4768 </para>
4769 </listitem>
4770 <listitem>
4771 <para>
4772 example.com NS record pointing to ns2.example.com
4773 </para>
4774 </listitem>
4775 <listitem>
4776 <para>
4777 example.com MX record pointing to mail.example.com
4778 </para>
4779 </listitem>
4780 <listitem>
4781 <para>
4782 example.com MX record pointing to mail1.example.com
4783 </para>
4784 </listitem>
4785 <listitem>
4786 <para>
4787 mail.example.com A record pointing to 4.3.2.1
4788 </para>
4789 </listitem>
4790 <listitem>
4791 <para>
4792 mail1.example.com A record pointing to 5.4.3.2
4793 </para>
4794 </listitem>
4795 <listitem>
4796 <para>
4797 ns1.example.com A record pointing to 4.3.2.1
4798 </para>
4799 </listitem>
4800 <listitem>
4801 <para>
4802 ns2.example.com A record pointing to 5.4.3.2
4803 </para>
4804 </listitem>
4805 <listitem>
4806 <para>
4807 host-0 to host-9999.example.com A record pointing to 2.3.4.5
4808 </para>
4809 </listitem>
4810
4811 </itemizedlist>
4812
4813 When satisfied that basic functionality is there, type <command>QUIT</command> to exit the monitor mode.
4814 The adventurous may also type <command>SHOW *</command> to see some internal statistics.
4815
4816 In case of problems, you will want to read the following section.
4817 </para>
4818
4819 <sect2>
4820 <title>Typical errors</title>
4821 <para>
4822 At this point some things may have gone wrong. Typical errors include:
4823 <variablelist>
4824 <varlistentry>
4825 <term><errortype>binding to UDP socket: Address already in use</errortype></term>
4826 <listitem>
4827 <para>
4828 This means that another nameserver is listening on port 53 already. You can resolve this problem
4829 by determining if it is safe to shutdown the nameserver already present, and doing so. If uncertain,
4830 it is also possible to run PDNS on another port. To do so, add <command>local-port=5300</command> to
4831 <filename>pdns.conf</filename>, and try again. This however implies that you can only test your nameserver
4832 as clients expect the nameserver to live on port 53.
4833 </para>
4834 </listitem>
4835 </varlistentry>
4836 <varlistentry>
4837 <term><errortype>binding to UDP socket: Permission denied</errortype></term>
4838 <listitem>
4839 <para>
4840 You must be superuser in order to be able to bind to port 53. If this is not a possibility,
4841 it is also possible to run PDNS on another port. To do so, add <command>local-port=5300</command> to
4842 <filename>pdns.conf</filename>, and try again. This however implies that you can only test your nameserver
4843 as clients expect the nameserver to live on port 53.
4844 </para>
4845 </listitem>
4846 </varlistentry>
4847 <varlistentry>
4848 <term><errortype>Unable to launch, no backends configured for querying</errortype></term>
4849 <listitem>
4850 <para>
4851 PDNS did not find the <command>launch=bind</command> instruction in pdns.conf.
4852 </para>
4853 </listitem>
4854 </varlistentry>
731f58b8
BH		 4855 <varlistentry>
4856 <term><errortype>Multiple IP addresses on your server, PDNS sending out answers on the wrong one</errortype></term>
4857 <term><errortype>Massive amounts of 'recvfrom gave error, ignoring: Connection refused'</errortype></term>
4858 <listitem>
4859 <para>
4860 If you have multiple IP addresses on the internet on one machine, UNIX often sends out answers over another interface
4861 than which the packet came in on. In such cases, use <command>local-address</command> to bind to specific IP addresses, which
4862 can be comma separated. The second error comes from remotes disregarding answers to questions it didn't ask to that IP address
4863 and sending back ICMP errors.
4864 </para>
4865 </listitem>
4866 </varlistentry>
12c86877
BH		 4867
4868 </variablelist>
4869 </para>
4870 </sect2>
4871</Sect1>
4872
4873 <sect1 id="pdns-on-unix">
4874 <Title>Running PDNS on unix</Title>
4875
4876 <Para>
4877 PDNS is normally controlled via a SysV-style init.d script, often located in <filename>/etc/init.d</filename> or
4878 <filename>/etc/rc.d/init.d</filename>. This script accepts the following commands:
4879 <variablelist>
4880 <varlistentry>
4881 <term>monitor</term>
4882 <listitem>
4883 <para>
4884 Monitor is a special way to view the daemon. It executes PDNS in the foreground with
4885 a lot of logging turned on, which helps in determining startup problems.
4886
4887 Besides running in the foreground, the raw PDNS control socket is made available. All external
4888 communication with the daemon is normally sent over this socket. While useful, the control console
4889 is not an officially supported feature. Commands which work are: <command>QUIT</command>, <command>SHOW *</command>,
4890 <command>SHOW varname</command>, <command>RPING</command>.
4891 </para>
4892 </listitem>
4893 </varlistentry>
4894 <varlistentry>
4895 <term>start</term>
4896 <listitem>
4897 <para>
4898 Start PDNS in the background. Launches the daemon but makes no special effort to determine success,
4899 as making database connections may take a while. Use <command>status</command> to query success. You
4900 can safely run <command>start</command> many times, it will not start additional PDNS instances.
4901 </para>
4902 </listitem>
4903 </varlistentry>
4904 <varlistentry>
4905 <term>restart</term>
4906 <listitem>
4907 <para>
4908 Restarts PDNS if it was running, starts it otherwise.
4909 </para>
4910 </listitem>
4911 </varlistentry>
4912 <varlistentry>
4913 <term>status</term>
4914 <listitem>
4915 <para>
4916 Query PDNS for status. This can be used to figure out if a launch was successful.
4917 The status found is prefixed by the PID of the main PDNS process.
4918 </para>
4919 </listitem>
4920 </varlistentry>
4921 <varlistentry>
4922 <term>stop</term>
4923 <listitem>
4924 <para>
4925 Requests that PDNS stop. Again, does not confirm success. Success can be ascertained with the <command>status</command> command.
4926 </para>
4927 </listitem>
4928 </varlistentry>
4929
4930 <varlistentry>
4931 <term>dump</term>
4932 <listitem>
4933 <para>
4934 Dumps a lot of statistics of a running PDNS daemon. It is also possible to single out specific variable by using
4935 the <command>show</command> command.
4936 </para>
4937 </listitem>
4938 </varlistentry>
4939
4940 <varlistentry>
4941 <term>show variable</term>
4942 <listitem>
4943 <para>
4944 Show a single statistic, as present in the output of the <command>dump</command>.
4945 </para>
4946 </listitem>
4947 </varlistentry>
4948
4949 <varlistentry>
4950 <term>mrtg</term>
4951 <listitem>
4952 <para>
4953 See the performance monitoring <xref linkend="monitoring">.
4954 </para>
4955 </listitem>
4956 </varlistentry>
4957
4958 </variablelist>
4959 </Para>
4960
4961 </sect1>
4962</Chapter>
4963
4964<Chapter id="windows">
4965 <Title>Installing on Microsoft Windows</Title>
4966 <para>
4967 <note>
4968 <para>
4969 PowerDNS support for Windows is, as of 1.99.12, very recent and therefore quite 'beta'. For reliability, we currently advise the use of
4970 the Unix versions. Furthermore there is no support for master or slave operation in the ODBC backend, which is the only one provided currently.
4971 This will be fixed soon.
4972 </para>
4973 </note>
4974 </para>
4975 <para>
4976 As of 1.99.12, PowerDNS supports Windows natively. PDNS can act as an NT service and works with any ODBC drivers you may have.
4977 </para>
4978 <para>
4979 To install PowerDNS for Windows you should check if your PC meets the following requirements:
4980 <itemizedlist>
4981 <listitem>
4982 <para>
4983 A PC running Microsoft NT (with a recent servicepack and at least mdac 2.5), 2000 or XP.
4984 </para>
4985 </listitem>
4986 <listitem>
4987 <para>An ODBC source containing valid zone information (an example MS Access database is supplied in the form of <filename>powerdns.mdb</filename>).
4988 </para>
4989 </listitem>
4990 </itemizedlist>
4991 </para>
4992
4993 <para>
4994 If your system meets these requirements, download the installer from <ulink url="http://www.powerdns.com/pdns/">http://www.powerdns.com/pdns/</ulink>.
4995 After downloading the file begin the installation procedure by starting <filename>powerdns-VERSION.exe</filename>.
4996
4997 </para>
4998
4999 <para>
5000 After installing the software you should create a valid ODBC source.
5001 To do this you have open the ODBC sources dialog: <filename>Start->Settings->Control Panel->Administrative Tools->Data Sources (ODBC)</filename>.
5002 </para>
5003
5004 <para>
cdc01a90
BH		 5005 We'll use the example zone database that is included in the installation to explain how to create a source.
5006 </para>
12c86877
BH		 5007
5008 <para>
cdc01a90
BH		 5009 When you are in the ODBC sources dialog you activate the <filename>System DSN</filename> tab.
5010 <note><para>It is important to create a System DSN instead of an User DNS, otherwise the ODBC backend cannot function.</para></note>
5011 </para>
5012
5013 <para>
5014 Press <filename>Add...</filename>, then you have to select a driver.
5015 </para>
5016
12c86877
BH		 5017 <para>
5018 Select <filename>Microsoft Access Driver (*.mdb)</filename>.
5019 </para>
5020
5021 <para>
5022 Use <filename>PowerDNS</filename> as the DSN name, you can leave the description empty.
5023 </para>
5024
5025 <para>
5026 Then press <filename>Select...</filename> to select the database (ie. <filename>C:\Program Files\PowerDNS\powerdns.mdb</filename>).
5027 </para>
5028
5029 <para>
5030 Press <function>Ok</function> and you should be done.
5031 </para>
cdc01a90 5032
12c86877
BH		 5033 <para>
5034 For more information, see <xref linkend="odbc">.
5035 </para>
cdc01a90
BH		 5036
5037 <sect1 id="windows-configuration">
5038 <title>Configuring PDNS on Microsoft Windows</title>
5039
5040 <para>
5041 You can specify program parameters in the <filename>pdns.conf</filename> file
5042 which should be located in pdns directory (ie. <filename>C:\Program Files\PowerDNS\</filename>).
5043 </para>
5044
5045 <para>
5046 To see a list of available parameters you can run <filename>pdns.exe --help</filename>.
5047 </para>
5048
5049 <note>
5050 <para>
5051 A default configuration file has been supplied with the installation.
5052 </para>
5053 </note>
5054
5055 </sect1>
12c86877
BH		 5056
5057 <sect1 id="running-on-windows">
5058 <title>Running PDNS on Microsoft Windows</title>
5059
5060 <para>
cdc01a90 5061 If you installed pdns on Windows NT, 2000 or XP you can run pdns as a service.
12c86877 5062 </para>
cdc01a90 5063
12c86877
BH		 5064 <para>
5065 This is how to do it:
5066 Go to services (<filename>Start->Settings->Control Panel->Administrative Tools->Services</filename>) and locate <filename>PDNS</filename> (you should have registered the program as a NT service during the installation).
5067 </para>
5068
5069 <para>
5070 Double-click on <filename>PDNS</filename> and push the start button. You should now see a progress bar that gets to the end and see the status change to 'Started'.
5071 </para>
5072
5073 <para>
5074 This is the same as starting pdns like this:
5075 <filename>pdns.exe --ntservice</filename>
5076 </para>
5077
5078 <para>
5079 If you haven't registered pdns as a service during the installation you can do so from the commandline by starting pdns like this:
5080 <filename>pdns.exe --register-service</filename>
5081 </para>
5082
5083 <para>
5084 You can run pdns as a standard console program by using a command prompt or <filename>Start->Run...</filename>
5085 This way you can specify command-line parameters (see the documentation for commandline options).
5086 </para>
5087
5088 <para>
5089 If you chose to add a PowerDNS menu to the start menu during the installation you can start pdns using the pdns shortcut in that menu.
5090 </para>
5091
5092 </sect1>
5093 </Chapter>
5094
5095 <Chapter id="configuring-db-connection">
5096 <title>Configure database connectivity</title>
5097 <para>
8d022964
BH		 5098 This chapter shows you how to configure the Generic MySQL backend, which we like a lot. But feel free to use any of the myriad
5099 other backends.
5100 This backend is called 'gmysql', and needs to be configured
12c86877
BH		 5101 in <filename>pdns.conf</filename>. Add the following lines, adjusted for your local setup:
5102
5103 <screen>
8d022964
BH		 5104 launch=gmysql
5105 gmysql-host=127.0.0.1
5106 gmysql-user=root
5107 gmysql-dbname=pdnstest
12c86877
BH		 5108 </screen>
5109
5110 Remove any earlier <command>launch</command> statements. Also remove the <command>bind-example-zones</command>
5111 statement as the <command>bind</command> module is no longer launched.
5112 </para>
5113 <para>
1d329048
BH		 5114 <warning>
5115 <para>
5116 Make sure that you can actually resolve the hostname of your database without accessing the database! It is advised to supply
5117 an IP address here to prevent chicken/egg problems!
5118 </para>
5119 </warning>
5120 <warning>
5121 <para>
8d022964
BH		 5122 Be very very sure that you configure the *g*mysql backend and not the mysql backend. See
5123 <xref linkend="generic-mypgsql-backends">. If you use the 'mysql' backend things will only appear to work.
1d329048
BH		 5124 </para>
5125 </warning>
12c86877
BH		 5126 </para>
5127 <para>
5128 Now start PDNS using the monitor command:
5129 <screen>
5130 # /etc/init.d/pdns monitor
5131 (...)
12c86877 5132 15:31:30 About to create 3 backend threads
8d022964
BH		 5133 15:31:30 [gMySQLbackend] Failed to connect to database: Error: Unknown database 'pdnstest'
5134 15:31:30 [gMySQLbackend] Failed to connect to database: Error: Unknown database 'pdnstest'
5135 15:31:30 [gMySQLbackend] Failed to connect to database: Error: Unknown database 'pdnstest'
12c86877
BH		 5136 </screen>
5137
5138 This is as to be expected - we did not yet add anything to MySQL for PDNS to read from. At this point you may also see
5139 other errors which indicate that PDNS either could not find your MySQL server or was unable to connect to it. Fix these
5140 before proceeding.
5141 </para>
5142 <para>
5143 General MySQL knowledge is assumed in this chapter, please do not interpret these commands as DBA advice!
5144 </para>
5145 <sect1 id="configuring-mysql"><title>Configuring MySQL</title>
5146 <para>
5147 Connect to MySQL as a user with sufficient privileges and issue the following commands:
5148 <screen>
8d022964
BH		 5149create table domains (
5150 id INT auto_increment,
5151 name VARCHAR(255) NOT NULL,
5152 master VARCHAR(20) DEFAULT NULL,
5153 last_check INT DEFAULT NULL,
5154 type VARCHAR(6) NOT NULL,
5155 notified_serial INT DEFAULT NULL,
5156 account VARCHAR(40) DEFAULT NULL,
5157 primary key (id)
5158)type=InnoDB;
5159
5160CREATE UNIQUE INDEX name_index ON domains(name);
5161
5162CREATE TABLE records (
5163 id INT auto_increment,
5164 domain_id INT DEFAULT NULL,
5165 name VARCHAR(255) DEFAULT NULL,
5166 type VARCHAR(6) DEFAULT NULL,
5167 content VARCHAR(255) DEFAULT NULL,
5168 ttl INT DEFAULT NULL,
5169 prio INT DEFAULT NULL,
5170 change_date INT DEFAULT NULL,
5171 primary key(id)
5172)type=InnoDB;
5173
5174CREATE INDEX rec_name_index ON records(name);
5175CREATE INDEX nametype_index ON records(name,type);
5176CREATE INDEX domain_id ON records(domain_id);
5177
5178create table supermasters (
5179 ip VARCHAR(25) NOT NULL,
5180 nameserver VARCHAR(255) NOT NULL,
5181 account VARCHAR(40) DEFAULT NULL
5182);
5183
5184GRANT SELECT ON supermasters TO pdns;
5185GRANT ALL ON domains TO pdns;
5186GRANT ALL ON records TO pdns;
12c86877
BH		 5187 </screen>
5188
5189 Now we have a database and an empty table. PDNS should now be able to launch in monitor mode and display no errors:
5190
5191 <screen>
5192 # /etc/init.d/pdns monitor
5193 (...)
5194 15:31:30 PowerDNS 1.99.0 (Mar 12 2002, 15:00:28) starting up
5195 15:31:30 About to create 3 backend threads
8d022964
BH		 5196 15:39:55 [gMySQLbackend] MySQL connection succeeded
5197 15:39:55 [gMySQLbackend] MySQL connection succeeded
5198 15:39:55 [gMySQLbackend] MySQL connection succeeded
12c86877
BH		 5199 </screen>
5200
5201 A sample query sent to the database should now return quickly without data:
5202 <screen>
5203 $ host www.test.com 127.0.0.1
5204 www.test.com A record currently not present at localhost
5205 </screen>
5206
5207 And indeed, the control console now shows:
5208 <screen>
5209 Mar 12 15:41:12 We're not authoritative for 'www.test.com', sending unauth normal response
5210 </screen>
5211
5212 Now we need to add some records to our database:
5213 <screen>
5214 # mysql pdnstest
8d022964 5215 mysql> INSERT INTO domains (name, type) values ('test.com', 'NATIVE');
12c86877
BH		 5216 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5217 VALUES (1,'test.com','localhost ahu@ds9a.nl 1','SOA',86400,NULL);
5218 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5219 VALUES (1,'test.com','dns-us1.powerdns.net','NS',86400,NULL);
5220 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5221 VALUES (1,'test.com','dns-eu1.powerdns.net','NS',86400,NULL);
5222 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5223 VALUES (1,'www.test.com','199.198.197.196','A',120,NULL);
5224 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5225 VALUES (1,'mail.test.com','195.194.193.192','A',120,NULL);
5226 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5227 VALUES (1,'localhost.test.com','127.0.0.1','A',120,NULL);
5228 INSERT INTO records (domain_id, name, content, type,ttl,prio)
5229 VALUES (1,'test.com','mail.test.com','MX',120,25);
5230 </screen>
5231
5232 If we now requery our database, <command>www.test.com</command> should be present:
5233 <screen>
5234 $ host www.test.com 127.0.0.1
5235 www.test.com A 199.198.197.196
5236
5237 $ host -v -t mx test.com 127.0.0.1
5238 Address: 127.0.0.1
5239 Aliases: localhost
5240
5241 Query about test.com for record types MX
5242 Trying test.com ...
5243 Query done, 1 answer, authoritative status: no error
5244 test.com 120 IN MX 25 mail.test.com
5245 Additional information:
5246 mail.test.com 120 IN A 195.194.193.192
5247 </screen>
5248
5249 To confirm what happened, issue the command <command>SHOW *</command> to the control console:
5250 <screen>
5251 % show *
5252 corrupt-packets=0,latency=0,packetcache-hit=2,packetcache-miss=5,packetcache-size=0,
5253 qsize-a=0,qsize-q=0,servfail-packets=0,tcp-answers=0,tcp-queries=0,
5254 timedout-packets=0,udp-answers=7,udp-queries=7,
5255 %
5256 </screen>
5257 The actual numbers will vary somewhat. Now enter <command>QUIT</command> and start PDNS as a regular daemon, and check launch status:
5258
5259 <screen>
5260 # /etc/init.d/pdns start
5261 pdns: started
5262 # /etc/init.d/pdns status
5263 pdns: 8239: Child running
5264 # /etc/init.d/pdns dump
5265 pdns: corrupt-packets=0,latency=0,packetcache-hit=0,packetcache-miss=0,
5266 packetcache-size=0,qsize-a=0,qsize-q=0,servfail-packets=0,tcp-answers=0,
5267 tcp-queries=0,timedout-packets=0,udp-answers=0,udp-queries=0,
5268 </screen>
5269
5270 You now have a working database driven nameserver! To convert other zones already present, use the <command>zone2sql</command>
5271 described in Appendix A.
5272 </para>
5273 <sect2><title>Common problems</title>
5274 <para>
5275 Most problems involve PDNS not being able to connect to the database.
5276 <variablelist>
5277 <varlistentry>
5278 <term><errortype> Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)</errortype></term>
5279 <listitem>
5280 <para>
5281 Your MySQL installation is probably defaulting to another location for its socket. Can be resolved
5282 by figuring out this location (often <filename>/var/run/mysqld.sock</filename>), and specifying it
8d022964 5283 in the configuration file with the <command>gmysql-socket</command> parameter.
12c86877
BH		 5284 </para>
5285 <para>
5286 Another solution is to not connect to the socket, but to 127.0.0.1, which can be achieved by specifying
8d022964 5287 <command>gmysql-host=127.0.0.1</command>.
12c86877
BH		 5288 </para>
5289 </listitem>
5290 </varlistentry>
5291 <varlistentry>
5292 <term><errortype>Host 'x.y.z.w' is not allowed to connect to this MySQL server</errortype></term>
5293 <listitem>
5294 <para>
5295 These errors are generic MySQL errors. Solve them by trying to connect to your MySQL database with the MySQL
5296 console utility <command>mysql</command> with the parameters specified to PDNS. Consult the MySQL documentation.
5297 </para>
5298 </listitem>
5299 </varlistentry>
5300 </variablelist>
5301 </sect2>
5302 </sect1>
5303 </chapter>
5304
5305 <Chapter id="pipebackend-dynamic-resolution">
5306 <title>Dynamic resolution using the PipeBackend</title>
5307 <para>
5308 Also included in the PDNS distribution is the PipeBackend. The PipeBackend is primarily meant for
5309 allowing rapid development of new backends without tight integration with PowerDNS. It allows
5310 end-users to write PDNS backends in any language. A perl sample is provided.
5311
5312 The PipeBackend is also very well suited for dynamic resolution of queries. Example applications include
5313 DNS based loadbalancing, geo-direction, DNS based failover with low TTLs.
5314 </para>
11a45617
BH		 5315 <para>
5316 The Pipe Backend also has a separate chapter in the backends appendix, see <xref linkend="pipebackend">.
5317 </para>
5318 <para>
5319 <note>
5320 <para>
5321 The Pipe Backend currently does not function under FreeBSD 4.x and 5.x, probably due to unfavorable interactions between
5322 its threading implementation and the fork system call.
5323 </para>
5324 <para>
5325 Interestingly, the Linux PowerDNS binary running under the Linuxulator on FreeBSD does work.
5326 </para>
5327 </note>
5328 </para>
12c86877
BH		 5329 <sect1 id="pipe-and-bind"><title>Deploying the PipeBackend with the BindBackend</title>
5330 <para>
5331 Included with the PDNS distribution is the example.pl backend which has knowledge of the example.com zone, just like
5332 the BindBackend. To install both, add the following to your <filename>pdns.conf</filename>:
5333 <screen>
5334 launch=pipe,bind
5335 bind-example-zones
5336 pipe-command=location/of/backend.pl
5337 </screen>
5338 Please adjust the <command>pipe-command</command> statement to the location of the unpacked PDNS distribution. If your backend is slow,
5339 raise <command>pipe-timeout</command> from its default of 2000ms.
5340
5341 Now launch PDNS in monitor mode, and perform some queries. Note the difference with the earlier experiment where only the
5342 BindBackend was loaded. The PipeBackend is launched first and thus gets queried first.
5343
5344 The sample backend.pl script knows about:
5345 <itemizedlist>
5346 <listitem>
5347 <para>
5348 webserver.example.com A records pointing to 1.2.3.4, 1.2.3.5, 1.2.3.6
5349 </para>
5350 </listitem>
5351 <listitem>
5352 <para>
5353 www.example.com CNAME pointing to webserver.example.com
5354 </para>
5355 </listitem>
5356 <listitem>
5357 <para>
5358 MBOXFW (mailbox forward) records pointing to powerdns@example.com.
5359 See the smtpredir documentation for information about MBOXFW.
5360 </para>
5361 </listitem>
5362 </itemizedlist>
5363
5364 For more information about how to write exciting backends with the PipeBackend, see Appendix A.
5365 </para>
5366 </sect1>
5367 </chapter>
5368
5369 <Chapter id="monitoring">
5370 <title>Logging &amp; Monitoring PDNS performance</title>
5371 <para>
5372 In a production environment, you will want to be able to monitor PDNS performance. For this purpose, currently
5373 two methods are available, the webserver and the init.d
5374<command>dump</command>, <command>show</command> and
5375 <command>mrtg</command>, commands. Furthermore, PDNS can perform a configurable amount of operational logging. This chapter
5376 also explains how to configure syslog for best results.
5377 </para>
5378 <sect1 id="webserver"><title>Webserver</title>
5379 <para>
5380 To launch the internal webserver, add a <command>webserver</command> statement to the pdns.conf. This
5381 will instruct the PDNS daemon to start a webserver on localhost at port 8081, without password protection.
5382 Only local users (on the same host) will be able to access the webserver by default.
5383
5384 The webserver lists a lot of information about the PDNS process, including frequent queries, frequently failing queries,
5385 lists of remote hosts sending queries, hosts sending corrupt queries etc. The webserver does not allow
5386 remote management of the daemon.
5387
5388 The following nameserver related configuration items are available:
5389 <variablelist>
5390 <varlistentry>
5391 <term>webserver</term>
5392 <listitem>
5393 <para>
5394 If set to anything but 'no', a webserver is launched.
5395 </para>
5396 </listitem>
5397 </varlistentry>
5398 <varlistentry>
5399 <term>webserver-address</term>
5400 <listitem>
5401 <para>
5402 Address to bind the webserver to. Defaults to 127.0.0.1, which implies that only the local computer
5403 is able to connect to the nameserver! To allow remote hosts to connect, change to 0.0.0.0 or the
5404 physical IP address of your nameserver.
5405 </para>
5406 </listitem>
5407 </varlistentry>
5408 <varlistentry>
5409 <term>webserver-password</term>
5410 <listitem>
5411 <para>
5412 If set, viewers will have to enter this plaintext password in order to gain access to the statistics.
5413 </para>
5414 </listitem>
5415 </varlistentry>
5416 <varlistentry>
5417 <term>webserver-port</term>
5418 <listitem>
5419 <para>
5420 Port to bind the webserver to. Defaults to 8081.
5421 </para>
5422 </listitem>
5423 </varlistentry>
5424
5425 </variablelist>
5426 </para>
5427 </sect1>
5428 <sect1 id="init-d-commands"><title>Via init.d commands</title>
5429 <para>
5430 As mentioned before, the init.d commands <command>dump</command>, <command>show</command> and
5431 <command>mrtg</command> fetch data from a running PDNS process. Especially <command>mrtg</command> is powerful -
5432 it outputs data in a format that is ready for processing by the MRTG graphing tool.
5433 </para>
5434 <para>
5435 MRTG can make insightful graphics on the performance of your nameserver, enabling the operator to easily spot trends.
5436 MRTG can be found on
5437 <ulink url="http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html">
5438 http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html
5439 </ulink>
5440 </para>
5441 <para>
5442 A sample mrtg.conf:
5443 <screen>
5444Interval: 5
5445WorkDir: /var/www/mrtg
5446WriteExpires: yes
5447Options[_]: growright,nopercent
5448XSize[_]: 600
5449
5450#---------------------------------------------------------------
5451
5452Target[udp-queries]: `/etc/init.d/pdns mrtg udp-queries udp-answers`
5453Options[udp-queries]: growright,nopercent,perminute
5454MaxBytes[udp-queries]: 600000
5455AbsMax[udp-queries]: 600000
5456Title[udp-queries]: Queries per minute
5457PageTop[udp-queries]: &lt;H2&gt;Queries per minute&lt;/H2&gt;
5458WithPeak[udp-queries]: ymwd
5459YLegend[udp-queries]: queries/minute
5460ShortLegend[udp-queries]: q/m
5461LegendI[udp-queries]: udp-questions
5462LegendO[udp-queries]: udp-answers
5463
5464
5465Target[perc-failed]: `/etc/init.d/pdns mrtg udp-queries udp-answers`
5466Options[perc-failed]: growright,dorelpercent,perminute
5467MaxBytes[perc-failed]: 600000
5468AbsMax[perc-failed]: 600000
5469Title[perc-failed]: Queries per minute, with percentage success
5470PageTop[perc-failed]: &lt;H2&gt;Queries per minute, with percentage success&lt;/H2&gt;
5471WithPeak[perc-failed]: ymwd
5472YLegend[perc-failed]: queries/minute
5473ShortLegend[perc-failed]: q/m
5474LegendI[perc-failed]: udp-questions
5475LegendO[perc-failed]: udp-answers
5476
5477
5478Target[packetcache-rate]: `/etc/init.d/pdns mrtg packetcache-hit udp-queries`
5479Options[packetcache-rate]: growright,dorelpercent,perminute
5480Title[packetcache-rate]: packetcache hitrate
5481MaxBytes[packetcache-rate]: 600000
5482AbsMax[packetcache-rate]: 600000
5483PageTop[packetcache-rate]: &lt;H2&gt;packetcache hitrate&lt;/H2&gt;
5484WithPeak[packetcache-rate]: ymwd
5485YLegend[packetcache-rate]: queries/minute
5486ShortLegend[packetcache-rate]: q/m
5487LegendO[packetcache-rate]: total
5488LegendI[packetcache-rate]: hit
5489
5490Target[packetcache-missrate]: `/etc/init.d/pdns mrtg packetcache-miss udp-queries`
5491Options[packetcache-missrate]: growright,dorelpercent,perminute
5492Title[packetcache-missrate]: packetcache MISSrate
5493MaxBytes[packetcache-missrate]: 600000
5494AbsMax[packetcache-missrate]: 600000
5495PageTop[packetcache-missrate]: &lt;H2&gt;packetcache MISSrate&lt;/H2&gt;
5496WithPeak[packetcache-missrate]: ymwd
5497YLegend[packetcache-missrate]: queries/minute
5498ShortLegend[packetcache-missrate]: q/m
5499LegendO[packetcache-missrate]: total
5500LegendI[packetcache-missrate]: MISS
5501
5502Target[latency]: `/etc/init.d/pdns mrtg latency`
5503Options[latency]: growright,nopercent,gauge
5504MaxBytes[latency]: 600000
5505AbsMax[latency]: 600000
5506Title[latency]: Query/answer latency
5507PageTop[latency]: &lt;H2&gt;Query/answer latency&lt;/H2&gt;
5508WithPeak[latency]: ymwd
5509YLegend[latency]: usec
5510ShortLegend[latency]: usec
5511LegendO[latency]: latency
5512LegendI[latency]: latency
5513
5514Target[recursing]: `/etc/init.d/pdns mrtg recursing-questions recursing-answers`
5515Options[recursing]: growright,nopercent,gauge
5516MaxBytes[recursing]: 600000
5517AbsMax[recursing]: 600000
5518Title[recursing]: Recursive questions/answers
5519PageTop[recursing]: &lt;H2&gt;Recursing questions/answers&lt;/H2&gt;
5520WithPeak[recursing]: ymwd
5521YLegend[recursing]: queries/minute
5522ShortLegend[recursing]: q/m
5523LegendO[recursing]: recursing-questions
5524LegendI[recursing]: recursing-answers
5525
5526 </screen>
5527 </para>
5528 <sect1 id="syslog"><title>Operational logging using syslog</title>
5529 <para>(<command>logging-facility</command> is available from 1.99.10 and onwards)</para>
5530 <para>
5531 This chapter assumes familiarity with syslog, the unix logging device. PDNS logs messages with different levels. The more urgent the
5532 message, the lower the 'priority'. By default, PDNS will only log messages with an urgency of 3 or lower, but this can be changed
5533 using the <command>loglevel</command> setting in the configuration file. Setting it to 0 will eliminate all logging, 9 will log
5534 everything.
5535 </para>
5536 <para>
5537 By default, logging is performed under the 'DAEMON' facility which is shared with lots of other programs. If you regard nameserving
5538 as important, you may want to have it under a dedicated facility so PDNS can log to its own files, and not clutter generic files.
5539 </para>
5540 <para>
5541 For this purpose, syslog knows about 'local' facilities, numbered from LOCAL0 to LOCAL7. To move PDNS logging to LOCAL0, add
5542 <command>logging-facility=0</command> to your configuration.
5543 </para>
5544 <para>
5545 Furthermore, you may want to have separate files for the differing prioties - preventing lower priority messages from obscuring
5546 important ones.
5547 </para>
5548 <para>
5549 A sample syslog.conf might be:
5550 <programlisting>
5551local0.info -/var/log/pdns.info
5552local0.warn -/var/log/pdns.warn
5553local0.err /var/log/pdns.err
5554 </programlisting>
5555 </para>
5556 <para>
5557 Where local0.err would store the really important messages. For performance and diskspace reasons, it is advised
5558 to audit your syslog.conf for statements also logging PDNS activities. Many syslog.confs have a '*.*' statement to
5559 /var/log/syslog, which you may want to remove.
5560 </para>
5561 <para>
5562 For performance reasons, be especially certain that no large amounts of synchronous logging take place. Under Linux, this
5563 is indicated by filenames not starting with a '-' - indicating a synchronous log, which hurts performance.
5564 </para>
e6efd540
BH		 5565 <para>
5566 Be aware that syslog by default logs messages at the configured priority and higher! To log only info messages, use
5567 <command>local0.=info</command>.
5568 </para>
12c86877
BH		 5569 </sect1>
5570 </chapter>
5571 <chapter id="security"><title>Security settings &amp; considerations</title>
5572 <sect1 id="settings"><title>Settings</title>
5573 <para>PDNS has several options to easily allow it to run more securely. Most notable are the <command>chroot</command>,
5574 <command>setuid</command> and <command>setgid</command> options which can be specified.</para>
5575
5576 <sect2><title>Running as a less privileged identity</title>
5577 <para>
5578 By specifying <command>setuid</command> and <command>setgid</command>, PDNS changes to this identity shortly after
5579 binding to the privileged DNS ports. These options are highly recommended. It is suggested that a separate identity
5580 is created for PDNS as the user 'nobody' is in fact quite powerful on most systems.
5581 </para>
5582
5583 <para>
5584 Both these parameters can be specified either numerically or as real names.
5585 You should set these parameters immediately if they are not set!
5586 </para>
5587 <sect2><title>Jailing the process in a chroot</title>
5588 <para>
5589 The <command>chroot</command> option secures PDNS to its own directory so that even if it should become compromised and
5590 under control of external influences, it will have a hard time affecting the rest of the system.
5591 </para>
5592 <para>
5593 Even though this will hamper hackers a lot, chroot jails have been known to be broken.
5594 </para>
5595 <para>
eefd15f9
BH		 5596 <warning>
5597 <para>
5598 When chrooting PDNS, take care that backends will be able to get to their files. Many databases need access to a UNIX
5599 domain socket which should live within the chroot. It is often possible to hardlink such a socket into the chroot dir.
5600 </para>
5601 <para>
5602 When running with master or slave support, be aware that many operating systems need access to specific libraries
5603 (ofen <filename>/lib/libnss*</filename>) in order to support resolution of domain names! You can also hardlink these.
5604 </para>
5605 </warning>
12c86877
BH		 5606 </para><para>
5607 The default PDNS configuration is best chrooted to <filename>./</filename>, which boils down to the configured location
5608 of the controlsocket.
5609 </para><para>
5610 This is achieved by adding the following to pdns.conf: <command>chroot=./</command>, and restarting PDNS.
5611 </para>
5612 </sect2>
5613 </sect1>
5614 <sect1 id="considerations"><title>Considerations</title>
5615 <para>
5616 In general, make sure that the PDNS process is unable to execute commands on your backend database.
5617 Most database backends will only need SELECT privilege. Take care to not connect to your database as the 'root'
5618 or 'sa' user, and configure the chosen user to have very slight privileges.
5619 </para>
5620 <para>
5621 Databases empathic-ally do not need to run on the same machine that runs PDNS! In fact, in benchmarks
5622 it has been discovered that having a separate database machine actually improves performance.
5623 </para>
5624 <para>
5625 Separation will enhance your database security highly. Recommended.
5626 </para>
5627 </sect1>
5628 </chapter>
5629
5630 <chapter id="virtual"><title>Virtual hosting</title>
5631 <para>
5632 It may be advantageous to run multiple separate PDNS installations on a single host, for example to make sure
5633 that different customers cannot affect each others zones. PDNS fully supports running multiple instances on one host.
5634 </para>
5635 <para>
5636 To generate additional PDNS instances, copy the init.d script <filename>pdns</filename> to <filename>pdns-name</filename>,
5637 where <filename>name</filename> is the name of your virtual configuration. Must not contain a - as this will confuse the
5638 script.
5639 </para>
5640 <para>
5641 When you launch PDNS via this renamed script, it will seek configuration instructions not in <filename>pdns.conf</filename>
5642 but in <filename>pdns-name.conf</filename>, allowing for separate specification of parameters.
5643 </para>
5644 <para>
5645 Be aware however that the init.d <command>force-stop</command> will kill all PDNS instances!
5646 </para>
5647 </chapter>
5648
7da81ec4
BH		 5649 <chapter id="performance"><title>Performance</title>
5650 <sect1><title>General advice</title>
5651 <para>
5652 In general, best performance is achieved on recent Linux 2.6 kernels and using MySQL, although many of the largest PowerDNS
5653 installations are based on PostgreSQL. FreeBSD appears to achieve lower packet rates both for the PowerDNS recursor as for the
5654 authoritative nameserver, this is still being investigated. No comparative measurements have been done for Solaris installations.
5655 </para>
5656 <para>
5657 On Linux, make sure to read <xref linkend="nptl">.
5658 </para>
5659 <para>
5660 Database servers can require configuration to achieve decent performance. It is especially worth noting that
5661 several vendors ship PostgreSQL with a slow default configuration.
5662 </para>
5663 </sect1>
5664 <sect1 id="nptl">
5665 <title>Native Posix Thread Library vs LinuxThreads</title>
5666 <para>
5667 To get the best performance under Linux, especially on SMP
5668 systems, the use of NPTL is advised. The difference in
5669 performance can be over a factor of ten in some circumstances.
5670 </para>
5671 <para>
5672 NPTL is the default library on modern Linux distributions, so
5673 there is generally not a problem, except if you use a
5674 statically compiled version that, for portability reasons,
5675 defaults to LinuxThreads. This includes all .deb's and .rpm's
5676 provided by us up to and including 2.9.18.
5677 </para>
5678 <para>
5679 When running a PowerDNS-provided static binary of 2.9.18 or
5680 lower, it may make sense to recompile, or to upgrade to a
5681 newer version, if available. When recompiling, be sure to use
5682 a supported compiler, like g++ &gt;3.2. You might also consider
5683 moving to a distribution supplied version.
5684 </para>
5685 <para>
5686 A good indication that your installation might benefit from
5687 such an upgrade is to watch the 'cs' count in the output of
5688 vmstat 1. If this is very high (&gt; 10000), you are suffering
5689 from a LinuxThreads performance problem called 'overspin'.
5690 </para>
5691 <para>
5692 Thanks are due to L. Bunt Jackson who noted the static
5693 compilation problem in an article in Dr. Dobb's Journal.
5694 </para>
5695 </sect1>
5696 <sect1 id="performance-settings">
5697 <title>Performance related settings</title>
12c86877
BH		 5698 <para>
5699 Different backends will have different characteristics - some will want to have more parallel
5700 instances than others. In general, if your backend is latency bound, like most relational databases are,
5701 it pays to open more backends.
5702 </para>
5703 <para>
5704 This is done with the <command>distributor-threads</command> setting. Of special importance is the choice between 1
5705 or more backends. In case of only 1 thread, PDNS reverts to unthreaded operation which may be a lot faster, depending
5706 on your operating system and architecture.
5707 </para>
5708 <para>
5709 Another very important setting <command>cache-ttl</command>. PDNS caches entire packets it sends out so as to save the
5710 time to query backends to assemble all data. The default setting of 10 seconds may be low for high traffic sites, a value of
5711 60 seconds rarely leads to problems.
5712 </para>
5713 <para>
5714 Some PDNS operators set cache-ttl to many hours or even days, and use <command>pdns_control purge</command> to selectively
5715 or globally notify PDNS of changes made in the backend. Also look at the Query Cache described in this chapter. It may
5716 materially improve your performance.
5717 </para>
5718 <para>
5719 To determine if PDNS is unable to keep up with packets, determine the value of the <command>qsize-q</command> variable.
5720 This represents the number of packets waiting for database attention. During normal operations the queue should be small.
5721 </para>
5722 <para>
5723 If it is known that backends will not contain CNAME records, the <command>skip-cname</command> setting can be used to prevent
5724 the normally mandatory CNAME lookup that is needed at least once for each DNS query.
5725 </para>
5726
5727 <para>
5728 Much the same holds for the <command>wildcards</command> setting. On by default, each non-existent query will lead to a number of additional
5729 wildcard queries. If it is known that the backends do not contain wildcard records, performance can be improved by adding <command>wildcards=no</command>
5730 to <filename>pdns.conf</filename>.
5731 </para>
5732 <para>
5733 Logging truly kills performance as answering a question from the cache is an order of magnitude less work than logging a
5734 line about it. Busy sites will prefer to turn <command>log-dns-details</command> and <command>log-failed-updates</command>
5735 off.
5736 </para>
7da81ec4 5737 <sect2 id="packetcache"><title>Packet Cache</title>
12c86877
BH		 5738 <para>
5739 PDNS by default uses the 'Packet Cache' to recognise identical questions and supply them with identical answers, without any further
5740 processing. The default time to live is 10 seconds. It has been observed that the utility of the packet cache increases with the load on
5741 your nameserver.
5742 </para>
5743 <para>
5744 Not all backends may benefit from the packetcache. If your backend is memory based and does not lead to context switches, the packetcache
5745 may actually hurt performance.
5746 </para>
5747 <para>
5748 The size of the packetcache can be observed with <command>/etc/init.d/pdns show packetcache-size</command>
5749 </para>
5750 </sect1>
5751 <sect1 id="querycache"><title>Query Cache</title>
5752 <para>
5753 Besides entire packets, PDNS can also cache individual backend queries. Each DNS query leads to a number of backend queries,
5754 the most obvious additional backend query is the check for a possible CNAME. So, when a query comes in for the 'A' record for
5755 'www.powerdns.com', PDNS must first check for a CNAME for 'www.powerdns.com'.
5756 </para>
5757 <para>
5758 The Query Cache caches these backend queries, many of which are quite repetitive. PDNS only caches queries with no answer,
5759 or with exactly one. In the future this may be expanded but this lightweight solution is very simple and therefore fast.
5760 </para>
5761 <para>
5762 Most gain is made from caching negative entries, ie, queries that have no answer. As these take little memory to store and
5763 are typically not a real problem in terms of speed-of-propagation, the default TTL for negative queries is a rather high 60 seconds.
5764 </para>
5765 <para>
5766 This only is a problem when first doing a query for a record, adding it, and immediately doing a query for that record again. It may
5767 then take up to 60 seconds to appear. Changes to existing records however do not fall under the negative query ttl (
5768 <command>negquery-cache-ttl</command>), but under the generic <command>query-ttl</command> which defaults to 20 seconds.
5769 </para>
5770 <para>
5771 The default values should work fine for many sites. When tuning, keep in mind that the Query Cache mostly saves database access
5772 but that the Packet Cache also saves a lot of CPU because 0 internal processing is done when answering a question from the
5773 Packet Cache.
5774 </para>
5775 </sect1>
5776 </chapter>
5777 <chapter id="migration"><title>Migrating to PDNS</title>
5778 <para>
5779 Before migrating to PDNS a few things should be considered.
5780 <variablelist>
12c86877 5781 <varlistentry>
728485ca 5782 <term>PDNS does not operate as a 'slave' or 'master' server with all backends</term>
12c86877
BH		 5783 <listitem>
5784 <para>
2deee4d2 5785 Only the Generic SQL and BIND backends have the ability to act as master or slave.
12c86877
BH		 5786 </para>
5787 </listitem>
5788 </varlistentry>
5789 </variablelist>
5790 To migrate, the <command>zone2sql</command> tool is provided.
5791 </para>
5792 <sect1 id="zone2sql"><title>Zone2sql</title>
5793 <para>
5794 Zone2sql parses Bind named.conf files and zonefiles and outputs SQL
5795 on standard out, which can then be fed to your database.
5796 </para>
5797 <para>
5798 Zone2sql understands the Bind master file extension '$GENERATE' and will also honour '$ORIGIN' and '$TTL'.
5799 </para>
5800 <para>
288f4aa9
BH		 5801 For backends supporting slave operation (currently only the Generic PostgreSQL, Generic MySQL and BIND backend), there is also an option to
5802 keep slave zones as slaves, and not convert them to native operation.
12c86877
BH		 5803 </para>
5804 <para>
288f4aa9
BH		 5805 By default, zone2sql outputs code suitable for the mysqlbackend, but it can also generate SQL for the Generic PostgreSQL, Generic MySQL and
5806 Oracle backends.
12c86877
BH		 5807 The following commands are available:
5808 </para>
5809
5810 <para>
5811 <variablelist>
5812 <varlistentry>
5813 <term>--bare</term>
5814 <listitem>
5815 <para>
5816 Output in a bare format, suitable for further parsing. The output is formatted as follows:
5817 <screen>
5818 domain_id&lt;TAB&gt;'qname'&lt;TAB&gt;'qtype'&lt;TAB&gt;'content'&lt;TAB&gt;prio&lt;TAB&gt;ttl
5819 </screen>
5820 </para>
5821 </listitem>
5822 </varlistentry>
5823 <varlistentry>
5824 <term>--gmysql</term>
5825 <listitem>
5826 <para>
5827 Output in format suitable for the default configuration of the Generic MySQL backend.
5828 </para>
5829 </listitem>
5830 </varlistentry>
5831 <varlistentry>
5832 <term>--gpgsql</term>
5833 <listitem>
5834 <para>
5835 Output in format suitable for the default configuration of the Generic PostgreSQL backend.
5836 </para>
5837 </listitem>
5838 </varlistentry>
5839 <varlistentry>
5840 <term>--help</term>
5841 <listitem>
5842 <para>
5843 List options.
5844 </para>
5845 </listitem>
5846 </varlistentry>
5847 <varlistentry>
5848 <term>--mysql</term>
5849 <listitem>
5850 <para>
5851 Output in format suitable for the default configuration of the MySQL backend. Default.
5852 </para>
5853 </listitem>
5854 </varlistentry>
5855 <varlistentry>
5856 <term>--named-conf=...</term>
5857 <listitem>
5858 <para>
5859 Parse this named.conf to find locations of zones.
5860 </para>
5861 </listitem>
5862 </varlistentry>
5863 <varlistentry>
5864 <term>--on-error-resume-next</term>
5865 <listitem>
5866 <para>
5867 Ignore missing files during parsing. Dangerous.
5868 </para>
5869 </listitem>
5870 </varlistentry>
5871 <varlistentry>
5872 <term>--oracle</term>
5873 <listitem>
5874 <para>
5875 Output in format suitable for the default configuration of the Generic Oracle backend.
5876 </para>
5877 </listitem>
5878 </varlistentry>
5879 <varlistentry>
5880 <term>--slave</term>
5881 <listitem>
5882 <para>
5883 Maintain slave status of zones listed in named.conf as being slaves. The default behaviour is to convert all zones
5884 to native operation.
5885 </para>
5886 </listitem>
5887 </varlistentry>
5888 <varlistentry>
5889 <term>--startid</term>
5890 <listitem>
5891 <para>
5892 Supply a value for the first domain_id generated. Defaults at 0.
5893 </para>
5894 </listitem>
5895 </varlistentry>
5896 <varlistentry>
5897 <term>--transactions</term>
5898 <listitem>
5899 <para>
5900 For Oracle and PostgreSQL output, wrap each domain in a transaction for higher speed and integrity.
5901 </para>
5902 </listitem>
5903 </varlistentry>
5904 <varlistentry>
5905 <term>--verbose</term>
5906 <listitem>
5907 <para>
5908 Be verbose during conversion.
5909 </para>
5910 </listitem>
5911 </varlistentry>
5912 <varlistentry>
5913 <term>--zone=...</term>
5914 <listitem>
5915 <para>
5916 Parse only this zone file. Conflicts with <command>--named-conf</command> parameter.
5917 </para>
5918 </listitem>
5919 </varlistentry>
5920 <varlistentry>
5921 <term>--zone-name=...</term>
5922 <listitem>
5923 <para>
5924 When parsing a single zone without $ORIGIN statement, set this as the zone name.
5925 </para>
5926 </listitem>
5927 </varlistentry>
5928 </variablelist>
5929 </para>
5930 </sect1>
5931 </chapter>
5932
5933 <chapter id="recursion"><title>Recursion</title>
b636533b
BH		 5934 <para>(only available from 1.99.8 and onwards, recursing component available since 2.9.5)</para>
5935 <para>
5936 From 2.9.5 onwards, PowerDNS offers both authoritative nameserving capabilities and a recursive nameserver component. These two halves
5937 are normally separate but many users insist on combining both recursion and authoritative service on one IP address. This can be likened
5938 to running Apache and Squid both on port 80.
5939 </para>
12c86877 5940 <para>
b636533b
BH		 5941 However, many sites want to do this anyhow and some with good reason. For example, a setup like this allows the creation of fake domains
5942 which only exist for local users. Such domains often don't end on ".com" or ".org" but on ".intern" or ".name-of-isp".
12c86877
BH		 5943 </para>
5944 <para>
b636533b 5945 PowerDNS can cooperate with either its own recursor or any other you have available to deliver recursive service on its port.
12c86877
BH		 5946 </para>
5947 <para>
5948 By specifying the <command>recursor</command> option in the configuration file, questions requiring recursive treatment will be handed over
5949 to the IP address specified. An example configuration might be <command>recursor=130.161.180.1</command>, which designates 130.161.180.1 as
5950 the nameserver to handle recursive queries.
5951 </para>
5952 <para>
b636533b
BH		 5953 As of 2.9.5, the recursing component of PowerDNS is a bit young and relatively untested but we hope people will want to use it anyhow. As an alternative,
5954 we highly advise the use of the DJBDNS dnscache (<ULINK URL="http://cr.yp.to/djbdns/dnscache.html" TYPE="alternate">http://cr.yp.to/djbdns/dnscache.html</ULINK>).
12c86877
BH		 5955 </para>
5956 <para>
5957 Take care not to point <command>recursor</command> to PDNS, which leads to a very tight packet loop!
5958 </para>
5959 <para>
5960 By specifying <command>allow-recursion</command>, recursion can be restricted to netmasks specified. The default is to allow
5961 recursion from everywhere. Example: <command>allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4</command>.
5962 </para>
5963 <sect1 id="recursion-details"><title>Details</title>
5964 <para>
5965 Questions carry a number of flags. One of these is called 'Recursion Desired'. If PDNS is configured to allow recursion, AND such a flag
b636533b 5966 is seen, AND the IP address of the client is allowed to recurse via PDNS, then the packet may be handed to the recursing backend.
12c86877
BH		 5967 </para>
5968 <para>
b636533b 5969 If a Recursion Desired packet arrives and PDNS is configured to allow recursion, but not to the IP address of the client, resolution will proceed
12c86877
BH		 5970 as if the RD flag were unset and the answer will indicate that recursion was not available.
5971 </para>
12c86877
BH		 5972 <para>
5973 It is also possible to use a resolver living on a different port. To do so, specify a recursor like this:
5974 <command>recursor=130.161.180.1:5300</command>.
5975 </para>
5976 <para>
5977 If the backend does not answer a question within a large amount of time, this is logged as 'Recursive query for remote 10.96.0.2 with internal id 0
b636533b
BH		 5978 was not answered by backend within timeout, reusing id'. This may happen when using 'BIND' as a recursor as it is prone to drop queries which it can't
5979 answer immediately.
12c86877
BH		 5980 </para>
5981 <para>
b636533b 5982 To make sure that the local authoritative database overrides recursive information, PowerDNS first tries to answer a question from its own database.
eefd15f9
BH		 5983 If that succeeds, the answer packet is sent back immediately without involving the recursor in any way. This means that for questions for which there is no answer, PowerDNS will consult the recursor for an recursive query, even if PowerDNS is authoritative for a domain! This will only cause problems if you 'fake' domains which don't really exist.
5984 </para>
5985 <para>
5986 If you want to create such fake domains or override existing domains, please set the <command>allow-recursion-override</command> feature (available as of 2.9.14).
12c86877
BH		 5987 </para>
5988 <para>
b636533b
BH		 5989 Some packets, like those asking for MX records which are needed for SMTP transport of email, can be subject to 'additional processing'. This means
5990 that a recursing nameserver is obliged to try to add A records (IP addresses) for any of the mailservers mentioned in the packet, should it have
5991 these addresses available.
12c86877
BH		 5992 </para>
5993 <para>
b636533b
BH		 5994 If PowerDNS encounters records needing such processing and finds that it does not have the data in its authoritative database, it will send
5995 an opportunistic quick query to the recursing component to see if it perhaps has such data. This question is worded such that the recursing nameserver
5996 should return immediately such as not to block the authoritative nameserver.
12c86877
BH		 5997 </para>
5998 <para>
b636533b
BH		 5999 This marks a change from pre-2.9.5 behaviour where a packet was handed wholesale to the recursor in case it needed additional processing which could
6000 not proceed from the authoritative database.
12c86877
BH		 6001 </para>
6002 </sect1>
c75a6a9e
BH		 6003 </chapter>
6004 <chapter id="built-in-recursor"><title>PowerDNS resolver/recursing nameserver</title>
6005 <para>
ddac32fb
BH		 6006 The PowerDNS recursor is part of the source tarball of the main PowerDNS distribution, but it is released separately. Starting from
6007 the version 3.0 pre-releases, there are zero known bugs or issues with the recursor. It is known to power the resolving needs of over 2 million
6008 internet connections.
c75a6a9e
BH		 6009 </para>
6010 <para>
ddac32fb 6011 The documentation below is only for the 3.0 series, users of older versions are urged to upgrade!
c75a6a9e 6012 </para>
c75a6a9e 6013 <para>
ddac32fb 6014 Notable features:
c75a6a9e
BH		 6015 <itemizedlist>
6016 <listitem><para>
6017 Uses MTasker (<ulink url="http://ds9a.nl/mtasker">homepage</ulink>)
6018 </para></listitem>
6019 <listitem><para>
ddac32fb
BH		 6020 Can handle thousands of concurrent questions. A dual Xeon 3GHz has been measured functioning very well at 9000 real life replayed
6021 packets per second, with 40% cpu idle. More testing equipment is needed to max out the recursor.
6022 </para></listitem>
6023 <listitem><para>
6024 Powered by a highly modern DNS packet parser that should be resistant against many forms of buffer overflows.
6025 </para></listitem>
6026 <listitem><para>
6027 Best spoofing protection that we know about, involving both source port randomisation and spoofing detection.
6028 </para></listitem>
6029 <listitem><para>
6030 Uses 'connected' UDP sockets which allow the recursor to react quickly to unreachable hosts or hosts for which
6031 the server is running, but the nameserver is down. This makes the recursor faster to respond in case of misconfigured domains,
6032 which are sadly very frequent.
6033 </para></listitem>
6034 <listitem><para>
6035 Special support for FreeBSD, Linux and Solaris stateful multiplexing (kqueue, epoll, completion ports).
c75a6a9e 6036 </para></listitem>
ddac32fb
BH		 6037 <listitem><para>
6038 Very fast, and contains innovative query-throttling code to save time talking to obsolete or broken nameservers.
50c56696 6039 </para></listitem>
c75a6a9e
BH		 6040 <listitem><para>
6041 Code is written linearly, sequentially, which means that there are no problems with 'query restart' or anything.
6042 </para></listitem>
6043 <listitem><para>
6044 Relies heavily on Standard C++ Library infrastructure, which makes for little code (406 core lines).
6045 </para></listitem>
6046 <listitem><para>
ddac32fb 6047 Is very verbose in showing how recursion actually works, when enabled to do so with --verbose.
c75a6a9e
BH		 6048 </para></listitem>
6049 <listitem><para>
6050 The algorithm is simple and quite nifty.
6051 </para></listitem>
6052 </itemizedlist>
6053 </para>
ddac32fb
BH		 6054 <para>
6055 The PowerDNS recursor is controlled and queried using the <filename>rec_control</filename> tool.
6a5b669b 6056 <sect1 id="recursor-settings"><title>pdns_recursor settings</title>
2ead7159 6057 <para>
c75a6a9e 6058 At startup, the recursing nameserver reads the file <filename>recursor.conf</filename> from the configuration directory,
ddac32fb
BH		 6059 often <filename>/etc/powerdns</filename> or <filename>/usr/local/etc</filename>. Each setting below can appear on the command line,
6060 prefixed by '--', or in the configuration file. The command line overrides the configuration file.
6061 </para>
6062 <para>
6063 A switch can be set to on simply by passing it, like '--daemon', and turned off explicitly by '--daemon=off' or '--daemon=no'.
2ead7159
BH		 6064 </para>
6065 <para>
c75a6a9e
BH		 6066 The following settings can be configured:
6067 <variablelist>
6068 <varlistentry>
6069 <term>aaaa-additional-processing</term>
6070 <listitem>
6071 <para>
6072 If turned on, the recursor will attempt to add AAAA IPv6 records to questions for MX records and NS records.
6073 Can be quite slow as absence of these records in earlier answers does not guarantee their non-existance. Can double
6074 the amount of queries needed. Off by default.
6075 </para>
6076 </listitem>
6077 </varlistentry>
255e0a07
BH		 6078 <varlistentry>
6079 <term>allow-from</term>
6080 <listitem>
6081 <para>
ddac32fb
BH		 6082 Comma separated netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918
6083 private IP addresses, like 10.0.0.0/8. Due to the agressive nature of the internet these days, it is highly recommended
6084 to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do
6085 not get an answer.
255e0a07
BH		 6086 </para>
6087 </listitem>
6088 </varlistentry>
b258f26c
BH		 6089 <varlistentry>
6090 <term>auth-zones</term>
6091 <listitem>
6092 <para>
6093 Comma separated list of 'zonename=filename' pairs. Zones read from these files are served authoritatively. Example:
6094 <command>auth-zones= ds9a.nl=/var/zones/ds9a.nl, powerdns.com=/var/zones/powerdns.com</command>. Available since 3.1.
6095 </para>
6096 </listitem>
6097 </varlistentry>
ddac32fb
BH		 6098 <varlistentry><term>chroot</term>
6099 <listitem><para>
6100 If set, chroot to this directory for more security. See <xref linkend="security">.
6101 </para></listitem></varlistentry>
50c56696
BH		 6102 <varlistentry>
6103 <term>client-tcp-timeout</term>
6104 <listitem>
6105 <para>
ddac32fb 6106 Time to wait for data from TCP clients. Defaults to 2 seconds.
50c56696
BH		 6107 </para>
6108 </listitem>
6109 </varlistentry>
38e22b5a
BH		 6110 <varlistentry>
6111 <term>config-dir</term>
6112 <listitem>
6113 <para>
6114 Directory where the configuration file can be found.
6115 </para>
6116 </listitem>
6117 </varlistentry>
c75a6a9e
BH		 6118 <varlistentry>
6119 <term>daemon</term>
6120 <listitem>
6121 <para>
6122 Operate in the background, which is the default.
6123 </para>
6124 </listitem>
6125 </varlistentry>
15c7a99d
BH		 6126 <varlistentry>
6127 <term>delegation-only</term>
6128 <listitem>
6129 <para>
cd553f6c 6130 A Verisign special.
15c7a99d
BH		 6131 </para>
6132 </listitem>
6133 </varlistentry>
b258f26c
BH		 6134 <varlistentry>
6135 <term>export-etc-hosts</term>
6136 <listitem>
6137 <para>
6138 If set, this flag will export the host names and IP addresses mentioned in <filename>/etc/hosts</filename>. Available since 3.1.
6139 </para>
6140 </listitem>
6141 </varlistentry>
6142
ddac32fb
BH		 6143 <varlistentry>
6144 <term>fork</term>
6145 <listitem>
6146 <para>
6147 If running on an SMP system with enough memory, this feature forks PowerDNS so it benefits from two processors. Experimental. Renames
6148 controlsockets, so care is needed to connect to the right one using <command>rec_control</command>, using <command>--socket-pid</command>.
6149 </para>
6150 </listitem>
6151 </varlistentry>
b258f26c
BH		 6152 <varlistentry>
6153 <term>forward-zones</term>
6154 <listitem>
6155 <para>
6156 Comma separated list of 'zonename=IP' pairs. Queries for zones listed here will be forwarded to the IP address listed.
acd8deca 6157 <command>forward-zones= ds9a.nl=213.244.168.210, powerdns.com=127.0.0.1</command>. Available since 3.1.
b258f26c
BH		 6158 </para>
6159 </listitem>
6160 </varlistentry>
ddac32fb 6161
f814d7c8
BH		 6162 <varlistentry>
6163 <term>hints-file</term>
6164 <listitem>
6165 <para>
acd8deca 6166 If set, the root-hints are read from this file. If unset, default root hints are used. Available since 2.9.19.
f814d7c8
BH		 6167 </para>
6168 </listitem>
6169 </varlistentry>
c75a6a9e
BH		 6170
6171 <varlistentry>
6172 <term>local-address</term>
6173 <listitem>
6174 <para>
ddac32fb 6175 Local IPv4 or IPv6 addresses to bind to, comma separated. Defaults to only loopback.
c75a6a9e
BH		 6176 </para>
6177 </listitem>
6178 </varlistentry>
6179
6180 <varlistentry>
6181 <term>local-port</term>
6182 <listitem>
6183 <para>
6184 Local port (singular) to bind to. Defaults to 53.
6185 </para>
6186 </listitem>
6187 </varlistentry>
ddac32fb
BH		 6188
6189 <varlistentry>
6190 <term>log-common-errors</term>
6191 <listitem>
6192 <para>
6193 Some DNS errors occur rather frequently and are no cause for alarm. Logging these is on by default.
6194 </para>
6195 </listitem>
6196 </varlistentry>
255e0a07
BH		 6197 <varlistentry>
6198 <term>max-cache-entries</term>
6199 <listitem>
6200 <para>
6201 Maximum number of cache entries. 1 million will generally suffice for most installations.
6202 </para>
6203 </listitem>
6204 </varlistentry>
ddac32fb
BH		 6205 <varlistentry>
6206 <term>max-negative-ttl</term>
6207 <listitem>
6208 <para>
6209 A query for which there is authoritatively no answer is cached to quickly deny a record's existence later on, without
6210 putting a heavy load on the remote server. In practice, caches can become saturated with hundreds of thousands of hosts
6211 which are tried only once. This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative
6212 entries are cached.
6213 </para>
6214 </listitem>
6215 </varlistentry>
50c56696
BH		 6216 <varlistentry>
6217 <term>max-tcp-clients</term>
6218 <listitem>
6219 <para>
6220 Maximum number of simultaneous incoming TCP connections allowed. Defaults to 128. Available since 2.9.18.
6221 </para>
6222 </listitem>
6223 </varlistentry>
4e120339
BH		 6224 <varlistentry>
6225 <term>max-tcp-per-client</term>
6226 <listitem>
6227 <para>
6228 Maximum number of simultaneous incoming TCP connections allowed per client (remote IP address). Defaults to 0, which means unlimited.
6229 </para>
6230 </listitem>
6231 </varlistentry>
50c56696
BH		 6232 <varlistentry>
6233 <term>query-local-address</term>
6234 <listitem>
6235 <para>
6236 Send out local queries from this address. Useful for anycast.
6237 </para>
6238 </listitem>
6239 </varlistentry>
996c89cc
BH		 6240 <varlistentry>
6241 <term>query-local-address6</term>
6242 <listitem>
6243 <para>
6244 Send out local IPv6 queries from this address. Disabled by default, which also disables
6245 outgoing IPv6 support. A useful setting is <command>::0</command>.
6246 </para>
6247 </listitem>
6248 </varlistentry>
ddac32fb 6249
4a75412a 6250 <varlistentry>
ddac32fb 6251 <term>quiet</term>
4a75412a
BH		 6252 <listitem>
6253 <para>
ddac32fb 6254 Don't log queries. On by default.
4a75412a
BH		 6255 </para>
6256 </listitem>
6257 </varlistentry>
38e22b5a 6258 <varlistentry>
ddac32fb
BH		 6259 <term>remotes-ringbuffer-entries</term>
6260 <listitem>
6261 <para>
6262 Number of entries in the remotes ringbuffer, which keeps statistics on who is querying your server. Can be read out using
6263 <command>rec_control top-remotes</command>. Defaults to 0.
6264 </para>
6265 </listitem>
6266 </varlistentry>
9bc8c14c
BH		 6267 <varlistentry>
6268 <term>serve-rfc1918</term>
6269 <listitem>
6270 <para>
6271 On by default, this makes the server authoritatively aware of: <filename>10.in-addr.arpa</filename>,
6272 <filename>168.192.in-addr.arpa</filename>, <filename>16-31.172.in-addr.arpa</filename>, which saves
6273 load on the AS112 servers. Individual parts of these zones can still be loaded or forwarded.
6274 </para>
6275 </listitem>
6276 </varlistentry>
ddac32fb
BH		 6277 <varlistentry>
6278 <term>server-id</term>
6279 <listitem>
6280 <para>
6281 The PowerDNS recursor by replies to a query for 'id.server' with its hostname, useful for in clusters. Use this setting to override
6282 the answer it gives.
6283 </para>
6284 </listitem>
6285 </varlistentry>
6286 <varlistentry>
8f9aa910
BH		 6287 <term>setgid</term>
6288 <term>setuid</term>
38e22b5a
BH		 6289 <listitem>
6290 <para>
ddac32fb 6291 PowerDNS can change its user and group id after binding to its socket. Can be used for better security.
38e22b5a
BH		 6292 </para>
6293 </listitem>
6294 </varlistentry>
255e0a07
BH		 6295 <varlistentry>
6296 <term>socket-dir</term>
6297 <listitem>
6298 <para>
6299 Where to store the control socket. This option also works with the controller, <command>rec_control</command>.
6300 </para>
6301 </listitem>
6302 </varlistentry>
ddac32fb
BH		 6303 <varlistentry>
6304 <term>spoof-nearmiss-max</term>
6305 <listitem>
6306 <para>
6307 If set to non-zero, PowerDNS will assume it is being spoofed after seeing this many answers with the wrong id. Defaults to 20.
6308 </para>
6309 </listitem>
6310 </varlistentry>
c75a6a9e
BH		 6311 <varlistentry>
6312 <term>trace</term>
6313 <listitem>
6314 <para>
6315 If turned on, output impressive heaps of logging. May destroy performance under load.
6316 </para>
6317 </listitem>
6318 </varlistentry>
ddac32fb
BH		 6319 <varlistentry>
6320 <term>version-string</term>
6321 <listitem>
6322 <para>
6323 By default, PowerDNS replies to the 'version.bind' query with its version number. Security concious users may wish to override
6324 the reply PowerDNS issues.
6325 </para>
6326 </listitem>
6327 </varlistentry>
c75a6a9e 6328 </variablelist>
75b49099 6329 <para>
cd553f6c
BH		 6330 </sect1>
6331 <sect1 id="rec-control"><title>Controlling and querying the recursor</title>
6332 <para>
6333 To control and query the PowerDNS recursor, the tool <filename>rec_control</filename> is provided. This program
6334 talks to the recursor over the 'controlsocket', often stored in <filename>/var/run</filename>.
6335 </para>
6336 <para>
6337 As a sample command, try:
6338 <screen>
6339 # rec_control ping
6340 pong
6341 </screen>
6342 </para>
6343 <para>
6344 When not running as root, <command>--socket-dir=/tmp</command> might be appropriate.
6345 </para>
ddac32fb
BH		 6346 <para>
6347 All rec_control commands are documented below:
6348 <variablelist>
6349 <varlistentry>
6350 <term>dump-cache filename</term>
6351 <listitem>
6352 <para>
6353 Dumps the entire cache to the filename mentioned. This file should not exist already, PowerDNS
6354 will refuse to overwrite it. While dumping, the recursor will not answer questions.
6355 </para>
6356 </listitem>
6357 </varlistentry>
6358 <varlistentry>
6359 <term>get statistic</term>
6360 <listitem>
6361 <para>
6362 Retrieve a statistic. For items that can be queried, see below.
6363 </para>
6364 </listitem>
6365 </varlistentry>
6366 <varlistentry>
6367 <term>ping</term>
6368 <listitem>
6369 <para>
6370 Check if server is alive.
6371 </para>
6372 </listitem>
6373 </varlistentry>
6374 <varlistentry>
6375 <term>quit</term>
6376 <listitem>
6377 <para>
6378 Request shutdown of the recursor.
6379 </para>
6380 </listitem>
6381 </varlistentry>
6382 <varlistentry>
6383 <term>top-remotes</term>
6384 <listitem>
6385 <para>
6386 Shows the top-20 most active remote hosts. Statistics are over the last 'remotes-ringbuffer-entries' queries, which
6387 defaults to 0.
6388 </para>
6389 </listitem>
6390 </varlistentry>
6391 <varlistentry>
6392 <term>wipe-cache domain0. [domain1. domain2.]</term>
6393 <listitem>
6394 <para>
6395 Wipe entries from the cache. This is useful if, for example, an important server has a new IP address, but the TTL has not
6396 yet expired. Multiple domain names can be passed. Note that you must terminate a domain with a .! So to wipe powerdns.org,
6397 issue 'rec_control wipe-cache powerdns.org.'.
6398 </para>
6399 <para>
6400 <warning>
6401 <para>
6402 Ubunty Breezy ships a version of Boost that has problems with this command! Either refrain from
6403 using wipe-cache or download a more recent Boost into the PowerDNS source directory, as explained in the
6404 <filename>README</filename>
6405 </para>
6406 </warning>
6407 </para>
6408 </listitem>
6409 </varlistentry>
6410 </variablelist>
6411 </para>
6412 <para>
6413 The command 'get' can query a large number of statistics, which are detailed in <xref linkend="recursor-stats">.
6414
6415 </para>
6416 <para>
6417 More details on what 'throttled' queries and the like are can be found below in <xref linkend="recursor-details">.
6418 </para>
cd553f6c
BH		 6419 </sect1>
6420 <sect1 id="recursor-performance"><title>PowerDNS Recursor performance</title>
6421 <para>
6422 To get the best out of the PowerDNS recursor, which is important if you are doing thousands of queries per second, please
6423 consider the following.
6424 <itemizedlist>
6425 <listitem>
ddac32fb 6426 <para>
cd553f6c
BH		 6427 Limit the size of the cache to a sensible value. Cache hit rate does not improve meaningfully beyond 4 million <command>max-cache-entries</command>,
6428 reducing the memory footprint reduces CPU cache misses.
ddac32fb 6429 </para>
cd553f6c
BH		 6430 </listitem>
6431 <listitem>
6432 <para>
6433 Compile using g++ 4.1 or later. This compiler really does a good job on PowerDNS, much better than 3.4 or 4.0.
6434 </para>
6435 </listitem>
6436 <listitem>
6437 <para>
6438 Consider performing a 'profiled build' as described in the README. This is good for a 20% performance boost in some cases.
6439 </para>
6440 </listitem>
6441 <listitem>
6442 <para>
6443 When running with &gt;3000 queries per second, and running Linux versions prior to 2.6.17 on some motherboards, your computer may
6444 spend an inordinate amount of time working around an ACPI bug for each call to gettimeofday. This is solved by rebooting with 'clock=tsc'
6445 or upgrading to a 2.6.17 kernel.
6446 </para>
6447 <para>
6448 The above is relevant if dmesg shows <command>Using pmtmr for high-res timesource</command>
6449 </para>
6450 </listitem>
32740626
BH		 6451 <listitem>
6452 <para>
6453 A busy server may need hundreds of file descriptors on startup, and deals with spikes better if it has that many available
6454 later on. Linux by default restricts processes to 1024 file descriptors, which should suffice most of the time, but Solaris
6455 has a default limit of 256. This can be raised using the ulimit command. FreeBSD has a default limit that is high enough for even
6456 very heavy duty use.
6457 </para>
6458 </listitem>
23ba833d
BH		 6459 <listitem>
6460 <para>
6461 If you need it, try <command>--fork</command>, this will fork the daemon into two halves, allowing it to benefit from a second CPU.
6462 This feature almost doubles performance, but is a bit of a hack.
6463 </para>
6464 </listitem>
cd553f6c
BH		 6465 </itemizedlist>
6466 Following the instructions above, you should be able to attain very high query rates.
6467 </para>
c75a6a9e 6468 </sect1>
ddac32fb 6469 <sect1 id="recursor-details"><title>Details</title>
6a5b669b
BH		 6470 <sect2 id="anti-spoofing"><title>Anti-spoofing</title>
6471 <para>
6472 The PowerDNS recursor 3.0 uses a fresh UDP source port for each outgoing query, making spoofing around 64000 times harder. This
6473 raises the bar from 'easily doable given some time' to 'very hard'. Under some circimstances, 'some time' has been measured at 2 seconds.
6474 This technique was first used by <filename>dnscache</filename> by Dan J. Bernstein.
6475 </para>
6476 <para>
6477 In addition, PowerDNS detects when it is being sent too many unexpected answers, and mistrusts a proper answer if found within
6478 a clutch of unexpected ones.
6479 </para>
6480 <para>
6481 This behaviour can be tuned using the <command>spoof-nearmiss-max</command>.
6482 </para>
6483 </sect2>
6484 <sect2><title>Throttling</title>
6485 <para>
6486 PowerDNS implements a very simple but effective nameserver. Care has been taken not to overload remote servers in case
6487 of overly active clients.
6488 </para>
6489 <para>
6490 This is implemented using the 'throttle'. This accounts all recent traffic and prevents queries that have been sent out
6491 recently from going out again.
6492 </para>
6493 <para>
6494 There are three levels of throttling.
6495 <itemizedlist>
6496 <listitem>
6497 <para>
6498 If a remote server indicates that it is lame for a zone, the exact question won't
6499 be repeated in the next 60 seconds.
6500 </para>
6501 </listitem>
6502 <listitem>
6503 <para>
6504 After 4 ServFail responses in 60 seconds, the query gets throttled too.
6505 </para>
6506 </listitem>
6507 <listitem>
6508 <para>
6509 5 timeouts in 20 seconds also lead to query suppression.
6510 </para>
6511 </listitem>
6512 </itemizedlist>
6513 </para>
6514 </sect2>
6515
c4bee46c 6516 </sect1>
ddac32fb
BH		 6517 <sect1 id="recursor-stats"><title>Statistics</title>
6518 <para>
6519 The <command>rec_control get</command> command can be used to query the following keys, either single keys or multiple keys
6520 at once:
6521 <screen>
6522all-outqueries counts the number of outgoing UDP queries since starting
6523answers0-1 counts the number of queries answered within 1 milisecond
6524answers100-1000 counts the number of queries answered within 1 second
6525answers10-100 counts the number of queries answered within 100 miliseconds
6526answers1-10 counts the number of queries answered within 10 miliseconds
6527answers-slow counts the number of queries answered after 1 second
6528cache-entries shows the number of entries in the cache
6529cache-hits counts the number of cache hits since starting
6530cache-misses counts the number of cache misses since starting
6531client-parse-errors counts number of client packets that could not be parsed
6532concurrent-queries shows the number of MThreads currently running
6533negcache-entries shows the number of entries in the Negative answer cache
6534noerror-answers counts the number of times it answered NOERROR since starting
6535nsspeeds-entries shows the number of entries in the NS speeds map
6536nxdomain-answers counts the number of times it answered NXDOMAIN since starting
6537outgoing-timeouts counts the number of timeouts on outgoing UDP queries since starting
6538qa-latency shows the current latency average
6539questions counts all End-user initiated queries with the RD bit set
6540resource-limits counts number of queries that could not be performed because of resource limits
6541server-parse-errors counts number of server replied packets that could not be parsed
6542servfail-answers counts the number of times it answered SERVFAIL since starting
6543spoof-prevents number of times PowerDNS considered itself spoofed, and dropped the data
6544sys-msec number of CPU milliseconds spent in 'system' mode
6545tcp-client-overflow number of times an IP address was denied TCP access because it already had too many connections
6546tcp-outqueries counts the number of outgoing TCP queries since starting
6547tcp-questions counts all incoming TCP queries (since starting)
6548throttled-out counts the number of throttled outgoing UDP queries since starting
6549throttle-entries shows the number of entries in the throttle map
6550unauthorized-tcp number of TCP questions denied because of allow-from restrictions
6551unauthorized-udp number of UDP questions denied because of allow-from restrictions
6552unexpected-packets number of answers from remote servers that were unexpected (might point to spoofing)
6553user-msec number of CPU milliseconds spent in 'user' mode
6554 </screen>
6555 In the <filename>rrd/</filename> subdirectory a number of rrdtool scripts is provided to make nice
6556 graphs of all these numbers.
6557 </para>
2ead7159 6558 <para>
c75a6a9e 6559 Every half our or so, the recursor outputs a line with statistics. More infrastructure is planned so as to allow
c4bee46c
BH		 6560 for Cricket or MRTG graphs. To force the output of statistics, send the process a SIGUSR1. A line of statistics looks
6561 like this:
6562<screen>
6563Feb 10 14:16:03 stats: 125784 questions, 13971 cache entries, 309 negative entries, 84% cache hits, outpacket/query ratio 37%, 12% throttled
6564</screen>
6565 This means that there are 13791 different names cached, which each may have multiple records attached to them. There are 309 items
6566 in the negative cache, items of which it is known that don't exist and won't do so for the near future. 84% of incoming questions
6567 could be answered without any additional queries going out to the net.
6568 </para>
6569 <para>
6570 The outpacket/query ratio means that on average, 0.37 packets were needed to answer a question. Initially this ratio may be well over 100%
6571 as additional queries may be needed to actually recurse the DNS and figure out the addresses of nameservers.
6572 </para>
6573 <para>
6574 Finally, 12% of queries were not performed because identical queries had gone out previously, saving load servers worldwide.
2ead7159 6575 </para>
2ead7159 6576 </sect1>
8f9aa910
BH		 6577 <sect1 id="recursor-design-and-engineering">
6578 <title>Design and Engineering of the PowerDNS Recursor</title>
6579 <para>
6580 <warning>
6581 <para>
6582 This section is aimed at programmers wanting to contibute to the recursor, or to help fix bugs. It is not required
6583 reading for a PowerDNS operator, although it might prove interesting.
6584 </para>
6585 </warning>
6586 </para>
6587 <para>The PowerDNS Recursor consists of very little code, the core DNS logic is less than a thousand lines.</para>
6588
6589 <para>This smallness is achieved through the use of some fine infrastructure: MTasker, MOADNSParser, MPlexer and the C++ Standard Library/Boost. This page will explain the conceptual relation between these components, and the route of a packet through the program.</para>
6590
6591 <sect2>
6592 <title>The PowerDNS Recursor</title>
6593 <para>The Recursor started out as a tiny project, mostly a technology demonstration. These days it consists of the core plus 9000 lines of features. This combined with a need for very high performance has made the recursor code less accessible than it was. The page you are reading hopes to rectify this situation.</para>
6594
6595 </sect2>
6596 <sect2>
6597 <title>Synchronous code using MTasker</title>
6598 <para>The original name of the program was <command>syncres</command>, which is still reflected in the filename <literal>syncres.cc</literal>, and the class SyncRes. This means that PowerDNS is written naively, with one thread of execution per query, synchronously waiting for packets, Normally this would lead to very bad performance (unless running on a computer with very fast threading, like possibly the Sun CoolThreads family), so PowerDNS employs <ulink url="http://ds9a.nl/mtasker">MTasker</ulink> for very fast userspace threading.</para>
6599
6600 <para>MTasker, which was developed separately from PowerDNS, does not provide a full multithreading system but restricts itself to those features a nameserver needs. It offers cooperative multitasking, which means there is no forced preemption of threads. This in turn means that no two <command>MThreads</command> ever really run at the same time.</para>
6601
6602 <para>This is both good and bad, but mostly good. It means PowerDNS does not have to think about locking. No two threads will ever be talking to the DNS cache at the same time, for example.</para>
6603
6604 <para>It also means that the recursor could block if any operation takes too long.</para>
6605
6606 <para>The core interaction with MTasker are the waitEvent() and sendEvent() functions. These pass around PacketID objects. Everything PowerDNS needs to wait for is described by a PacketID event, so the name is a bit misleading. Waiting for a TCP socket to have data available is also passed via a PacketID, for example.</para>
6607
6608 <para>The version of MTasker in PowerDNS is newer than that described at the MTasker site, with a vital difference being that thet waitEvent() structure passes along a copy of the exact PacketID sendEvent() transmitted. Furthermore, threads can trawl through the list of events being waited for and modify the respective PacketIDs. This is used for example with <command>near miss</command> packets: packets that appear to answer questions we asked, but differ in the DNS id. On seeing such a packet, the recursor trawls through all PacketIDs and if it finds any nearmisses, it updates the PacketID::nearMisses counter. The actual PacketID thus lives inside MTasker while any thread is waiting for it.</para>
6609
6610 </sect2>
6611 <sect2>
6612 <title>MPlexer</title>
6613 <para>The Recursor uses a separate socket per outgoing query. This has the important benefit of making spoofing 64000 times harder, and additionally means that ICMP errors are reported back to the program. In measurements this appears to happen to one in ten queries, which would otherwise take a two-second timeout before PowerDNS moves on to another nameserver.</para>
6614
32740626 6615 <para>However, this means that the program routinely needs to wait on hundreds or even thousands of sockets. Different operating systems offer various ways to monitor the state of sockets or more generally, filedescriptors. To abstract out the differing strategies (<function>select</function>, <function>epoll</function>, <function>kqueue</function>, <function>completion ports</function>), PowerDNS contains <command>MPlexer</command> classes, all of which descend from the FDMultiplexer class.</para>
8f9aa910
BH		 6616
6617 <para>This class is very simple and offers only five important methods: addReadFD(), addWriteFD(), removeReadFD(), removeWriteFD() and run.</para>
6618
6619 <para>The arguments to the <command>add</command> functions consist of an fd, a callback, and a boost::any variable that is passed as a reference to the callback.</para>
6620
6621 <para>This might remind you of the MTasker above, and it is indeed the same trick: state is stored within the MPlexer. As long as a filedescriptor remains within either the Read or Write active list, its state will remain stored.</para>
6622
6623 <para>On arrival of a packet (or more generally, when an FD becomes readable or writable, which for example might mean a new TCP connection), the callback is called with the aforementioned reference to its parameter.</para>
6624
6625 <para>The callback is free to call removeReadFD() or removeWriteFD() to remove itself from the active list.</para>
6626
6627 <para>PowerDNS defines such callbacks as newUDPQuestion(), newTCPConnection(), handleRunningTCPConnection().</para>
6628
6629 <para>Finally, the run() method needs to be called whenever the program is ready for new data. This happens in the main loop in pdns_recursor.cc. This loop is what MTasker refers to as <command>the kernel</command>. In this loop, any packets or other MPlexer events get translated either into new MThreads within MTasker, or into calls to sendEvent(), which in turn wakes up other MThreads.</para>
6630
6631 </sect2>
6632 <sect2>
6633 <title>MOADNSParser</title>
6634 <para>Yes, this does stand for <command>the Mother of All DNS Parsers</command>. And even that name does not do it justice! The MOADNSParser is the third attempt I've made at writing DNS packet parser and after two miserable failures, I think I've finally gotten it right.</para>
6635
6636 <para>Writing and parsing DNS packets, and the DNS records it contains, consists of four things:
6637 <orderedlist>
6638 <listitem>
6639 <para>
6640 Parsing a DNS record (from packet) into memory
6641 </para>
6642 </listitem>
6643 <listitem>
6644 <para>
6645 Generating a DNS record from memory (to packet)
6646 </para>
6647 </listitem>
6648 <listitem>
6649 <para>
6650 Writing out memory to user-readable zone format
6651 </para>
6652 </listitem>
6653 <listitem>
6654 <para>
6655 Reading said zone format into memory
6656 </para>
6657 </listitem>
6658 </orderedlist>
6659 </para>
6660
6661 <para>This gets tedious very quickly, as one needs to implement all four operations for each new record type, and there are dozens of them.</para>
6662
6663 <para>While writing the MOADNSParser, it was discovered there is a remarkable symmetry between these four transitions. DNS Records are nearly always laid out in the same order in memory as in their zone format representation. And reading is nothing but inverse writing.</para>
6664
6665 <para>So, the MOADNSParser is built around the notion of a <command>Conversion</command>, and we write all Conversion types once. So we have a Conversion from IP address in memory to an IP address in a DNS packet, and vice versa. And we have a Conversion from an IP address in zone format to memory, and vice versa.</para>
6666
6667 <para>This in turn means that the entire implementation of the ARecordContent is as follows (wait for it!)</para>
6668
6669 <literallayout class="monospaced">conv.xfrIP(d_ip);</literallayout>
6670 <para>Through the use of the magic called <literal>c++ Templates</literal>, this one line does everything needed to perform the four operations mentioned above.</para>
6671
6672 <para>At one point, I got really obsessed with PowerDNS memory use. So, how do we store DNS data in the PowerDNS recorsor? I mentioned <command>memory</command> above a lot - this means we could just store the DNSRecordContent objects. However, this would be wasteful.</para>
6673
6674 <para>For example, storing the following:</para>
6675
6676 <literallayout class="monospaced">www.ds9a.nl 3600 IN CNAME outpost.ds9a.nl.</literallayout>
6677 <para>Would duplicate a lot of data. So, what is actually stored is a partial DNS packet. To store the CNAMEDNSRecordContent that corresponds to the above, we generate a DNS packet that has <command>www.ds9a.nl IN CNAME</command> as its question. Then we add <command>3600 IN CNAME outpost.ds9a.nl</command>. as its answer. Then we chop off the question part, and store the rest in the <command>www.ds9a.nl IN CNAME</command> key in our cache.</para>
6678
6679 <para>When we need to retrieve <command>www.ds9a.nl IN CNAME</command>, the inverse happens. We find the proper partial packet, prefix it with a question for <command>www.ds9a.nl IN CNAME</command>, and expand the resulting packet into the answer <command>3600 IN CNAME outpost.ds9a.nl.</command>.</para>
6680
6681 <para>Why do we go through all these motions? Because of DNS compression, which allows us to omit the whole <command>.ds9a.nl.</command> part, saving us 9 bytes. This is amplified when storing multiple MX records which all look more or less alike. This optimization is not performed yet though.</para>
6682
6683 <para>Even without compression, it makes sense as all records are automatically stored very compactly.</para>
6684
6685 <para>The PowerDNS recursor only parses a number of <command>well known record types</command> and passes all other information across verbatim - it doesn't have to know about the content it is serving.</para>
6686
6687 </sect2>
6688 <sect2>
6689 <title>The C++ Standard Library / Boost</title>
6690 <para>C++ is a powerful language. Perhaps a bit too powerful at times, you can turn a program into a real freakshow if you so desire.</para>
6691
6692 <para>PowerDNS generally tries not to go overboard in this respect, but we do build upon a very advanced part of the <ulink url="http://www.boost.org">Boost</ulink> C++ library:
6693 <ulink url="http://boost.org/libs/multi_index/doc/index.html">boost::multi index container</ulink>.</para>
6694
6695 <para>This container provides the equivalent of SQL indexes on multiple keys. It also implements compound keys, which PowerDNS uses as well.</para>
6696
6697 <para>The main DNS cache is implemented as a multi index container object, with a compound key on the name and type of a record. Furthermore, the cache is sequenced, each time a record is accessed it is moved to the end of the list. When cleanup is performed, we start at the beginning. New records also get inserted at the end. For DNS correctness, the sort order of the cache is case insensitive.</para>
6698
6699 <para>The multi index container appears in other parts of PowerDNS, and MTasker as well.</para>
6700
6701 </sect2>
6702 <sect2>
6703 <title>Actual DNS Algorithm</title>
6704 <para>The DNS rfcs do define the DNS algorithm, but you can't actually implement it exactly that way, it was written in 1987.</para>
6705
6706 <para>Also, like what happened to HTML, it is expected that even non-standards conforming domains work, and a sizeable fraction of them is misconfigured these days.</para>
6707
6708 <para>Everything begins with SyncRes::beginResolve(), which knows nothing about sockets, and needs to be passed a domain name, dns type and dns class which we are interested in. It returns a vector of DNSResourceRecord objects, ready for writing either into an answer packet, or for internal use.</para>
6709
6710 <para>After checking if the query is for any of the hardcoded domains (localhost, version.bind, id.server), the query is passed to SyncRes::doResolve, together with two vital parameters: the <literal>depth</literal> and <literal>beenthere</literal> set. As the word <command>recursor</command> implies, we will need to recurse for answers. The <command>depth</command> parameter documents how deep we've recursed already.</para>
6711
6712 <para>The <literal>beenthere</literal> set prevents loops. At each step, when a nameserver is queried, it is added to the <literal>beenthere</literal> set. No nameserver in the set will ever be queried again for the same question in the recursion process - we know for a fact it won't help us further. This prevents the process from getting stuck in loops.</para>
6713
6714 <para>SyncRes::doResolve first checks if there is a CNAME in cache, using SyncRes::doCNAMECacheCheck, for the domain name and type queried and if so, changes the query (which is passed by reference) to the domain the CNAME points to. This is the cause of many DNS problems, a CNAME record really means <command>start over with this query</command>.</para>
6715
6716 <para>This is followed by a call do SyncRes::doCacheCheck, which consults the cache for a straight answer to the question (as possibly rerouted by a CNAME). This function also consults the so called negative cache, but we won't go into that just yet.</para>
6717
6718 <para>If this function finds the correct answer, and the answer hasn't expired yet, it gets returned and we are (almost) done. This happens in 80 to 90% of all queries. Which is good, as what follows is a lot of work.</para>
6719
6720 <para>To recap:
6721 <orderedlist>
6722 <listitem>
6723 <para>
6724 beginResolve() - entry point, does checks for hardcoded domains
6725 </para>
6726 </listitem>
6727 <listitem>
6728 <para>
6729 doResolve() - start of recursion process, gets passed <literal>depth</literal> of 0 and empty <literal>beenthere</literal> set
6730 </para>
6731 </listitem>
6732 <listitem>
6733 <para>
6734 doCNAMECacheCheck() - check if there is a CNAME in cache which would reroute the query
6735 </para>
6736 </listitem>
6737 <listitem>
6738 <para>
6739 doCacheCheck() - see if cache contains straight answer to possibly rerouted query.
6740 </para>
6741 </listitem>
6742 </orderedlist>
6743 </para>
6744 <para>If the data we were queried for was in the cache, we are almost done. One final step, which might as well be optional as nobody benefits from it, is SyncRes::addCruft. This function does additional processing, which means that if the query was for the MX record of a domain, we also add the IP address of the mail exchanger.</para>
6745
6746 </sect2>
6747 <sect2>
6748 <title>The non-cached case</title>
6749 <para>This is where things get interesting, because we start out with a nearly empty cache and have to go out to the net to get answers to fill it.</para>
6750
6751 <para>The way DNS works, if you don't know the answer to a question, you find somebody who does. Initially you have no other place to go than the root servers. This is embodied in the SyncRes::getBestNSNamesFromCache method, which gets passed the domain we are interested in, as well as the <literal>depth</literal> and <literal>nsset</literal> parameters mentioned earlier.</para>
6752
6753 <para>From now on, assume our query will be for <command><literal>www.powerdns.com.</literal></command>. SyncRes::getBestNSNamesFromCache will first check if there are NS records in cache for <literal><command>www.powerdns.com.</command></literal>, but there won't be. It then checks <literal>powerdns.com. NS</literal>, and while these records do exist on the internet, the recursor doesn't know about them yet. So, we go on to check the cache for <literal><command>com. NS</command></literal>, for which the same holds. Finally we end up checking for <literal><command>. NS</command></literal>, and these we do know about: they are the root servers and were loaded into PowerDNS on startup.</para>
6754
6755 <para>So, SyncRes::getBestNSNamesFromCache fills out a set with the <command>names</command> of nameservers it knows about for the <command><literal>.</literal></command> zone.</para>
6756
6757 <para>This set, together with the original query <command><literal>www.powerdns.com</literal></command> gets passed to SyncRes::doResolveAt. This function can't yet go to work immediately though, it only knows the names of nameservers it can try. This is like asking for directions and instead of hearing <command>take the third right</command> you are told <command>go to 123 Fifth Avenue, and take a right</command> - the answer doesn't help you further unless you know where 123 Fifth Avenue is.</para>
6758
6759 <para>SyncRes::doResolveAt first shuffles the nameservers both randomly and on performance order. If it knows a nameserver was fast in the past, it will get queried first. More about this later.</para>
6760
6761 <para>Ok, here is the part where things get a bit scary. How does SyncRes::doResolveAt find the IP address of a nameserver? Well, by calling SyncRes::getAs (<command>get A records</command>), which in turn calls.. SyncRes::doResolve. Hang on! That's where we came from! Massive potential for loops here. Well, it turns out that for any domain which can be resolved, this loop terminates. We do pass the <literal>beenthere</literal> set again, which makes sure we don't keep on asking the same questions to the same nameservers.</para>
6762
6763 <para>Ok, SyncRes::getAs will give us the IP addresses of the chosen root-server, because these IP addresses were loaded on startup. We then ask these IP addresses (nameservers can have several) for its best answer for <command><literal>www.powerdns.com.</literal></command>. This is done using the LWRes class and specifically LWRes::asyncresolve, which gets passed domain name, type and IP address. This function interacts with MTasker and MPlexer above in ways which needn't concern us now. When it returns, the LWRes object contains the best answers the queried server had for our domain, which in this case means it tells us about the nameservers of <literal>com.</literal>, and their IP addresses.</para>
6764
32740626 6765 <para>All the relevant answers it gives are stored in the cache (or actually, merged), after which SyncRes::doResolveAt (which we are still in) evaluates what to do now.</para>
8f9aa910
BH		 6766
6767 <para>There are 6 options:
6768 <orderedlist>
6769 <listitem>
6770 <para>
6771 The final answer is in, we are done, return to SyncRes::doResolve and SyncRes::beginResolve
6772 </para>
6773 </listitem>
6774 <listitem>
6775 <para>
6776 The nameserver we queried tells us the domain we asked for authoritatively does not exist. In case of the root-servers, this happens when we query for <emphasis><literal>www.powerdns.kom.</literal></emphasis> for example, there is no <emphasis><literal>kom.</literal></emphasis>. Return to SyncRes::beginResolve, we are done.
6777 </para>
6778 </listitem>
6779 <listitem>
6780 <para>
6781 A lesser form - it tells us it is authoritative for the query we asked about, but there is no record matching our type. This happens when querying for the IPv6 address of a host which only has an IPv4 address. Return to SyncRes::beginResolve, we are done.
6782 </para>
6783 </listitem>
6784 <listitem>
6785 <para>
6786 The nameserver passed us a CNAME to another domain, and we need to reroute. Go to SyncRes::doResolve for the new domain.
6787 </para>
6788 </listitem>
6789 <listitem>
6790 <para>
6791 The namserver did not know about the domain, but does know who does, a <emphasis>referral</emphasis>. Stay within doResolveAt and loop to these new nameservers.
6792 </para>
6793 </listitem>
6794 <listitem>
6795 <para>
6796 The nameserver replied saying <emphasis>no idea</emphasis>. This is called a <emphasis>lame delegation</emphasis>. Stay within SyncRes::doResolveAt and try the other nameservers we have for this domain.
6797 </para>
6798 </listitem>
6799 </orderedlist>
6800 </para>
6801 <para>When not redirected using a CNAME, this function will loop until it has exhausted all nameservers and all their IP addresses. DNS is surprisingly resilient that there is often only a single non-broken nameserver left to answer queries, and we need to be prepared for that.</para>
6802
6803 <para>This is the whole DNS algorithm in PowerDNS, all in less than 700 lines of code. It contains a lot of tricky bits though, related to the cache.</para>
6804
6805 </sect2>
6806 <sect2>
6807 <title>Some of the things we glossed over</title>
6808 <para>Whenever a packet is sent to a remote nameserver, the response time is stored in the SyncRes::s_nsSpeeds map, using an exponentially weighted moving average. This EWMA averages out different response times, and also makes them decrease over time. This means that a nameserver that hasn't been queried recently gradually becomes <command>faster</command> in the eyes of PowerDNS, giving it a chance again.</para>
6809
6810 <para>A timeout is accounted as a 1s response time, which should take that server out of the running for a while.</para>
6811
6812 <para>Furthermore, queries are throttled. This means that each query to a nameserver that has failed is accounted in the <literal>s_throttle</literal> object. Before performing a new query, the query and the nameserver are looked up via shouldThrottle. If so, the query is assumed to have failed without even being performed. This saves a lot of network traffic and makes PowerDNS quick to respond to lame servers.</para>
6813
6814 <para>It also offers a modicum of protection against birthday attack powered spoofing attempts, as PowerDNS will not innundate a broken server with queries.</para>
6815
6816 <para>The negative query cache we mentioned earlier caches the cases 2 and 3 in the enumeration above. This data needs to be stored separately, as it represents <command>non-data</command>. Each negcache query entry is the name of the SOA record that was presented with the evidence of non-existance. This SOA record is then retrieved from the regular cache, but with the TTL that originally came with the NXDOMAIN (case 2) or NXRRSET (case 3).</para>
6817
6818 </sect2>
6819 <sect2>
6820 <title>The Recursor Cache</title>
6821 <para>As mentioned before, the cache stores partial packets. It also stores not the <command>Time To Live</command> of records, but in fact the <command>Time To Die</command>. If the cache contains data, but it is expired, that data should not be deemed present. This bit of PowerDNS has proven tricky, leading to deadlocks in the past.</para>
6822
6823 <para>There are some other very tricky things to deal with. For example, through a process called <command>more details</command>, a domain might have more nameservers than listed in its parent zone. So, there might only be two nameservers for <literal><command>powerdns.com.</command></literal> in the <command><literal>com.</literal></command> zone, but the <command><literal>powerdns.com</literal></command> zone might list more.</para>
6824
6825 <para>This means that the cache should not, when talking to the <command><literal>com.</literal></command> servers later on, overwrite these four nameservers with only the two copies the <command><literal>com.</literal></command> servers pass us.</para>
6826
6827 <para>However, in other cases (like for example for SOA and CNAME records), new data should overwrite old data.</para>
32740626 6828 <para>Note that PowerDNS deviates from RFC 2181 (section 5.4.1) in this respect.</para>
8f9aa910
BH		 6829
6830 </sect2>
6831 <sect2>
6832 <title>Some small things</title>
6833 <para>The server-side part of PowerDNS (<literal>pdns_recursor.cc</literal>), which listens to queries by end-users, is fully IPv6 capable using the ComboAddress class. This class is in fact a union of a <literal>struct sockaddr_in</literal> and a <literal>struct sockaddr_in6</literal>. As long as the <literal>sin_family</literal> (or <literal>sin6_family</literal>) and <literal>sin_port</literal> members are in the same place, this works just fine, allowing us to pass a ComboAddress*, cast to a <literal>sockaddr*</literal> to the socket functions. For convenience, the ComboAddress also offers a length() method which can be used to indicate the length - either sizeof(sockaddr_in) or sizeof(sockaddr_in6).</para>
6834
6835 <para>Access to the recursor is governed through the NetmaskGroup class, which internally contains Netmaks, which in turn contain a ComboAddress.</para>
6836 </sect2>
6837 </sect1>
12c86877
BH		 6838 </chapter>
6839 <chapter id="replication"><title>Master/Slave operation &amp; replication</title>
6840
6841 <para>
6842 PDNS offers full master and slave semantics for replicating domain information. Furthermore, PDNS can benefit from native
6843 database replication.
6844 </para>
6845 <sect1 id="native-replication"><title>Native replication</title>
6846 <para>
6847 Native replication is the default, unless other operation is specifically configured. Native replication basically means that PDNS will
6848 not send out DNS update notifications, nor will react to them. PDNS assumes that the backend is taking care of replication unaided.
6849 </para>
6850 <para>
6851 MySQL replication has proven to be very robust and well suited, even over transatlantic connections between badly peering ISPs. Other PDNS
6852 users employ Oracle replication which also works very well.
6853 </para>
6854 <para>
6855 To use native replication, configure your backend storage to do the replication and do not configure PDNS to do so.
6856 </para>
6857 </sect1>
6858 <sect1 id="slave"><title>Slave operation</title>
6859 <para>
6860 On launch, PDNS requests from all backends a list of domains which have not been checked recently for changes. This should happen every
6861 '<command>refresh</command>' seconds, as specified in the SOA record. All domains that are unfresh are then checked for changes over at their
6862 master. If the <link linkend="soa-type">SOA</link> serial number there is higher, the domain is retrieved and inserted into the database. In
6863 any case, after the check the domain is declared 'fresh', and will only be checked again after '<command>refresh</command>' seconds have passed.
6864 </para>
c715833f
BH		 6865 <para>
6866 <warning>
6867 <para>
6868 Slave support is OFF by default, turn it on by adding <command>slave</command> to the configuration. The same
6869 holds for master operation. Both can be on simultaneously.
6870 </para>
6871 </warning>
6872 </para>
6873
12c86877
BH		 6874 <para>
6875 PDNS also reacts to notifies by immediately checking if the zone has updated and if so, retransfering it.
6876 </para>
6877 <para>
6878 All backends which implement this feature must make sure that they can handle transactions so as to not leave the zone in a half updated state.
6879 MySQL configured with either BerkeleyDB or InnoDB meets this requirement, as do PostgreSQL and Oracle. The Bindbackend implements transaction
6880 semantics by renaming files if and only if they have been retrieved completely and parsed correctly.
6881 </para>
2ead7159
BH		 6882 <para>
6883 Slave operation can also be programmed using several pdns_control commands, see <xref linkend="pdnscontrol">. The 'retrieve' command
6884 is especially useful as it triggers an immediate retrieval of the zone from the configured master.
6885 </para>
12c86877
BH		 6886 <sect2 id=supermaster><title>Supermaster automatic provisioning of slaves</title>
6887 <para>
6888 PDNS can recognize so called 'supermasters'. A supermaster is a host which is master for domains and for which we are to be a slave. When
6889 a master (re)loads a domain, it sends out a notification to its slaves. Normally, such a notification is only accepted if PDNS already
6890 knows that it is a slave for a domain.
6891 </para>
6892 <para>
6d5e9bba 6893 However, a notification from a supermaster carries more persuasion. When PDNS determines that a notification comes from a supermaster and it
12c86877
BH		 6894 is bonafide, PDNS can provision the domain automatically, and configure itself as a slave for that zone.
6895 </para>
6896 <para>
6897 To enable this feature, a backend needs to know about the IP address of the supermaster, and how PDNS will be listed in the set of
6898 NS records remotely, and the 'account' name of your supermaster. There is no need to fill this out but it does help keep track of
6899 where a domain comes from.
6900 </para>
6901 </sect2>
6902 </sect1>
6903
6904 <sect1 id="master"><title>Master operation</title>
6905 <para>
6906 When operating as a master, PDNS sends out notifications of changes to slaves, which react to these notifications by querying PDNS to see
6907 if the zone changed, and transferring its contents if it has. Notifications are a way to promptly propagate zone changes to slaves, as
6908 described in RFC 1996.
6909 </para>
c715833f
BH		 6910 <para>
6911 <para>
6912 <warning>
6913 <para>
6914 Master support is OFF by default, turn it on by adding <command>master</command> to the configuration. The same
6915 holds for slave operation. Both can be on simultaneously.
6916 </para>
6917 </warning>
6918 </para>
6919
12c86877
BH		 6920 <para>
6921 Left open by RFC 1996 is who is to be notified - which is harder to figure out than it sounds. All slaves for this domain must receive a notification
6922 but the nameserver only knows the names of the slaves - not the IP addresses, which is where the problem lies. The nameserver itself might
6923 be authoritative for the name of its secondary, but not have the data available.
6924 </para>
6925 <para>
6926 To resolve this issue, PDNS tries multiple tactics to figure out the IP addresses of the slaves, and notifies everybody. In contrived configurations
6927 this may lead to duplicate notifications being sent out, which shouldn't hurt.
6928 </para>
6929 <para>
6930 Some backends may be able to detect zone changes, others may chose to let the operator indicate which zones have changed and which haven't.
6931 Consult the documentation for your backend to see how it processes changes in zones.
6932 </para>
6933 <para>
6934 To help deal with slaves that may have missed notifications, or have failed to respond to them, several override commands are available via
6935 the pdns_control tool (<xref linkend="pdnscontrol">):
6936 </para>
6937 <para>
6938 <variablelist>
6939 <varlistentry>
6940 <term>pdns_control notify <command>domain</command></term>
6941 <listitem>
6942 <para>
6943 This instructs PDNS to notify all IP addresses it considers to be slaves of this domain.
6944 </para>
6945 </listitem>
6946 </varlistentry>
6947 <varlistentry>
6948 <term>pdns_control notify-host <command>domain ip-address</command></term>
6949 <listitem>
6950 <para>
6951 This is truly an override and sends a notification to an arbitrary IP address. Can be used in 'also-notify' situations
6952 or when PDNS has trouble figuring out who to notify - which may happen in contrived configurations.
6953 </para>
6954 </listitem>
6955 </varlistentry>
6956 </variablelist>
6957 </para>
6958 </sect1>
6959 </chapter>
6960 <chapter id="fancy-records"><title>Fancy records for seamless email and URL integration</title>
6961
6962 <para>
6963 PDNS also supports so called 'fancy' records. A Fancy Record is actually not a DNS record, but it is translated into one. Currently,
6964 two fancy records are implemented, but not very useful without additional unreleased software. For completeness, they are listed here.
6965 The software will become available later on and is part of the Express and PowerMail suite of programs.
6966 </para>
6967 <para>
6968 These records imply extra database lookups which has a performance impact. Therefore fancy records are only queried for if they are enabled
6969 with the <command>fancy-records</command> command in <filename>pdns.conf</filename>.
6970 </para>
6971 <para>
6972 <variablelist>
6973 <varlistentry>
6974 <term>MBOXFW</term>
6975 <listitem>
6976 <para>
6977 This record denotes an email forward. A typical entry looks like this:
6978 <screen>
6979 support@yourdomain.com MBOXFW you@yourcompany.com
6980 </screen>
6981 When PDNS encounters a request for an MX record for yourdomain.com it will, if fancy records are enabled, also check for the existence
6982 of an MBOXFW record ending on '@yourdomain.com', in which case it will hand out a record containing the configured
6983 <command>smtpredirector</command>. This server should then also be able to access the PDNS database to figure out where mail to
6984 support@yourdomain.com should go to.
6985 </para>
6986 </listitem>
6987 <varlistentry>
6988 <term>URL</term>
6989 <listitem>
6990 <para>
6991 URL records work in much the same way, but for HTTP. A sample record:
6992 <screen>
6993 yourdomain.com URL http://somewhere.else.com/yourdomain
6994 </screen>
6995 A URL record is converted into an A record containing the IP address configured with the <command>urlredirector</command>
6996 setting. On that IP address a webserver should live that knows how to redirect yourdomain.com to
6997 http://somewhere.else.com/yourdomain.
6998 </para>
6999 </listitem>
7000 </varlistentry>
7001 </variablelist>
7002 </para>
7003 </chapter>
7004 <chapter id="all-settings"><title>Index of all settings</title>
7005 <para>
7006 All PDNS settings are listed here, excluding those that originate from backends, which are documented in the relevant chapters.
7007 <variablelist>
7008 <varlistentry>
7009 <term><anchor id="allow-axfr-ips">allow-axfr-ips=...</term>
7010 <listitem>
dcf9bd8f
BH		 7011 <para>Behaviour pre 2.9.10: When not allowing AXFR (disable-axfr), DO allow from these IP addresses or netmasks.
7012 </para>
7013 <para>Behaviour post 2.9.10: If set, only these IP addresses or netmasks will be able to perform AXFR.
12c86877
BH		 7014 </para>
7015 </listitem></varlistentry>
7016 <varlistentry>
7017 <term>allow-recursion=...</term>
7018 <listitem>
7019 <para>
7020 By specifying <command>allow-recursion</command>, recursion can be restricted to netmasks specified. The default is to allow
7021 recursion from everywhere. Example: <command>allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4</command>.
7022 </para>
7023 </listitem></varlistentry>
d8d0bb8f
BH		 7024 <varlistentry>
7025 <term>allow-recursion-override=on|off</term>
7026 <listitem>
7027 <para>
7028 By specifying <command>allow-recursion-override</command>, local data even about hosts that don't exist will override
7029 the internet. This allows you to generate zones that don't really exist on the internet. Does increase the number of SQL queries for hosts that truly don't exist, also not in your database.
7030
7031 </para>
7032 </listitem></varlistentry>
12c86877
BH		 7033 <varlistentry><term>cache-ttl=...</term>
7034 <listitem><para>
7035 Seconds to store packets in the PacketCache. See <xref linkend="packetcache">.
7036 </para></listitem></varlistentry>
7037 <varlistentry><term>chroot=...</term>
7038 <listitem><para>
7039 If set, chroot to this directory for more security. See <xref linkend="security">.
7040 </para></listitem></varlistentry>
7041 <varlistentry><term>config-dir=...</term>
7042 <listitem><para>
7043 Location of configuration directory (pdns.conf)
7044 </para></listitem></varlistentry>
7045 <varlistentry><term>config-name=...</term>
7046 <listitem><para>
7047 Name of this virtual configuration - will rename the binary image. See <xref linkend="virtual">.
7048 </para></listitem></varlistentry>
7049 <varlistentry><term>control-console=...</term>
7050 <listitem><para>
7051 Debugging switch - don't use.
7052 </para></listitem></varlistentry>
7053 <varlistentry><term>daemon=...</term>
7054 <listitem><para>
7055 Operate as a daemon
7056 </para></listitem></varlistentry>
7057 <varlistentry><term>default-soa-name=...</term>
7058 <listitem><para>
7059 name to insert in the SOA record if none set in the backend
7060 </para></listitem></varlistentry>
7061 <varlistentry><term>disable-axfr=...</term>
7062 <listitem><para>
dcf9bd8f 7063 Do not allow zone transfers. Before 2.9.10, this could be overridden by allow-axfr-ips.
12c86877
BH		 7064 </para></listitem></varlistentry>
7065 <varlistentry><term>disable-tcp=...</term>
7066 <listitem><para>
7067 Do not listen to TCP queries. Breaks RFC compliance.
7068 </para></listitem></varlistentry>
7069 <varlistentry><term>distributor-threads=...</term>
7070 <listitem><para>
7071 Default number of Distributor (backend) threads to start. See <xref linkend="performance">.
7072 </para></listitem></varlistentry>
7073 <varlistentry><term>fancy-records=...</term>
7074 <listitem><para>
7075 Process URL and MBOXFW records. See <xref linkend="fancy-records">.
7076 </para></listitem></varlistentry>
7077 <varlistentry><term>guardian | --guardian=yes | --guardian=no</term>
7078 <listitem><para>
7079 Run within a guardian process. See <xref linkend="guardian">.
7080 </para></listitem></varlistentry>
7081 <varlistentry><term>help</term>
7082 <listitem><para>
7083 Provide a helpful message
7084 </para></listitem></varlistentry>
7085 <varlistentry><term>launch=...</term>
7086 <listitem><para>
7087 Which backends to launch and order to query them in. See <xref linkend="modules">.
7088 </para></listitem></varlistentry>
7089 <varlistentry><term>lazy-recursion=...</term>
7090 <listitem><para>
7091 On by default as of 2.1. Checks local data first before recursing. See <xref linkend="recursion">.
7092 </para></listitem></varlistentry>
7093 <varlistentry><term>load-modules=...</term>
7094 <listitem><para>
7095 Load this module - supply absolute or relative path. See <xref linkend="modules">.
7096 </para></listitem></varlistentry>
7097 <varlistentry><term>local-address=...</term>
7098 <listitem><para>
731f58b8
BH		 7099 Local IP address to which we bind. You can specify multiple addresses separated by commas or whitespace. It is highly
7100 advised to bind to specific interfaces and not use the default 'bind to any'. This causes big problems if you have multiple
7101 IP addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any.
12c86877
BH		 7102 </para></listitem></varlistentry>
7103 <varlistentry><term>local-port=...</term>
7104 <listitem><para>
7105 The port on which we listen. Only one port possible.
7106 </para></listitem></varlistentry>
7107 <varlistentry><term><anchor id="log-failed-updates">log-failed-updates=...</term>
7108 <listitem><para>
7109 If set to 'no', failed Windows Dynamic Updates will not be logged.
7110 </para></listitem></varlistentry>
7111 <varlistentry><term><anchor id="log-dns-details">log-dns-details=...</term>
7112 <listitem><para>
7113 If set to 'no', informative-only DNS details will not even be sent to syslog, improving performance. Available from 2.5
7114 and onwards.
7115 </para></listitem></varlistentry>
7116 <varlistentry><term>logging-facility=...</term>
7117 <listitem><para>
fafe636c 7118 If set to a digit, logging is performed under this LOCAL facility. See <xref linkend="syslog">. Available from 1.99.9 and onwards. Do not pass names like 'local0'!
12c86877
BH		 7119 </para></listitem></varlistentry>
7120 <varlistentry><term>loglevel=...</term>
7121 <listitem><para>
7122 Amount of logging. Higher is more. Do not set below 3
7123 </para></listitem></varlistentry>
7124 <varlistentry><term>max-queue-length=...</term>
7125 <listitem><para>
7126 If this many packets are waiting for database attention, consider the situation hopeless and respawn.
7127 </para></listitem></varlistentry>
eab7dbda
BH		 7128 <varlistentry><term>max-tcp-connections=...</term>
7129 <listitem><para>
7130 Allow this many incoming TCP DNS connections simultaneously.
7131 </para></listitem></varlistentry>
12c86877
BH		 7132 <varlistentry><term>module-dir=...</term>
7133 <listitem><para>
7134 Default directory for modules. See <xref linkend="modules">.
7135 </para></listitem></varlistentry>
7136 <varlistentry><term>negquery-cache-ttl=...</term>
7137 <listitem><para>
7138 Seconds to store queries with no answer in the Query Cache. See <xref linkend="querycache">.
7139 </para></listitem></varlistentry>
7140 <varlistentry><term>no-config</term>
7141 <listitem><para>
7142 Do not attempt to read the configuration file.
7143 </para></listitem></varlistentry>
7144 <varlistentry><term>out-of-zone-additional-processing | --out-of-zone-additional-processing=yes | --out-of-zone-additional-processing=no</term>
7145 <listitem><para>
0b0ec1e7
BH		 7146 Do out of zone additional processing. This means that if a malicious user adds a '.com' zone to your server, it is not used for
7147 other domains and will not contaminate answers. Do not enable this setting if you run a public DNS service with untrusted users. Off by default.
7148 </para></listitem></varlistentry>
12c86877
BH		 7149 <varlistentry><term>query-cache-ttl=...</term>
7150 <listitem><para>
7151 Seconds to store queries with an answer in the Query Cache. See <xref linkend="querycache">.
7152 </para></listitem></varlistentry>
7153 <varlistentry><term>queue-limit=...</term>
7154 <listitem><para>
7155 Maximum number of miliseconds to queue a query. See <xref linkend="performance">.
7156 </para></listitem></varlistentry>
fd8bc993
BH		 7157 <varlistentry><term>query-local-address=...</term>
7158 <listitem><para>
7159 The IP address to use as a source address for sending queries. Useful if you have multiple IPs and pdns is not bound to the IP address your operating system uses by default for outgoing packets.
7160 </para></listitem></varlistentry>
12c86877
BH		 7161 <varlistentry><term>query-logging | query-logging=yes | query-logging=no</term>
7162 <listitem><para>
7163 Hints to a backend that it should log a textual representation of queries it performs. Can be set at runtime.
7164 </para></listitem></varlistentry>
7165 <varlistentry><term>recursive-cache-ttl=...</term>
7166 <listitem><para>
7167 Seconds to store recursive packets in the PacketCache. See <xref linkend="packetcache">.
7168 </para></listitem></varlistentry>
7169 <varlistentry><term>recursor=...</term>
7170 <listitem><para>
7171 If set, recursive queries will be handed to the recursor specified here. See <xref linkend="recursion">.
7172 </para></listitem></varlistentry>
8a63d3ce
BH		 7173 <varlistentry><term>send-root-referral | --send-root-referral=yes | --send-root-referral=no</term>
7174 <listitem><para>
7175 If set, PowerDNS will send out old-fashioned root-referrals when queried for domains for which it is not authoritative. Wastes some bandwidth
7176 but may solve incoming query floods if domains are delegated to you for which you are not authoritative, but which are queried by broken
7177 recursors. Available since 2.9.19.
7178 </para></listitem></varlistentry>
12c86877
BH		 7179 <varlistentry><term>setgid=...</term>
7180 <listitem><para>
7181 If set, change group id to this gid for more security. See <xref linkend="security">.
7182 </para></listitem></varlistentry>
7183 <varlistentry><term>setuid=...</term>
7184 <listitem><para>
7185 If set, change user id to this uid for more security. See <xref linkend="security">.
7186 </para></listitem></varlistentry>
7187 <varlistentry><term>skip-cname | --skip-cname=yes | --skip-cname=no</term>
7188 <listitem><para>
7189 Do not perform CNAME indirection for each query. Has performance implications. See <xref linkend="security">.
7190 </para></listitem></varlistentry>
7191 <varlistentry><term>slave-cycle-interval=60</term>
7192 <listitem><para>
7193 Schedule slave up-to-date checks of domains whose status is unknown every .. seconds. See <xref linkend="fancy-records">.
7194 </para></listitem></varlistentry>
7195 <varlistentry><term>smtpredirector=...</term>
7196 <listitem><para>
7197 Our smtpredir MX host. See <xref linkend="fancy-records">.
7198 </para></listitem></varlistentry>
10583b62
BH		 7199 <varlistentry><term>soa-expire-default=604800</term>
7200 <listitem><para>
7201 Default <link linkend="soa-type">SOA</link> expire.
7202 </para></listitem></varlistentry>
7203 <varlistentry><term>soa-minimum-ttl=3600</term>
7204 <listitem><para>
7205 Default <link linkend="soa-type">SOA</link> minimum ttl.
7206 </para></listitem></varlistentry>
7207 <varlistentry><term>soa-refresh-default=10800</term>
7208 <listitem><para>
7209 Default <link linkend="soa-type">SOA</link> refresh.
7210 </para></listitem></varlistentry>
7211 <varlistentry><term>soa-retry-default=3600</term>
7212 <listitem><para>
7213 Default <link linkend="soa-type">SOA</link> retry.
7214 </para></listitem></varlistentry>
12c86877
BH		 7215 <varlistentry><term>soa-serial-offset=...</term>
7216 <listitem><para>
7217 If your database contains single-digit SOA serials and you need to host .DE domains, this setting can help
7218 placate their 6-digit SOA serial requirements. Suggested value is to set this to 1000000 which adds 1000000 to all SOA Serials
7219 under that offset.
7220 </para></listitem></varlistentry>
7221 <varlistentry><term>socket-dir=...</term>
7222 <listitem><para>
7223 Where the controlsocket will live. See <xref linkend="controlsocket">.
7224 </para></listitem></varlistentry>
7225 <varlistentry><term>strict-rfc-axfrs | --strict-rfc-axfrs=yes | --strict-rfc-axfrs=no</term>
7226 <listitem><para>
7227 Perform strictly RFC conformant AXFRs, which are slow, but needed to placate some old client tools.
7228 </para></listitem></varlistentry>
7229 <varlistentry><term>urlredirector=...</term>
7230 <listitem><para>
7231 Where we send hosts to that need to be url redirected. See <xref linkend="fancy-records">.
7232 </para></listitem></varlistentry>
e5d684f9
BH		 7233 <varlistentry><term>version-string=anonymous|powerdns|full|custom</term>
7234 <listitem><para>
7235 When queried for its version over DNS (<command>dig chaos txt version.bind @pdns.ip.address</command>), PowerDNS normally
7236 resonds truthfully. With this setting you can overrule what will be returned. Set the <command>version-string</command>
7237 to 'full' to get the default behaviour, to 'powerdns' to just make it state 'served by PowerDNS - http://www.powerdns.com'.
7238 The 'anonymous' setting will return a ServFail, much like Microsoft nameservers do. You can set this response
7239 to a custom value as well.
7240 </para></listitem></varlistentry>
7241
12c86877
BH		 7242 <varlistentry><term>webserver | --webserver=yes | --webserver=no</term>
7243 <listitem><para>
7244 Start a webserver for monitoring. See <xref linkend="monitoring">.
7245 </para></listitem></varlistentry>
7246 <varlistentry><term>webserver-address=...</term>
7247 <listitem><para>
7248 IP Address of webserver to listen on. See <xref linkend="monitoring">.
7249 </para></listitem></varlistentry>
7250 <varlistentry><term>webserver-password=...</term>
7251 <listitem><para>
7252 Password required for accessing the webserver. See <xref linkend="monitoring">.
7253 </para></listitem></varlistentry>
7254 <varlistentry><term>webserver-port=...</term>
7255 <listitem><para>
7256 Port of webserver to listen on. See <xref linkend="monitoring">.
7257 </para></listitem></varlistentry>
7258 <varlistentry><term>wildcard-url=...</term>
7259 <listitem><para>
7260 Check for wildcard URL records.
7261 </para></listitem></varlistentry>
7262 <varlistentry><term>wildcards=...</term>
7263 <listitem><para>
7264 Honor wildcards in the database. On by default. Turning this off has performance implications, see <xref linkend="performance">.
7265 </para></listitem></varlistentry>
7266 </variablelist>
7267 </para>
7268 </chapter>
7269 <chapter id="metrics"><title>Index of all internal metrics</title>
7270 <para></para>
7271 <sect1 id="counters-variables"><title>Counters &amp; variables</title>
7272 <para>
7273 A number of counters and variables are set during PDNS operation. These can be queried with the init.d
7274 <command>dump</command>, <command>show</command> and <command>mrtg</command> commands, or viewed with the
7275 webserver.
7276
7277 <variablelist>
7278 <varlistentry>
7279 <term>corrupt-packets</term>
7280 <listitem><para>Number of corrupt packets received</para></listitem>
7281 </varlistentry>
7282 <varlistentry>
7283 <term>latency</term>
7284 <listitem><para>Average number of microseconds a packet spends within PDNS</para></listitem>
7285 </varlistentry>
7286 <varlistentry>
7287 <term>packetcache-hit</term>
7288 <listitem><para>Number of packets which were answered out of the cache</para></listitem>
7289 </varlistentry>
7290 <varlistentry>
7291 <term>packetcache-miss</term>
7292 <listitem><para>Number of times a packet could not be answered out of the cache</para></listitem>
7293 </varlistentry>
7294 <varlistentry>
7295 <term>packetcache-size</term>
7296 <listitem><para>Amount of packets in the packetcache</para></listitem>
7297 </varlistentry>
7298 <varlistentry>
7299 <term>qsize-a</term>
7300 <listitem><para>Size of the queue before the transmitting socket.</para></listitem>
7301 </varlistentry>
7302 <varlistentry>
7303 <term>qsize-q</term>
7304 <listitem><para>Number of packets waiting for database attention</para></listitem>
7305 </varlistentry>
7306 <varlistentry>
7307 <term>servfail-packets</term>
7308 <listitem><para>Amount of packets that could not be answered due to database problems</para></listitem>
7309 </varlistentry>
7310 <varlistentry>
7311 <term>tcp-answers</term>
7312 <listitem><para>Number of answers sent out over TCP</para></listitem>
7313 </varlistentry>
7314 <varlistentry>
7315 <term>tcp-questions</term>
7316 <listitem><para>Number of questions received over TCP</para></listitem>
7317 </varlistentry>
7318 <varlistentry>
7319 <term>timedout-questions</term>
7320 <listitem><para>Amount of packets that were dropped because they had to wait too long internally</para></listitem>
7321 </varlistentry>
7322 <varlistentry>
7323 <term>udp-answers</term>
7324 <listitem><para>Number of answers sent out over UDP</para></listitem>
7325 </varlistentry>
7326 <varlistentry>
7327 <term>udp-questions</term>
7328 <listitem><para>Number of questions received over UDP</para></listitem>
7329 </varlistentry>
7330 </variablelist>
7331 </para>
7332 <para>
7333 <sect2><title>Ring buffers</title>
7334 <para>
7335 Besides counters, PDNS also maintains the ringbuffers. A ringbuffer records events, each new event gets a place
7336 in the buffer until it is full. When full, earlier entries get overwritten, hence the name 'ring'.
7337 </para>
7338 <para>
7339 By counting the entries in the buffer, statistics can be generated. These statistics can currently only be viewed
7340 using the webserver and are in fact not even collected without the webserver running.
7341 </para>
7342 <para>
7343 The following ringbuffers are available:
7344 </para>
7345 <para>
7346 <variablelist>
7347 <varlistentry>
7348 <term>Log messages (logmessages)</term>
7349 <listitem><para>All messages logged</para></listitem>
7350 </varlistentry>
7351 <varlistentry>
7352 <term>Queries for existing records but for a type we don't have (noerror-queries)</term>
7353 <listitem><para>Queries for, say, the AAAA record of a domain, when only an A is available.
7354 Queries are listed in the following format: name/type. So an AAA query for pdns.powerdns.com looks like
7355 pdns.powerdns.com/AAAA.</para></listitem>
7356 </varlistentry>
7357 <varlistentry>
7358 <term>Queries for non-existing records within existing domains(nxdomain-queries)</term>
7359 <listitem><para>If PDNS knows it is authoritative over a domain, and it sees a question for a record in that domain
7360 that does not exist, it is able to send out an authoritative 'no such domain' message. Indicates that hosts are
7361 trying to connect to services really not in your zone.</para></listitem>
7362 </varlistentry>
7363
7364 <varlistentry>
7365 <term>UDP queries received (udp-queries)</term>
7366 <listitem><para>
7367 All UDP queries seen.
7368 </para></listitem>
7369 </varlistentry>
7370 <varlistentry>
7371 <term>Remote server IP addresses (remotes)</term>
7372 <listitem><para>
7373 Hosts querying PDNS. Be aware that UDP is anonymous - person A can send queries that appear to be coming from
7374 person B.
7375 </para></listitem>
7376 </varlistentry>
7377 <varlistentry>
7378 <term>Remotes sending corrupt packets (remote-corrupts)</term>
7379 <listitem><para>
7380 Hosts sending PDNS broken packets, possibly meant to disrupt service. Be aware that UDP is
7381 anonymous - person A can send queries that appear to be coming from person B.
7382 </para></listitem>
7383 </varlistentry>
7384 <varlistentry>
7385 <term>Remotes querying domains for which we are not auth (remote-unauth)</term>
7386 <listitem><para>
7387 It may happen that there are misconfigured hosts on the internet which are configured to
7388 think that a PDNS installation is in fact a resolving nameserver. These hosts will not
7389 get useful answers from PDNS. This buffer lists hosts sending queries for domains which
7390 PDNS does not know about.
7391 </para></listitem>
7392 </varlistentry>
7393 <varlistentry>
7394 <term>Queries that could not be answered due to backend errors (servfail-queries)</term>
7395 <listitem><para>
7396 For one reason or another, a backend may be unable to extract answers for a certain domain from
7397 its storage. This may be due to a corrupt database or to inconsistent data. When this happens,
7398 PDNS sends out a 'servfail' packet indicating that it was unable to answer the question. This buffer
7399 shows which queries have been causing servfails.
7400 </para></listitem>
7401 </varlistentry>
7402 <varlistentry>
7403 <term>Queries for domains that we are not authoritative for (unauth-queries)</term>
7404 <listitem><para>
7405 If a domain is delegated to a PDNS instance, but the backend is not made aware of this fact, questions come
7406 in for which no answer is available, nor is the authority. Use this ringbuffer to spot such queries.
7407 </para></listitem>
7408 </varlistentry>
7409 </variablelist>
7410 </para>
7411 </chapter>
7412
7413 <chapter id="types"><title>Supported record types and their storage</title>
7414 <para>
7415 This chapter lists all record types PDNS supports, and how they are stored in backends. The list is mostly alphabetical but
7416 some types are grouped.
7417 <variablelist>
7418 <varlistentry>
7419 <term>A</term>
7420 <listitem>
7421 <para>
7422 The A record contains an IP address. It is stored as a decimal dotted quad string,
7423 for example: '213.244.168.210'.
7424 </para>
7425 </listitem>
7426 </varlistentry>
7427 <varlistentry>
7428 <term>AAAA</term>
7429 <listitem>
7430 <para>
24a18a4b 7431 The AAAA record contains an IPv6 address. An example: '3ffe:8114:2000:bf0::1'.
12c86877
BH		 7432 </para>
7433 </listitem>
7434 </varlistentry>
7435 <varlistentry>
7436 <term>CNAME</term>
7437 <listitem>
7438 <para>
7439 The CNAME record specifies the canonical name of a record. It is stored plainly. Like all other records, it is not
7440 terminated by a dot. A sample might be 'webserver-01.yourcompany.com'.
7441 </para>
7442 </listitem>
7443 </varlistentry>
7444 <varlistentry>
7445 <term>HINFO</term>
7446 <listitem>
7447 <para>
7448 Hardware Info record, used to specify CPU and operating system. Stored with a single space separating these two,
7449 example: 'i386 Linux'.
7450 </para>
7451 </listitem>
7452 </varlistentry>
7453 <varlistentry>
7454 <term>MX</term>
7455 <listitem>
7456 <para>
7457 The MX record specifies a mail exchanger host for a domain. Each mail exchanger also has a priority or preference.
7458 This should be specified in the separate field dedicated for that purpose, often called 'prio'.
7459 </para>
7460 </listitem>
7461 </varlistentry>
7462 <varlistentry>
7463 <term><anchor id="naptr">NAPTR</term>
7464 <listitem>
7465 <para>
7466
7467 Naming Authority Pointer, RFC 2915. Stored as follows:
7468 <screen>
7469 '100 50 "s" "z3950+I2L+I2C" "" _z3950._tcp.gatech.edu'.
7470 </screen>
7471 The fields are: order, preference, flags, service, regex,
7472 replacement. Note that the replacement is not enclosed in quotes, and should not be. The replacement may be omitted, in which
7473 case it is empty. See also RFC 2916 for how to use NAPTR for ENUM (E.164) purposes.
7474 </para>
7475 </listitem>
7476 </varlistentry>
7477 <varlistentry>
7478 <term>NS</term>
7479 <listitem>
7480 <para>
7481 Nameserver record. Specifies nameservers for a domain. Stored plainly: 'ns1.powerdns.com', as always without a terminating dot.
7482 </para>
7483 </listitem>
7484 </varlistentry>
7485 <varlistentry>
7486 <term>PTR</term>
7487 <listitem>
7488 <para>
7489 Reverse pointer, used to specify the host name belonging to an IP or IPv6 address. Name is stored plainly: 'www.powerdns.com'.
7490 As always, no terminating dot.
7491 </para>
7492 </listitem>
7493 </varlistentry>
7494 <varlistentry>
7495 <term>RP</term>
7496 <listitem>
7497 <para>
7498 Responsible Person record, as described in RFC 1183. Stored with a single space between the mailbox name and the more-information
7499 pointer. Example 'peter.powerdns.com peter.people.powerdns.com', to indicate that peter@powerdns.com is responsible and that more
7500 information about peter is available by querying the TXT record of peter.people.powerdns.com.
7501 </para>
7502 </listitem>
7503 </varlistentry>
7504 <varlistentry>
7505 <term><anchor id="soa-type">SOA</term>
7506 <listitem>
7507 <para>
7508 The Start of Authority record is one of the most complex available. It specifies a lot about a domain: the name
7509 of the master nameserver ('the primary'), the hostmaster and a set of numbers indicating how the data in this domain
7510 expires and how often it needs to be checked. Further more, it contains a serial number which should rise on each change
7511 of the domain.
7512 </para>
7513 <para>
7514 The stored format is:
7515 <screen>
7516 primary hostmaster serial refresh retry expire default_ttl
7517 </screen>
7518 Besides the primary and the hostmaster, all fields are numerical. PDNS has a set of default values:
7519 <table>
7520 <title>SOA fields</title>
7521 <tgroup cols=2>
7522 <tbody>
7523 <row>
7524 <entry>primary</entry><entry><command>default-soa-name</command> configuration option</entry>
7525 </row>
7526 <row>
7527 <entry>hostmaster</entry><entry>hostmaster@domain-name</entry>
7528 </row>
7529 <row>
7530 <entry>serial</entry><entry>0</entry>
7531 </row>
7532 <row>
7533 <entry>refresh</entry><entry>10800 (3 hours)</entry>
7534 </row>
7535 <row>
7536 <entry>retry</entry><entry>3600 (1 hour)</entry>
7537 </row>
7538 <row>
7539 <entry>expire</entry><entry>604800 (1 week)</entry>
7540 </row>
7541 <row>
7542 <entry>default_ttl</entry><entry>3600 (1 hour)</entry>
7543 </row>
7544 </tbody>
7545 </tgroup>
7546 </table>
7547 </para>
7548 <para>
7549 The fields have complicated and sometimes controversial meanings. The 'serial' field is special. If left at 0, the default,
7550 PDNS will perform an internal list of the domain to determine highest change_date field of all records within the zone, and use
7551 that as the zone serial number. This means that the serial number is always raised when changes are made to the zone, as long
7552 as the change_date field is being set.
7553 </para>
7554 </listitem>
7555 </varlistentry>
d3491d5a
BH		 7556 <varlistentry>
7557 <term>SRV</term>
7558 <listitem>
7559 <para>
7560 SRV records can be used to encode the location and port of services on a domain name. When encoding, the priority field
7561 is used to encode the priority. For example, '_ldap._tcp.dc._msdcs.conaxis.ch SRV 0 100 389 mars.conaxis.ch' would be
c03f6bee 7562 encoded with 0 in the priority field and '100 389 mars.conaxis.ch' in the content field.
d3491d5a
BH		 7563 </para>
7564 </listitem>
7565 </varlistentry>
12c86877
BH		 7566 <varlistentry>
7567 <term>TXT</term>
7568 <listitem>
7569 <para>
7570 The TXT field can be used to attach textual data to a domain. Text is stored plainly.
7571 </para>
7572 </listitem>
7573 </varlistentry>
7574 </variablelist>
7575 </para>
7576 </chapter>
7577 <chapter id="faq"><title>HOWTO &amp; Frequently Asked Questions</title>
7578 <para>
7579 This chapter contains a number of FAQs and HOWTOs.
7580 </para>
288f4aa9
BH		 7581 <sect1 id="pdns-help-faq"><title>Getting support, free and paid FAQ</title>
7582 <para>
7583 PowerDNS is an open source program so you may get help from the PowerDNS users' community or from its authors.
7584 You may also help others (please do).
7585 </para>
7586 <para>
cdc01a90
BH		 7587 Some users may not have experience in interacting with developers or the open source community. This FAQ is to be considered
7588 MANDATORY READING before asking us for help.
7589 </para>
7590 <para>
7591 You are also advised to look at <ulink url="http://wiki.powerdns.com">the Wiki</ulink> for more information.
288f4aa9
BH		 7592 </para>
7593 <variablelist>
7594 <varlistentry>
7595 <term>Q: Help!</term>
7596 <listitem>
7597 <para>
7598 A: Please try harder. Specifically, before people will be able to help you, they need to know a lot about your system.
7599 Things you may find irrelevant. But, as you have a problem, you are not in a good position to know what is relevant and what not.
7600 </para>
7601 </listitem>
7602 </varlistentry>
7603 <varlistentry>
7604 <term>Q: I have a question, what details should I supply?</term>
7605 <listitem>
7606 <para>
7607 A: Start out with stating what you think should be happening. Quite often, wrong expectations are the actual proble.
7608 Furthermore, which database backend you use, your operating system, which version of PowerDNS you use and where you
7609 got it from (RPM, .DEB, tar.gz). If you compiled it yourself, what were the ./configure parameters.
7610 </para>
7611 <para>
7612 In the Open Source community, not supplying vital details is interpreted as a lack of respect for those willing to take
7613 time to answer your questions!
7614 </para>
7615 <para>
7616 If at *all* possible, supply the actual name of your domain and the IP address of your server(s).
7617 </para>
7618 </listitem>
7619
7620 </varlistentry>
7621 <varlistentry>
7622 <term>Q: Where should I send my question?</term>
7623 <listitem>
7624 <para>
7625 A: To a mailinglist. Do not mail the authors directly unless you previously entered a support contract with them!
7626 For subscription details, see <ulink url="http://mailman.powerdns.com/mailman/admin/">the mailinglists page</ulink>.
7627 </para>
7628 <para>
7629 Questions about using PowerDNS should be sent to the pdns-users list, questions about compiler errors or feature requests
7630 to pdns-dev.
7631 </para>
7632 <para>
7633 Before posting, read all FAQs and tell people you did.
7634 </para>
7635 </listitem>
7636 </varlistentry>
7637 <varlistentry>
7638 <term>Q: I'm special, I don't email to mailinglists!</term>
7639 <listitem>
7640 <para>
7641 We're special too, and we ask you to mail the mailinglists. If you need privacy, consider entering a support
7642 relationship with us, in which case you can email <email>support@powerdns.com</email>.
7643 </para>
7644 </listitem>
7645 </varlistentry>
7646 </variablelist>
7647 </sect1>
1d329048
BH		 7648 <sect1 id="pdns-users-faq"><title>Using and Compiling PowerDNS FAQ</title>
7649 <para>
7650 In the course of compiling and using PowerDNS, many questions may arise. Here are some we've heard earlier or questions
7651 we expect people may have. Please read this list before mailing us!
7652 </para>
cdc01a90
BH		 7653 <para>
7654 If you don't see your question answered here, please check out <ulink url="http://wiki.powerdns.com/projects/trac/wiki/TodoList">
7655 the Wiki FAQ</ulink>, but do note that it is user-editable and not under our constant control.
7656 </para>
1d329048
BH		 7657 <para>
7658 <variablelist>
15c7a99d
BH		 7659 <varlistentry>
7660 <term>Q: I get this entry a lot of times in my log file: Authoritative empty NO ERROR to 1.2.3.4 for 'powerdns.nl' (AAAA)..</term>
7661 <listitem>
7662 <para>
7663 As the name implies, this is not an error. It tells you there are questions for a domain which exists in your database, but for
7664 which no record of the requested type exists. To get rid of this error, add <command>log-dns-details=off</command> to your
7665 configuration.
7666 </para>
7667 </listitem>
7668 </varlistentry>
1d329048
BH		 7669 <varlistentry>
7670 <term>Q: Can I launch multiple backends simultaneously?</term>
7671 <listitem>
7672 <para>
7673 A: You can. This might for example be useful to keep an existing BIND configuration around but to store new zones in, say
7674 MySQL. The syntax to use is 'launch=bind,gmysql'.
7675 </para>
7676 </listitem>
7677 </varlistentry>
e1d03bb0
BH		 7678 <varlistentry>
7679 <term>Q: PowerDNS does not give authoritative answers, how come?</term>
7680 <listitem>
7681 <para>
7682 A: This is almost always not the case. An authoritative answer is recognized by the 'AA' bit being set. Many tools
7683 prominently print the number of Authority records included in an answer, leading users to conclude that the
7684 absence or presence of these records indicates the authority of an answer. This is not the case.
7685 </para>
7686 <para>
7687 Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though
7688 these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct
7689 authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority
7690 records!
7691 </para>
7692 <para>
7693 Sorry for sounding like DJB on this, but we get so many misguided questions about authority..
7694 </para>
7695 </listitem>
7696 </varlistentry>
7697
1d329048
BH		 7698 <varlistentry>
7699 <term>Q: Which backend should I use? There are so many!</term>
7700 <listitem>
7701 <para>
7702 A: If you have no external constraints, the Generic MySQL (gmysql) and Generic PostgreSQL (gpgsql) ones are probably the
7703 most used and complete. By all means do not use the non-generic MySQL backend, which is deprecated and only available for older
7704 installations.
7705 </para>
7706 <para>
7707 The Oracle backend also has happy users, we know of no deployments of the DB2 backend. The BIND backend is pretty capable
7708 too in fact, but many prefer a relational database.
7709 </para>
7710 </listitem>
7711 </varlistentry>
7712 <varlistentry>
7713 <term>Q: I try to launch the pgmysqlbackend and it can't find it!</term>
7714 <listitem>
7715 <para>
7716 A: You did not read the changelog, nor the README. The 'pgmysql' backend is no more and has been split
7717 into the gmysql and gpgsql backends, with the common code residing within PowerDNS itself.
7718 </para>
7719 </listitem>
7720 </varlistentry>
7721 <varlistentry>
7722 <term>Q: PowerDNS compiles under OpenBSD, but crashes immediately, now what?</term>
7723 <listitem>
7724 <para>
7725 A: Reasons behind this are somewhat unclear but we hear they go away if you use a more recent compiler. Let us know
288f4aa9
BH		 7726 on <email>pdns-dev@mailman.powerdns.com</email>. See also
7727 <ulink url="http://www.codeninja.nl/openbsd/powerdns/">here</ulink>.
1d329048
BH		 7728 </para>
7729 </listitem>
7730 </varlistentry>
7731 <varlistentry>
7732 <term>Q: I'm trying to build from CVS but I get lots of weird errors!</term>
7733 <listitem>
7734 <para>
7735 A: Read the 'HACKING' file, it lists the build requirements (mostly autoconf, automake, libtool). In many cases,
7736 it may be easier to build from the source distribution though.
7737 </para>
7738 </listitem>
7739 </varlistentry>
7740 <varlistentry>
7741 <term>Q: I'm on Solaris 7 and AAAA records do not work</term>
7742 <listitem>
7743 <para>
7744 A: Indeed, and this is pretty sad. Either upgrade to Solaris 8 or convince people to write the replacement functions
7745 needed to encode AAAA if the host operating system does not offer them.
7746 </para>
7747 </listitem>
7748 </varlistentry>
7749 <varlistentry>
7750 <term>Q: When compiling I get errors about 'sstream' and 'ostringstream', or BITSPERCHAR</term>
7751 <listitem>
7752 <para>
7753 A: Your gcc is too old. Versions 2.95.2 and older are not supported. Many distributions have improved gcc 2.95.2
7754 with an ostringstream implementation, in which case their 2.95.2 is also supported. We like gcc 3.2.1 best.
7755 </para>
7756 </listitem>
7757 </varlistentry>
7758 <varlistentry>
7759 <term>Q: Ok, I've installed gcc 3.2.1 but now the gpgsql backend won't link</term>
7760 <listitem>
7761 <para>
7762 A: Sadly, the gcc C++ on-disk object format has changed a few times since the 2.95 days. This means that
7763 gcc 3.2.1 cannot link against libpq++.so compiled with 2.95. The trick is to recompile PostgreSQL with 3.2.1
7764 too and have it install in a separate location. Then reconfigure the pdns compile to look there, with
7765 <command>./configure --with-pgsql-lib=/opt/postgresql-with-3.2.1/lib</command>
7766 </para>
7767 </listitem>
7768 </varlistentry>
7769 <varlistentry>
7770 <term>Q: I've installed PostgreSQL 7.3 but it has no libpq++.so</term>
7771 <listitem>
7772 <para>
7773 A: As of 7.3, libpq++ has been split out of the main PostgreSQL distribution. See <ulink url="http://gborg.postgresql.org/">here</ulink>.
7774 It would in fact be a great idea to move the gpgsql backend to the C interface instead of the C++ one. On Debian 'Sid', libpq++.so
7775 hides in the libpqpp-dev package.
7776 </para>
7777 </listitem>
7778 </varlistentry>
288f4aa9
BH		 7779 <varlistentry>
7780 <term>Q: PowerDNS crashes when I install the pdns-static .deb on Debian SID</term>
7781 <listitem>
7782 <para>
7783 A: Indeed. Install the .debs that come with Debian or recompile PowerDNS yourself. If not using MySQL, the crashes
7784 will go away if you remove setuid and setgid statements from the configuration.
7785 </para>
7786 </listitem>
7787 </varlistentry>
7788 <varlistentry>
7789 <term>Q: Why don't my slaves act on notifications and transfer my updated zone?</term>
7790 <listitem>
7791 <para>
7792 A: Raise the serial number of your zone. In most backends, this is the first digit of the SOA contents field. If this number
7793 is lower to equal to that on a slave, it will not consider your zone updated.
7794 </para>
7795 </listitem>
7796 </varlistentry>
c715833f
BH		 7797 <varlistentry>
7798 <term>Q: Master or Slave support is not working, PDNS is not picking up changes</term>
7799 <listitem>
7800 <para>
7801 A: The Master/Slave apparatus is off by default. Turn it on by adding a <command>slave</command> and/or
7802 <command>master</command> statement to the configuration file. Also, check that the configured backend is master or slave capable.
7803 </para>
7804 </listitem>
7805 </varlistentry>
fd8bc993
BH		 7806 <varlistentry>
7807 <term>Q: My masters won't allow PowerDNS to access zones as it is using the wrong local IP address</term>
7808 <listitem>
7809 <para>
7810 A: Mark Bergsma contributed the query-local-address setting to tell PowerDNS which local IP address to use.
7811 </para>
7812 </listitem>
7813 </varlistentry>
016e4ae9
BH		 7814 <varlistentry>
7815 <term>Q: I compiled PowerDNS myself and I see weird problems, especially on SMP</term>
7816 <listitem>
7817 <para>
7818 A: There are known issues between gcc &lt;3.2 and PowerDNS on Linux SMP systems. The exact cause is not known but
7819 moving to our precompiled version always fixes the problems. If you compile yourself, use a recent gcc!
7820 </para>
7821 </listitem>
7822 </varlistentry>
0b0ec1e7
BH		 7823 <varlistentry>
7824 <term>Q: I see this a lot: Backend error: Failed to execute mysql_query, perhaps connection died?</term>
7825 <listitem>
7826 <para>
7827 A: Check your MySQL timeout, it may be set too low. This can be changed in the <filename>my.cnf</filename> file.
7828 </para>
7829 </listitem>
7830 </varlistentry>
016e4ae9
BH		 7831 <varlistentry>
7832 <term>Q: PowerDNS does not answer queries on all my IP addresses and I've ignored the warning I got about that at startup</term>
7833 <listitem>
7834 <para>
7835 A: Please don't ignore what PowerDNS says to you. Furthermore, read <xref linkend="all-settings"> about the <command>local-address</command>
7836 setting, and use it to specify which IP addresses PowerDNS should listen on.
7837 </para>
7838 </listitem>
7839 </varlistentry>
c75a6a9e
BH		 7840 <varlistentry>
7841 <term>Q: Can I use a MySQL database with the Windows version of PowerDNS?</term>
7842 <listitem>
7843 <para>
7844 A: You can. MySQL support is supplied through the ODBC backend, which is compiled into the main binary.
7845 So if you want to use MySQL you can change the pdns.conf file, which is located in the PowerDNS for Windows directory, to use the
7846 correct ODBC data sources.
7847
7848 If you don't know how to use ODBC with MySQL:
7849 <itemizedlist>
7850 <listitem><para>
7851 Download MyODBC from <ulink url="http://www.mysql.com/">http://www.mysql.com/</ulink>
7852 </para></listitem>
7853 <listitem><para>
7854 Install the MySQL ODBC driver.
7855 </para></listitem>
7856 </itemizedlist>
7857 Then you can follow the instructions located in <xref linkend="windows">.
7858 But instead of selecting the Microsoft Access Driver you select the MySQL ODBC Driver and configure it to use your MySQL database.
7859
7860 <note><para>For other databases for which an ODBC driver is available, the procedure is the same as this example.</para></note>
7861 </para>
7862 </listitem>
7863 </varlistentry>
1d329048
BH		 7864 </variablelist>
7865 </para>
12c86877
BH		 7866 <sect1 id="pdns-devel-faq"><title>Backend developer HOWTO</title>
7867 <para>
7868 Writing backends without access to the full PDNS source means that you need to write code that can be loaded by PDNS at runtime.
7869 This in turn means that you need to use the same compiler that we do. For linux, this is currently GCC 3.0.4, although any 3.0.x
7870 compiler is probably fine. In tests, even 3.1 works.
7871 </para>
7872 <para>
7873 For FreeBSD we use GCC 2.95.2.
7874 </para>
7875 <para>
7876 Furthermore, your pdns_server executable must be dynamically linked. The default .rpm PDNS contains a static binary so you need to retrieve the
7877 dynamic rpm or the dynamic tar.gz or the Debian unstable ('Woody') deb. FreeBSD dynamic releases are forthcoming.
7878 </para>
7879 <variablelist>
7880 <varlistentry>
7881 <term>Q: Will PDNS drivers work with other PDNS versions than they were compiled for?</term>
7882 <listitem>
7883 <para>
7884 A: 'Probably'. We make no guarantees. Efforts have been made to keep the interface between the backend and PDNS as thin
7885 as possible. For example, a backend compiled with the 1.99.11 backend development kit works with 1.99.10. But don't count on it.
7886 We will notify when we think an incompatible API change has occured but you are best off recompiling your driver for each
7887 new PDNS release.
7888 </para>
7889 </listitem>
7890 </varlistentry>
7891 <varlistentry>
7892 <term>Q: What is in that DNSPacket * pointer passed to lookup!</term>
7893 <listitem>
7894 <para>
7895 A: For reasons outlined above, you should treat that pointer as opaque and only access it via the <function>getRemote()</function>
7896 functions made available and documented above. The DNSPacket class changes a lot and this level of indirection allows for greater
7897 changes to be made without changing the API to the backend coder.
7898 </para>
7899 </listitem>
7900 </varlistentry>
7901 <varlistentry>
7902 <term>Q: How is the PowerDNS Open Source Backend Development Kit licensed?</term>
7903 <listitem>
7904 <para>
7905 A: MIT X11, a very liberal license permitting basically everything.
7906 </para>
7907 </listitem>
7908 </varlistentry>
7909 <varlistentry>
7910 <term>Q: Can I release the backend I wrote?</term>
7911 <listitem>
7912 <para>
7913 A: Please do! If you tell us about it we will list you on our page.
7914 </para>
7915 </listitem>
7916 </varlistentry>
7917 <varlistentry>
7918 <term>Q: Can I sell backends I wrote?</term>
7919 <listitem>
7920 <para>
7921 A: You can. Again, if you tell us about them we will list your backend on the site. You can keep the source of your backend
7922 secret if you want, or you can share it with the world under any license of your chosing.
7923 </para>
7924 </listitem>
7925 </varlistentry>
7926 <varlistentry>
7927 <term>Q: Will PowerDNS use my code in the PDNS distribution?</term>
7928 <listitem>
7929 <para>
7930 A: If your license permits it and we like your backend, we sure will. If your license does not permit it but we like your
7931 backend anyway we may contact you.
7932 </para>
7933 </listitem>
7934 </varlistentry>
7935 <varlistentry>
7936 <term>Q: My backend compiles but when I try to load it, it says 'undefined symbol: _Z13BackendMakersv'</term>
7937 <listitem>
7938 <para>
7939 A: Your pdns_server binary is static and cannot load a backend driver at runtime. Get a dynamic version of pdns, or complain
7940 to pdns@powerdns.com if one isn't available. To check what kind of binary you have, execute 'file $(which pdns_server)'.
7941 </para>
7942 </listitem>
7943 </varlistentry>
7944 <varlistentry>
7945 <term>Q: My backend compiles but when I try to load it, it says 'undefined symbol: BackendMakers__Fv'</term>
7946 <listitem>
7947 <para>
7948 A: You compiled with the wrong GCC. Use GCC 3.x for Linux, 2.95.x for FreeBSD. You may want to change g++ to g++-3.0 in the Makefile,
7949 or change your path so that 3.x is used.
7950 </para>
7951 </listitem>
7952 </varlistentry>
7953 <varlistentry>
7954 <term>Q: I downloaded a dynamic copy of pdns_server but it doesn't run, even without my backend</term>
7955 <listitem>
7956 <para>
7957 A: Run 'ldd' on the pdns_server binary and figure out what libraries you are missing. Most likely you need to install gcc 3.0 libraries,
7958 RedHat 7.1 and 7.2 have packages available, Debian installs these by default if you use the 'unstable deb' of PDNS.
7959 </para>
7960 </listitem>
7961 </varlistentry>
7962 <varlistentry>
7963 <term>Q: What I want can't be done from a backend - I need the whole PDNS source</term>
7964 <listitem>
7965 <para>
7966 A: If you require the source, please contact us (pdns@powerdns.com). All commercial licensees receive the source,
7967 for others we may grant exceptions.
7968 </para>
7969 </listitem>
7970 </varlistentry>
7971 <varlistentry>
7972 <term>Q: What is this 'AhuException' I keep reading about?</term>
7973 <listitem>
7974 <para>
7975 A: This name has historical reasons and has <ulink url="http://ds9a.nl">no significance</ulink>.
7976 </para>
7977 </listitem>
7978 </varlistentry>
7979 <varlistentry>
7980 <term>Q: I need a backend but I can't write it, can you help?</term>
7981 <listitem>
7982 <para>
7983 A: Yes, we also do custom development. Contact us at pdns@powerdns.com.
7984 </para>
7985 </listitem>
7986 </varlistentry>
7987
7988 </variablelist>
7989 </sect1>
7990 <sect1 id="powerdns-company-faq"><title>About PowerDNS.COM BV, 'the company'</title>
7991 <para>
7992 As of 25 November 2002, the PowerDNS nameserver and its modules are open source. This has led to a lot of questions on the future
7993 of both PowerDNS, the company and the products. This FAQ attempts to address these questions.
7994 </para>
7995 <para>
7996 <variablelist>
7997 <varlistentry>
7998 <term>Q: Is PowerDNS 2.9 really open source? What license?</term>
7999 <listitem>
8000 <para>
8001 A: PowerDNS 2.9 is licensed under the GNU General Public License version two, the same license that covers the Linux kernel.
8002 </para>
8003 </listitem>
8004 </varlistentry>
8005 <varlistentry>
8006 <term>Q: Is the open source version crippled?</term>
8007 <listitem>
8008 <para>
8009 A: It is not. Not a single byte has been omitted.
8010 </para>
8011 </listitem>
8012 </varlistentry>
8013 <varlistentry>
8014 <term>Q: Is the nameserver abandoned?</term>
8015 <listitem>
8016 <para>
8017 A: Far from it. In fact, we expect development to speed up now that we have joined the open source community.
8018 </para>
8019 </listitem>
8020 </varlistentry>
8021 <varlistentry>
8022 <term>Q: Why is the nameserver now open source?</term>
8023 <listitem>
8024 <para>
8025 A: In the current economic climate and also the way the Internet is built up right now, selling software is very hard. Most potential
8026 customers had never before bought a piece of software for their UNIX internet setup. Even though we know (from the recent survey) that
8027 nameserver operators love PowerDNS, their suggested price for it is in the $100 range.
8028 </para>
8029 <para>
8030 For us, it makes far more sense to open source PowerDNS than to ask $100 for it. It is expected that open sourcing PowerDNS will lead
8031 to far higher adoption rates. We hope that PowerDNS will soon be included in major Linux and UNIX distributions.
8032 </para>
8033 </listitem>
8034 <varlistentry>
8035 <term>Q: How does PowerDNS.COM BV expect to make money now that the nameserver is free?</term>
8036 <listitem>
8037 <para>
8038 A: In fact, we don't expect to in the near future. We also don't have a lot of expenses, basically
8039 some hosting and a few domain names.
8040 </para>
8041 <para>
8042 However, we are available for consulting work, for example to help a large registrar or registry migrate to PowerDNS, or to help
8043 integrate our software in existing provisioning systems.
8044 </para>
8045 <para>
8046 Furthermore, non-GPL licenses are available for those needing to do closed source modifications, or for customers
8047 uncomfortable with the GPL. This is much like what <ulink url="http://www.mysql.com/company/index.html">MySQL AB</ulink> is doing now.
8048 </para>
8049 <para>
8050 In fact, their strategy is a lot like ours in general.
8051 </para>
8052 </varlistentry>
8053 <varlistentry>
8054 <term>Q: Can I buy support contracts for PowerDNS?</term>
8055 <listitem>
8056 <para>
8057 Sure, to do so, please contact us at <email>sales@powerdns.com</email>
8058 </para>
8059 </varlistentry>
8060 <varlistentry>
8061 <term>Q: Will you accept patches? We've added a feature</term>
8062 <listitem>
8063 <para>
8064 Probably - in general, it is best to discuss your intentions and needs on the <email>pdns-dev@mailman.powerdns.com</email> (<ulink url="http://mailman.powerdns.com/mailman/listinfo/pdns-dev">subscribe</ulink>)
8065 mailinglist
8066 before doing the work. We may have suggestions or guidelines on how you should implement the feature.
8067 </para>
8068 </listitem>
8069 </varlistentry>
8070 <varlistentry>
8071 <term>Q: PowerDNS doesn't work on my platform, will you port it?</term>
8072 <term>Q: PowerDNS doesn't have feature I need, will you add it?</term>
8073 <listitem>
8074 <para>
8075 Be sure to ask on the <email>pdns-dev@mailman.powerdns.com</email> (<ulink url="http://mailman.powerdns.com/mailman/listinfo/pdns-dev">subscribe</ulink>) mailinglist. You can even hire us to do work on PowerDNS
8076 if plain asking is not persuasive enough. This might be the case if we don't currently have time for your feature, but you
8077 need it quickly anyhow, and are not in a position to submit a patch implementing it.
8078 </para>
8079 </listitem>
8080 </varlistentry>
8081 <varlistentry>
fd8bc993 8082 <term>Q: Will <ulink url="http://express.powerdns.com">PowerDNS Express</ulink> be open sourced?</term>
12c86877
BH		 8083 <listitem>
8084 <para>
fd8bc993 8085 Perhaps, we're not yet sure.
12c86877
BH		 8086 </para>
8087 </listitem>
8088 </varlistentry>
8089
8090 <varlistentry>
8091 <term>Q: We are a Linux/Unix vendor, can we include PowerDNS?
8092 <listitem>
8093 <para>
8094 A: Please do. In fact, we'd be very happy to work with you to make this happen. Contact <email>ahu@ds9a.nl</email>
8095 if you have specific upstream needs.
8096 </para>
8097 </listitem>
8098 </varlistentry>
8099 </variablelist>
8100 </para>
8101 </sect1>
8102 </chapter>
50c56696 8103 <chapter id="analysis"><title>Tools to analyse DNS traffic</title>
50c56696 8104 <para>
5a0f9e64
BH		 8105 DNS is highly mission critical, it is therefore necessary to be able to study and compare DNS traffic. Since 2.9.18, PowerDNS comes
8106 with three tools to aid in analysis:
8107 <warning>
8108 <para>
8109 As of 2.9.18 these tools are somewhat rough - they have no help messages for example. They do work though.
8110 </para>
8111 </warning>
8112 <variablelist>
8113 <varlistentry>
8114 <term>dnsreplay pcapfile [ipaddress] [port number]</term>
8115 <listitem>
8116 <para>
8117 This program takes recorded questions and answers and replays them to a specified nameserver and reporting afterwards
8118 which percentage of answers matched, were worse or better.
8119 </para>
8120 </listitem>
8121 </varlistentry>
8122 <varlistentry>
8123 <term>dnswasher pcapfile output</term>
8124 <listitem>
8125 <para>
8126 Anonymises recorded traffic, making sure it only contains DNS, and that the originating IP addresses of queries are stripped, which may
8127 allow you to send traces to our company or mailing list without violating obligations towards your customers or privacy laws.
8128 </para>
8129 </listitem>
8130 </varlistentry>
8131 <varlistentry>
8132 <term>dnsscope pcapfile</term>
8133 <listitem>
8134 <para>
8135 Calculates statistics without replaying traffic
8136 </para>
8137 </listitem>
8138 </varlistentry>
8139 </variablelist>
50c56696
BH		 8140 </para>
8141 </chapter>
12c86877
BH		 8142 <Appendix id="backends-detail"><title>Backends in detail</title>
8143 <para>
8144 This appendix lists several of the available backends in more detail
8145 </para>
8146
8147
8148 <sect1 id="pipebackend"><title>PipeBackend</title>
8149 <para>
8150 <table>
8151 <title>PipeBackend capabilities</title>
8152 <tgroup cols=2>
8153 <tbody>
8154 <row><entry>Native</entry><entry>Yes</entry></row>
8155 <row><entry>Master</entry><entry>No</entry></row>
8156 <row><entry>Slave</entry><entry>No</entry></row>
8157 <row><entry>Superslave</entry><entry>No</entry></row>
8158 <row><entry>Autoserial</entry><entry>No</entry></row>
8159 <row><entry>Case</entry><entry>Depends</entry></row>
d022a079 8160 <row><entry>Module name</entry><entry>pipe</entry></row>
fededf47 8161 <row><entry>Launch name</entry><entry>pipe</entry></row>
12c86877
BH		 8162 </tbody>
8163 </tgroup>
8164 </table>
8165 </para>
8166 <para>
8167 The PipeBackend allows for easy dynamic resolution based on a 'Coprocess' which can be written in any
8168 programming language that can read a question on standard input and answer on standard output.
8169 </para>
11a45617
BH		 8170 <para>
8171 <note>
8172 <para>
8173 The Pipe Backend currently does not function under FreeBSD 4.x and 5.x, probably due to unfavorable interactions between
8174 its threading implementation and the fork system call.
8175 </para>
8176 <para>
8177 Interestingly, the Linux PowerDNS binary running under the Linuxulator on FreeBSD does work.
8178 </para>
8179 </note>
8180 </para>
12c86877
BH		 8181 <para>
8182 To configure, the following settings are available:
8183 <variablelist>
8184 <varlistentry>
8185 <term>pipe-command</term>
8186 <listitem>
8187 <para>
8188 Command to launch as backend. Mandatory.
8189 </para>
8190 </listitem>
8191 </varlistentry>
8192 <varlistentry>
8193 <term>pipe-timeout</term>
8194 <listitem>
8195 <para>
8196 Number of milliseconds to wait for an answer from the backend. If this time is ever exceeded, the backend
8197 is declared dead and a new process is spawned. Available since 2.7.
8198 </para>
8199 </listitem>
8200 </varlistentry>
8201 <varlistentry>
8202 <term>pipe-regex</term>
8203 <listitem>
8204 <para>
8205 If set, only questions matching this regular expression are even sent to the backend. This makes sure that
8206 most of PowerDNS does not slow down if you you reploy a slow backend. A query for the A record of 'www.powerdns.com'
8207 would be presented to the regex as 'www.powerdns.com;A'. A matching regex would be '^www.powerdns.com;.*$'.
8208 </para>
8209 <para>
8210 To match only ANY and A queries for www.powerdns.com, use '^www.powerdns.com;(A|ANY)$'. Available since 2.8.
8211 </para>
8212 </listitem>
8213 </varlistentry>
5015493c
BH		 8214 <varlistentry>
8215 <term>pipebackend-abi-version</term>
8216 <listitem>
8217 <para>
8218 This is the version of the question format that is sent to the co-process (pipe-command) for the pipe backend.
8219 </para>
8220 <para>
8221 If not set the default pipebackend-abi-version is 1. When set to 2, the local-ip-address field is added
8222 after the remote-ip-address. (the local-ip-address refers to the IP address the question was received on)
8223 </para>
8224 </listitem>
8225 </varlistentry>
12c86877
BH		 8226 </variablelist>
8227 </para>
8228
8229 <sect2 id="pipebackend-protocol"><title>PipeBackend protocol</title>
8230 <para>
8231 Questions come in over a file descriptor, by default standard input. Answers
8232 are sent out over another file descriptor, standard output by default.
8233 </para>
8234 <sect3>
8235 <title>Handshake</title>
8236 <para>
8237 PowerDNS sends out 'HELO\t1', indicating that it wants to speak the
8238 protocol as defined in this document, version 1.
8239
8240 A PowerDNS CoProcess must then send out a banner, prefixed by 'OK\t',
8241 indicating it launched successfully. If it does not support the indicated
8242 version, it should respond with FAIL, but not exit. Suggested behaviour is
8243 to try and read a further line, and wait to be terminated.
8244 </para></sect3>
8245 <sect3><title>Questions</title>
8246 <para>
8247 Questions come in three forms and are prefixed by a tag indicating the kind:
8248 <variablelist>
8249 <varlistentry>
8250 <term>Q</term>
8251 <listitem>
8252 <para>
8253 Regular queries
8254 </para>
8255 </listitem>
8256 </varlistentry>
8257 <varlistentry>
8258 <term>AXFR</term>
8259 <listitem>
8260 <para>
8261 List requests, which mean that an entire zone should be listed
8262 </para>
8263 </listitem>
8264 </varlistentry>
8265 <varlistentry>
8266 <term>PING</term>
8267 <listitem>
8268 <para>
8269 Check if the coprocess is functioning
8270 </para>
8271 </listitem>
8272 </varlistentry>
8273 </variablelist>
8274The question format:
5015493c
BH		 8275
8276pipebackend-abi-version = 1 [default]
8277<screen>
8278type qname qclass qtype id remote-ip-address
8279</screen>
8280
8281pipebackend-abi-version = 2
12c86877 8282<screen>
5015493c 8283type qname qclass qtype id remote-ip-address local-ip-address
12c86877
BH		 8284</screen>
8285
5015493c
BH		 8286Fields are tab separated, and terminated with a single \n. The remote-ip-address is the IP address
8287of the nameserver asking the question; the local-ip-address is the IP address on which the question
8288was received.
12c86877
BH		 8289
8290Type is the tag above, qname is the domain the question is about. qclass is
8291always 'IN' currently, denoting an INternet question. qtype is the kind of
8292information desired, the record type, like A, CNAME or AAAA. id can be
8293specified to help your backend find an answer if the id is already known
8294from an earlier query. You can ignore it.
8295
5015493c
BH		 8296remote-ip-address is the ip-address of the nameserver asking the question.
8297local-ip-address is the ip-address that was querried locally.
12c86877
BH		 8298 </para></sect3>
8299 <sect3><title>Answers</title>
8300 <para>
8301
8302 Each answer starts with a tag, possibly followed by a TAB and more data.
8303 <variablelist>
8304 <varlistentry>
8305 <term>DATA</term>
8306 <listitem>
8307 <para>
8308 Indicating a successful line of DATA
8309 </para>
8310 </listitem>
8311 </varlistentry>
8312 <varlistentry>
8313 <term>END</term>
8314 <listitem>
8315 <para>
8316 Indicating the end of an answer - no further data
8317 </para>
8318 </listitem>
8319 </varlistentry>
8320 <varlistentry>
8321 <term>FAIL</term>
8322 <listitem>
8323 <para>
8324 Indicating a lookup failure. Also serves as 'END'. No further data.
8325 </para>
8326 </listitem>
8327 </varlistentry>
8328 <varlistentry>
8329 <term>LOG</term>
8330 <listitem>
8331 <para>
8332 For specifying things that should be logged. Can only be sent after
8333 a query and before an END line. After the tab, the message to be
8334 logged
8335
8336 </para>
8337 </listitem>
8338 </varlistentry>
8339 </variablelist>
8340
8341
8342 So letting it be known that there is no data consists if sending 'END'
8343 without anything else.
8344
8345
8346The answer format:
8347<screen>
8348DATA qname qclass qtype ttl id content
8349</screen>
8350
8351'content' is as specified in <xref linkend="types">.
8352
8353A sample dialogue may look like this:
8354<screen>
8355Q www.ds9a.nl IN CNAME -1 213.244.168.210
8356DATA www.ds9a.nl IN CNAME 3600 1 ws1.ds9a.nl
8357Q ws1.ds9a.nl IN CNAME -1 213.244.168.210
8358END
8359Q wd1.ds9a.nl IN A -1 213.244.168.210
8360DATA ws1.ds9a.nl IN A 3600 1 1.2.3.4
8361DATA ws1.ds9a.nl IN A 3600 1 1.2.3.5
8362DATA ws1.ds9a.nl IN A 3600 1 1.2.3.6
8363END
8364</screen>
8365
8366 This would correspond to a remote webserver 213.244.168.210 wanting to
8367resolve the IP address of www.ds9a.nl, and PowerDNS traversing the CNAMEs to
8368find the IP addresses of ws1.ds9a.nl
8369
8370Another dialogue might be:
8371<screen>
8372Q ds9a.nl IN SOA -1 213.244.168.210
8373DATA ds9a.nl IN SOA 86400 1 ahu.ds9a.nl ...
8374END
8375AXFR 1
8376DATA ds9a.nl IN SOA 86400 1 ahu.ds9a.nl ...
8377DATA ds9a.nl IN NS 86400 1 ns1.ds9a.nl
8378DATA ds9a.nl IN NS 86400 1 ns2.ds9a.nl
8379DATA ns1.ds9a.nl IN A 86400 1 213.244.168.210
8380DATA ns2.ds9a.nl IN A 86400 1 63.123.33.135
8381.
8382.
8383END
8384</screen>
8385
8386This is a typical zone transfer.
8387 </para>
8388 </sect3>
8389 <sect3>
8390 <title>Sample perl backend</title>
8391 <para>
8392 <screen>
8393#!/usr/bin/perl -w
8394# sample PowerDNS Coprocess backend
8395#
8396
8397use strict;
8398
8399
8400$|=1; # no buffering
8401
8402my $line=&lt;&gt;;
8403chomp($line);
8404
8405unless($line eq "HELO\t1") {
8406 print "FAIL\n";
8407 print STDERR "Recevied '$line'\n";
8408 &lt;&gt;;
8409 exit;
8410}
8411print "OK Sample backend firing up\n"; # print our banner
8412
8413while(&lt;&gt;)
8414{
8415 print STDERR "$$ Received: $_";
8416 chomp();
8417 my @arr=split(/\t/);
8418 if(@arr&lt;6) {
8419 print "LOG PowerDNS sent unparseable line\n";
8420 print "FAIL\n";
8421 next;
8422 }
8423
8424 my ($type,$qname,$qclass,$qtype,$id,$ip)=split(/\t/);
8425
8426 if(($qtype eq "A" || $qtype eq "ANY") && $qname eq "webserver.example.com") {
8427 print STDERR "$$ Sent A records\n";
8428 print "DATA $qname $qclass A 3600 -1 1.2.3.4\n";
8429 print "DATA $qname $qclass A 3600 -1 1.2.3.5\n";
8430 print "DATA $qname $qclass A 3600 -1 1.2.3.6\n";
8431 }
8432 elsif(($qtype eq "CNAME" || $qtype eq "ANY") && $qname eq "www.example.com") {
8433 print STDERR "$$ Sent CNAME records\n";
8434 print "DATA $qname $qclass CNAME 3600 -1 webserver.example.com\n";
8435 }
8436 elsif($qtype eq "MBOXFW") {
8437 print STDERR "$$ Sent MBOXFW records\n";
8438 print "DATA $qname $qclass MBOXFW 3600 -1 powerdns\@example.com\n";
8439 }
8440
8441
8442 print STDERR "$$ End of data\n";
8443 print "END\n";
8444}
8445 </screen>
8446 </para>
8447 </sect3>
8448 </sect2>
8449
8450 </sect1>
8451 <sect1 id="mysqlbackend"><Title>MySQL backend</title>
d022a079
BH		 8452 <para>
8453 <warning>
8454 <para>
8f9aa910 8455 This backend is deprecated! Use the Generic MySQL backend which is better in <command>all</command> respects.
d022a079
BH		 8456 It does support master/slave operation, this backend does not. See <xref linkend="generic-mypgsql-backends">.
8457 </para>
8458 <para>
8459 So stop reading here unless you already have a database filled with 'mysql' records.
8460 </para>
8461 </warning>
8462 </para>
12c86877
BH		 8463 <para>
8464 <table>
8465 <title>MySQL backend capabilities</title>
8466 <tgroup cols=2>
8467 <tbody>
8468 <row><entry>Native</entry><entry>Yes</entry></row>
8469 <row><entry>Master</entry><entry>No</entry></row>
8470 <row><entry>Slave</entry><entry>No</entry></row>
8471 <row><entry>Superslave</entry><entry>No</entry></row>
8472 <row><entry>Autoserial</entry><entry>Yes</entry></row>
8473 <row><entry>Case</entry><entry>Insensitive</entry></row>
d022a079 8474 <row><entry>Module name</entry><entry>mysql</entry></row>
fededf47 8475 <row><entry>Launch name</entry><entry>mysql</entry></row>
12c86877
BH		 8476 </tbody>
8477 </tgroup>
8478 </table>
8479 </para>
8480 <para>
8481 The MySQL Backend as present in PDNS is fixed - it requires a certain database schema to function. This schema corresponds to this create statement:
8482
8483 <screen>
8484 CREATE TABLE records (
8485 id int(11) NOT NULL auto_increment,
c75a6a9e
BH		 8486 domain_id int(11) NOT NULL,
8487 name varchar(255) NOT NULL,
8488 type varchar(6) NOT NULL,
8489 content varchar(255) NOT NULL,
8490 ttl int(11) NOT NULL,
12c86877
BH		 8491 prio int(11) default NULL,
8492 change_date int(11) default NULL,
8493 PRIMARY KEY (id),
8494 KEY name_index(name),
8495 KEY nametype_index(name,type),
8496 KEY domainid_index(domain_id)
8497 );
8498 </screen>
8499
8500 Every domain should have a unique domain_id, which should remain identical for all records in a domain. Records with a domain_id that
8501 differs from that in the domain SOA record will not appear in a zone transfer.
8502
8503 </para>
8504 <para>
8505 The change_date may optionally
8506 be updated to the time_t (the number of seconds since midnight UTC at the start of 1970), and is in that case used to auto calculate the
8507 SOA serial number in case that is unspecified.
8508
8509 </para>
8510 <sect2><title>Configuration settings</title>
8511 <para>
8512 WARNING! Make sure that you can actually resolve the hostname of your database without accessing the database! It is advised to supply
8513 an IP address here to prevent chicken/egg problems!
8514 </para>
8515 <para>
8516 <variablelist>
8517 <varlistentry>
8518 <term>mysql-dbname</term>
8519 <listitem>
8520 <para>
8521 Database name to connect to
8522 </para>
8523 </listitem>
8524 </varlistentry>
8525 <varlistentry>
8526 <term>mysql-host</term>
8527 <listitem>
8528 <para>
8529 Database host to connect to
8530 </para>
8531 </listitem>
8532 </varlistentry>
8533 <varlistentry>
8534 <term>mysql-password</term>
8535 <listitem>
8536 <para>
8537 Password to connect with
8538 </para>
8539 </listitem>
8540 </varlistentry>
8541 <varlistentry>
8542 <term>mysql-socket</term>
8543 <listitem>
8544 <para>
8545 MySQL socket to use for connecting
8546 </para>
8547 </listitem>
8548 </varlistentry>
8549 <varlistentry>
8550 <term>mysql-table</term>
8551 <listitem>
8552 <para>
8553 MySQL table name. Defaults to 'records'.
8554 </para>
8555 </listitem>
8556 </varlistentry>
8557 <varlistentry>
8558 <term>mysql-user</term>
8559 <listitem>
8560 <para>
8561 MySQL user to connect as
8562 </para>
8563 </listitem>
8564 </varlistentry>
8565 </variablelist>
8566 </para>
8567 </sect2>
8568 <sect2><title>Notes</title>
8569 <para>
8570 It has been observed that InnoDB tables outperform the default MyISAM tables by a large margin. Furthermore, the default
8571 number of backends (3) should be raised to 10 or 15 for busy servers.
8572 </para>
8573 </sect2>
8574
8575 </sect1>
d022a079
BH		 8576 <sect1 id="randombackend"><title>Random Backend</title>
8577 <para>
8578 <table>
8579 <title>Random Backend capabilities</title>
8580 <tgroup cols=2>
8581 <tbody>
8582 <row><entry>Native</entry><entry>Yes</entry></row>
8583 <row><entry>Master</entry><entry>No</entry></row>
8584 <row><entry>Slave</entry><entry>No</entry></row>
8585 <row><entry>Superslave</entry><entry>No</entry></row>
8586 <row><entry>Autoserial</entry><entry>No</entry></row>
8587 <row><entry>Case</entry><entry>Depends</entry></row>
8588 <row><entry>Module name</entry><entry>built in</entry></row>
8589 <row><entry>Lauch name</entry><entry>random</entry></row>
8590 </tbody>
8591 </tgroup>
8592 </table>
8593 </para>
8594 <para>
8595 This is a very silly backend which is discussed in <xref linkend="simple-backends"> as a demonstration on
8596 how to write a PowerDNS backend.
8597 </para>
8598 <para>
8599 This backend knows about only one hostname, and only about its IP address at that. With every query,
8600 a new random IP address is generated.
8601 </para>
8602 <para>
8603 It only makes sense to load the random backend in combination with a regular backend. This can be done by prepending
8604 it to the <command>launch=</command> instruction, such as <command>launch=random,gmysql</command>.
8605 </para>
8606 <para>
8607 Variables:
8608 </para>
8609 <para>
8610 <variablelist>
8611 <varlistentry>
8612 <term>random-hostname</term>
8613 <listitem>
8614 <para>
8615 Hostname for which to supply a random IP address.
8616 </para>
8617 </listitem>
8618 </varlistentry>
8619 </variablelist>
8620 </para>
8621 </sect1>
8622
12c86877
BH		 8623 <sect1 id="pdnsbackend"><Title>MySQL PDNS backend</title>
8624 <para>
8625 <table>
8626 <title>MySQL backend capabilities</title>
8627 <tgroup cols=2>
8628 <tbody>
8629 <row><entry>Native</entry><entry>Yes</entry></row>
8630 <row><entry>Master</entry><entry>No</entry></row>
8631 <row><entry>Slave</entry><entry>No</entry></row>
8632 <row><entry>Superslave</entry><entry>No</entry></row>
8633 <row><entry>Autoserial</entry><entry>Yes</entry></row>
8634 <row><entry>Case</entry><entry>Insensitive</entry></row>
d022a079
BH		 8635 <row><entry>Module name</entry><entry>pdns</entry></row>
8636 <row><entry>Lauch name</entry><entry>pdns</entry></row>
12c86877
BH		 8637 </tbody>
8638 </tgroup>
8639 </table>
8640 </para>
8641 <para>
caa6eefa
BH		 8642 This is the driver that corresponds to the set of XML-RPC tools available from PowerDNS.
8643 </para>
8644 <para>
8645 The schema:
8646 <screen>
8647CREATE TABLE MailForwards (
8648 Id int(10) unsigned NOT NULL auto_increment,
8649 ZoneId int(10) unsigned NOT NULL default '0',
8650 Name varchar(255) NOT NULL default '',
8651 Destination varchar(255) NOT NULL default '',
8652 Flags int(11) NOT NULL default '0',
8653 ChangeDate timestamp(14) NOT NULL,
8654 CreateDate timestamp(14) NOT NULL,
8655 Active tinyint(4) NOT NULL default '0',
8656 PRIMARY KEY (Id),
8657 KEY NameIndex (Name),
8658 KEY ZoneIdIndex (ZoneId)
8659);
8660
8661--
8662-- Table structure for table 'Mailboxes'
8663--
8664
8665CREATE TABLE Mailboxes (
8666 Id int(10) unsigned NOT NULL auto_increment,
8667 ZoneId int(10) unsigned NOT NULL default '0',
8668 Name varchar(255) NOT NULL default '',
8669 Password varchar(255) NOT NULL default '',
8670 Quota int(10) unsigned NOT NULL default '0',
8671 Flags int(11) NOT NULL default '0',
8672 ChangeDate timestamp(14) NOT NULL,
8673 CreateDate timestamp(14) NOT NULL,
8674 Active tinyint(4) NOT NULL default '0',
8675 PRIMARY KEY (Id),
8676 UNIQUE KEY Name (Name),
8677 KEY ZoneIdIndex (ZoneId),
8678 KEY NameIndex (Name)
8679);
8680
8681--
8682-- Table structure for table 'Records'
8683--
8684
8685CREATE TABLE Records (
8686 Id int(10) unsigned NOT NULL auto_increment,
8687 ZoneId int(10) unsigned NOT NULL default '0',
8688 Name varchar(255) NOT NULL default '',
8689 Type varchar(8) NOT NULL default '',
8690 Content varchar(255) NOT NULL default '',
8691 TimeToLive int(11) NOT NULL default '60',
8692 Priority int(11) NOT NULL default '0',
8693 Flags int(11) NOT NULL default '0',
8694 ChangeDate timestamp(14) NOT NULL,
8695 CreateDate timestamp(14) NOT NULL,
8696 Active tinyint(4) NOT NULL default '0',
8697 PRIMARY KEY (Id),
8698 KEY NameIndex (Name)
8699);
8700
8701--
8702-- Table structure for table 'WebForwards'
8703--
8704
8705CREATE TABLE WebForwards (
8706 Id int(10) unsigned NOT NULL auto_increment,
8707 ZoneId int(10) unsigned NOT NULL default '0',
8708 Name varchar(255) NOT NULL default '',
8709 Destination varchar(255) NOT NULL default '',
8710 Type varchar(7) NOT NULL default 'NORMAL',
8711 Title varchar(255) NOT NULL default '',
8712 Description varchar(255) NOT NULL default '',
8713 Keywords varchar(255) NOT NULL default '',
8714 FavIcon varchar(255) NOT NULL default '',
8715 Flags int(11) NOT NULL default '0',
8716 ChangeDate timestamp(14) NOT NULL,
8717 CreateDate timestamp(14) NOT NULL,
8718 Active tinyint(4) NOT NULL default '0',
8719 PRIMARY KEY (Id),
8720 KEY NameIndex (Name),
8721 KEY ZoneIdIndex (ZoneId)
8722);
8723
8724--
8725-- Table structure for table 'Zones'
8726--
8727
8728CREATE TABLE Zones (
8729 Id int(10) unsigned NOT NULL auto_increment,
8730 Name varchar(255) NOT NULL default '',
8731 Hostmaster varchar(255) NOT NULL default '',
8732 Serial int(10) unsigned NOT NULL default '0',
8733 AutoSerial tinyint(4) NOT NULL default '0',
8734 Flags int(11) NOT NULL default '0',
8735 ChangeDate timestamp(14) NOT NULL,
8736 CreateDate timestamp(14) NOT NULL,
8737 Active tinyint(4) NOT NULL default '0',
8738 TimeToLive int(11) NOT NULL default '0',
8739 OwnerId varchar(255) NOT NULL default '',
8740 PRIMARY KEY (Id),
8741 UNIQUE KEY Name (Name),
8742 KEY NameIndex (Name)
8743);
8744
8745 </screen>
12c86877
BH		 8746 </para>
8747 <para>
8748 It takes a number of parameters:
8749 </para>
8750 <para>
8751 <variablelist>
8752 <varlistentry>
8753 <term>pdns-dbname</term>
8754 <listitem>
8755 <para>
8756 Database name to connect to
8757 </para>
8758 </listitem>
8759 </varlistentry>
8760 <varlistentry>
8761 <term>pdns-host</term>
8762 <listitem>
8763 <para>
8764 Database host to connect to
8765 </para>
8766 </listitem>
8767 </varlistentry>
8768 <varlistentry>
8769 <term>pdns-password</term>
8770 <listitem>
8771 <para>
8772 Password to connect with
8773 </para>
8774 </listitem>
8775 </varlistentry>
8776 <varlistentry>
8777 <term>pdns-socket</term>
8778 <listitem>
8779 <para>
8780 MySQL socket to use for connecting
8781 </para>
8782 </listitem>
8783 </varlistentry>
8784 <varlistentry>
8785 <term>pdns-user</term>
8786 <listitem>
8787 <para>
8788 MySQL user to connect as
8789 </para>
8790 </listitem>
8791 </varlistentry>
8792 </variablelist>
8793 </para>
8794 <sect2><title>Notes</title>
8795 <para>
8796 It has been observed that InnoDB tables outperform the default MyISAM tables by a large margin. Furthermore, the default
8797 number of backends (3) should be raised to 10 or 15 for busy servers.
8798 </para>
8799 </sect2>
8800
8801 </sect1>
8802
8803 <sect1 id="generic-mypgsql-backends"><Title>Generic MySQL and PgSQL backends</title>
8804 <para>
8805 <table>
8806 <title>Generic PgSQL and MySQL backend capabilities</title>
8807 <tgroup cols=2>
8808 <tbody>
12c86877
BH		 8809 <row><entry>Native</entry><entry>Yes - but PostgreSQL does not replicate</entry></row>
8810 <row><entry>Master</entry><entry>Yes</entry></row>
8811 <row><entry>Slave</entry><entry>Yes</entry></row>
8812 <row><entry>Superslave</entry><entry>Yes</entry></row>
c75a6a9e 8813 <row><entry>Autoserial</entry><entry>NO</entry></row>
12c86877 8814 <row><entry>Case</entry><entry>All lower</entry></row>
973ad2b5
BH		 8815 <row><entry>Module name &lt; 2.9.3</entry><entry>pgmysql</entry></row>
8816 <row><entry>Module name &gt; 2.9.2</entry><entry>gmysql and gpgsql</entry></row>
8817 <row><entry>Lauch name</entry><entry>gmysql and gpgsql2 and gpgsql</entry></row>
12c86877
BH		 8818 </tbody>
8819 </tgroup>
8820 </table>
8821 </para>
8822 <para>
8823 PostgreSQL and MySQL backend with easily configurable SQL statements, allowing you to graft PDNS on any PostgreSQL or MySQL database of your choosing.
8824 Because all database schemas will be different, a generic backend is needed to cover all needs.
8825 </para>
8826 <para>
8827 The template queries are expanded using the C function 'snprintf' which implies that substitutions are performed on the basis of %-place holders.
8828 To place a a % in a query which will not be substituted, use %%. Make sure to fill out the search key, often called 'name' in lower case!
8829 </para>
8830 <para>
8831 There are in fact two backends, one for PostgreSQL and one for MySQL but they accept the same settings and use almost exactly the same database schema.
8832 </para>
8833 <sect2><title>MySQL specifics</title>
8834 <para>
12c86877
BH		 8835 <warning>
8836 <para>
8f9aa910 8837 If using MySQL with 'slave' support enabled in PowerDNS you <command>must</command> run MySQL with a table engine that supports transactions.
12c86877
BH		 8838 </para>
8839 </warning>
8840 </para>
8841 <para>
8842 In practice, great results are achieved with the 'InnoDB' tables. PowerDNS will silently function with non-transaction aware MySQLs but at one point
8843 this is going to harm your database, for example when an incoming zone transfer fails.
8844 </para>
8845 <para>
8846 The default setup conforms to the following schema:
8847 <programlisting>
8848create table domains (
8849 id INT auto_increment,
8850 name VARCHAR(255) NOT NULL,
8851 master VARCHAR(20) DEFAULT NULL,
8852 last_check INT DEFAULT NULL,
8853 type VARCHAR(6) NOT NULL,
8854 notified_serial INT DEFAULT NULL,
8855 account VARCHAR(40) DEFAULT NULL,
8856 primary key (id)
8857)type=InnoDB;
8858
8859CREATE UNIQUE INDEX name_index ON domains(name);
8860
8861CREATE TABLE records (
8862 id INT auto_increment,
8863 domain_id INT DEFAULT NULL,
8864 name VARCHAR(255) DEFAULT NULL,
8865 type VARCHAR(6) DEFAULT NULL,
8866 content VARCHAR(255) DEFAULT NULL,
8867 ttl INT DEFAULT NULL,
8868 prio INT DEFAULT NULL,
8869 change_date INT DEFAULT NULL,
8870 primary key(id)
8871)type=InnoDB;
8872
8873CREATE INDEX rec_name_index ON records(name);
8874CREATE INDEX nametype_index ON records(name,type);
8875CREATE INDEX domain_id ON records(domain_id);
8876
8877create table supermasters (
8878 ip VARCHAR(25) NOT NULL,
8879 nameserver VARCHAR(255) NOT NULL,
8880 account VARCHAR(40) DEFAULT NULL
8881);
8882
8883GRANT SELECT ON supermasters TO pdns;
8884GRANT ALL ON domains TO pdns;
8885GRANT ALL ON records TO pdns;
8886 </programlisting>
8887 </para>
629eaf49
BH		 8888 <para>
8889 Zone2sql with the --gmysql flag also assumes this layout is in place.
8890 </para>
12c86877
BH		 8891 <para>
8892 This schema contains all elements needed for master, slave and superslave operation. Depending on which features will be used, the 'GRANT' statements
8893 can be trimmed to make sure PDNS cannot subvert the contents of your database.
8894 </para>
8895 <para>
629eaf49
BH		 8896 When using the InnoDB storage engine, we suggest adding the following lines to the 'create table records' command above:
8897<programlisting>
8898CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains`
8899(`id`) ON DELETE CASCADE
8900</programlisting>
8901 </para>
8902 <para>
8903 This automates deletion of records on deletion of a domain from the domains table.
12c86877
BH		 8904 </para>
8905 </sect2>
8906 <sect2><title>PostgresSQL specifics</title>
8907 <para>
caa6eefa 8908 The default setup conforms to the following schema, which you should add to a PostgreSQL database.
12c86877
BH		 8909 <programlisting>
8910create table domains (
8911 id SERIAL PRIMARY KEY,
8912 name VARCHAR(255) NOT NULL,
8913 master VARCHAR(20) DEFAULT NULL,
8914 last_check INT DEFAULT NULL,
8915 type VARCHAR(6) NOT NULL,
8916 notified_serial INT DEFAULT NULL,
8917 account VARCHAR(40) DEFAULT NULL
8918);
8919CREATE UNIQUE INDEX name_index ON domains(name);
8920
8921CREATE TABLE records (
8922 id SERIAL PRIMARY KEY,
8923 domain_id INT DEFAULT NULL,
8924 name VARCHAR(255) DEFAULT NULL,
8925 type VARCHAR(6) DEFAULT NULL,
8926 content VARCHAR(255) DEFAULT NULL,
8927 ttl INT DEFAULT NULL,
8928 prio INT DEFAULT NULL,
8929 change_date INT DEFAULT NULL,
8930 CONSTRAINT domain_exists
8931 FOREIGN KEY(domain_id) REFERENCES domains(id)
8932 ON DELETE CASCADE
8933);
8934
8935CREATE INDEX rec_name_index ON records(name);
8936CREATE INDEX nametype_index ON records(name,type);
8937CREATE INDEX domain_id ON records(domain_id);
8938
8939create table supermasters (
8940 ip VARCHAR(25) NOT NULL,
8941 nameserver VARCHAR(255) NOT NULL,
8942 account VARCHAR(40) DEFAULT NULL
8943);
8944
8945GRANT SELECT ON supermasters TO pdns;
8946GRANT ALL ON domains TO pdns;
8947GRANT ALL ON domains_id_seq TO pdns;
8948GRANT ALL ON records TO pdns;
8949GRANT ALL ON records_id_seq TO pdns;
8950 </programlisting>
8951 </para>
8952 <para>
8953 This schema contains all elements needed for master, slave and superslave operation. Depending on which features will be used, the 'GRANT' statements
8954 can be trimmed to make sure PDNS cannot subvert the contents of your database.
8955 </para>
8956 <para>
8957 Zone2sql with the --gpgsql flag also assumes this layout is in place.
caa6eefa
BH		 8958 </para>
8959 <para>
8960 With PostgreSQL, you may have to run 'createdb powerdns' first and then connect to that database with 'psql powerdns', and
8961 feed it the schema above.
8962 </para>
12c86877 8963 </sect2>
3fd72808 8964 <sect2 id="goracle"><title>Oracle specifics</title>
c3cf76c4 8965 <para>
3fd72808
BH		 8966 Generic Oracle support is only available since version 2.9.18.
8967 The default setup conforms to the following schema, which you should add to an Oracle database. You may need or want to add 'namespace' statements.
c3cf76c4
BH		 8968 <programlisting>
8969
8970create table domains (
8971 id NUMBER,
8972 name VARCHAR(255) NOT NULL,
8973 master VARCHAR(20) DEFAULT NULL,
8974 last_check INT DEFAULT NULL,
8975 type VARCHAR(6) NOT NULL,
8976 notified_serial INT DEFAULT NULL,
8977 account VARCHAR(40) DEFAULT NULL,
8978 primary key (id)
8979);
8980create sequence DOMAINS_ID_SEQUENCE;
8981create index DOMAINS$NAME on Domains (NAME);
8982
8983
8984CREATE TABLE records (
8985 id number(11) not NULL,
8986 domain_id INT DEFAULT NULL REFERENCES Domains(ID) ON DELETE CASCADE,
8987 name VARCHAR(255) DEFAULT NULL,
8988 type VARCHAR(6) DEFAULT NULL,
8989 content VARCHAR(255) DEFAULT NULL,
8990 ttl INT DEFAULT NULL,
8991 prio INT DEFAULT NULL,
8992 change_date INT DEFAULT NULL,
8993 primary key (id)
8994);
8995
8996create index RECORDS$NAME on RECORDS (NAME);
8997create sequence RECORDS_ID_SEQUENCE;
8998
8999create table supermasters (
9000 ip VARCHAR(25) NOT NULL,
9001 nameserver VARCHAR(255) NOT NULL,
9002 account VARCHAR(40) DEFAULT NULL
9003);
9004
9005 </programlisting>
9006 </para>
9007 <para>
3fd72808 9008 This schema contains all elements needed for master, slave and superslave operation. Depending on which features will be used, 'GRANT' statements
c3cf76c4
BH		 9009 can be trimmed to make sure PDNS cannot subvert the contents of your database.
9010 </para>
3fd72808
BH		 9011 <para>
9012 Zone2sql with the --gpgsql flag also assumes this layout is in place.
c3cf76c4 9013 </para>
3fd72808
BH		 9014 <para>
9015 Inserting records is a bit different compared to MySQL and PostgreSQL, you should use:
9016<screen>
9017insert into domains (id,name,type) values (domains_id_sequence.nextval,'netherlabs.nl','NATIVE');
9018 </screen>
9019 </para>
c5020d07
BH		 9020 <para>
9021 Furthermore, use the <command>goracle-tnsname</command> setting to specify which TNSNAME the Generic Oracle Backend
9022 should be connectiong to. There are no <command>goracle-dbname</command>, <command>goracle-host</command> or
9023 <command>goracle-port</command> settings, their equivalent is in <filename>/etc/tnsnames.ora</filename>.
9024 </para>
c3cf76c4
BH		 9025 </sect2>
9026
12c86877
BH		 9027 <sect2><title>Basic functionality</title>
9028 <para>
9029 4 queries are needed for regular lookups, 4 for 'fancy records' which are disabled by default and 1 is needed for zone transfers.
9030 </para>
9031 <para>The 4+4 regular queries must return the following 6 fields, in this exact order:
9032 <variablelist>
9033 <varlistentry>
9034 <term>content</term>
9035 <listitem>
9036 <para>
9037 This is the 'right hand side' of a DNS record. For an A record, this is the IP address for example.
9038 </para>
9039 </listitem>
9040 </varlistentry>
9041 <varlistentry>
9042 <term>ttl</term>
9043 <listitem>
9044 <para>
9045 TTL of this record, in seconds. Must be a real value, no checking is performed.
9046 </para>
9047 </listitem>
9048 </varlistentry>
9049 <varlistentry>
9050 <term>prio</term>
9051 <listitem>
9052 <para>
9053 For MX records, this should be the priority of the mail exchanger specified.
9054 </para>
9055 </listitem>
9056 </varlistentry>
9057 <varlistentry>
9058 <term>qtype</term>
9059 <listitem>
9060 <para>
9061 The ASCII representation of the qtype of this record. Examples are 'A', 'MX', 'SOA', 'AAAA'. Make sure that this
9062 field returns an exact answer - PDNS won't recognise 'A ' as 'A'. This can be achieved by using a VARCHAR instead
9063 of a CHAR.
9064 </para>
9065 </listitem>
9066
9067 </varlistentry>
9068 <varlistentry>
9069 <term>domain_id</term>
9070 <listitem>
9071 <para>
9072 Each domain must have a unique domain_id. No two domains may share a domain_id, all records in a domain should have the same. A number.
9073 </para>
9074 </listitem>
9075 </varlistentry>
9076 <varlistentry>
9077 <term>name</term>
9078 <listitem>
9079 <para>
9080 Actual name of a record. Must not end in a '.' and be fully qualified - it is not relative to the name of the domain!
9081 </para>
9082 </listitem>
9083 </varlistentry>
9084 </variablelist>
9085 Please note that the names of the fields are not relevant, but the order is!
9086 </para>
9087 <para>
9088 As said earlier, there are 8 SQL queries for regular lookups. To configure them, set 'gmysql-basic-query' or 'gpgsql-basic-query', depending on your
9089 choice of backend. If so called 'MBOXFW' fancy records are not used, four queries remain:
9090 <variablelist>
9091 <varlistentry>
9092 <term>basic-query</term>
9093 <listitem>
9094 <para>
7c3e815e 9095 Default: <command>select content,ttl,prio,type,domain_id,name from records where type='%s' and name='%s'</command>
12c86877
BH		 9096 This is the most used query, needed for doing 1:1 lookups of qtype/name values. First %s is replaced by the ASCII representation
9097 of the qtype of the question, the second by the name.
9098 </para>
9099 </listitem>
9100 </varlistentry>
9101 <varlistentry>
9102 <term>id-query</term>
9103 <listitem>
9104 <para>
7c3e815e 9105 Default: <command>select content,ttl,prio,type,domain_id,name from records where type='%s' and name='%s' and domain_id=%d</command>
12c86877
BH		 9106 Used for doing lookups within a domain. First %s is replaced by the qtype, the %d which should appear after the %s by the numeric
9107 domain_id.
9108 </para>
9109 </listitem>
9110 </varlistentry>
9111
9112 <varlistentry>
9113 <term>any-query</term>
9114 <listitem>
9115 <para>
9116 For doing ANY queries. Also used internally.
9117 Default: <command>select content,ttl,prio,type,domain_id,name from records where name='%s'</command>
9118 The %s is replaced by the qname of the question.
9119 </para>
9120 </listitem>
9121 </varlistentry>
9122 <varlistentry>
9123 <term>any-id-query</term>
9124 <listitem>
9125 <para>
9126 For doing ANY queries within a domain. Also used internally.
9127 Default: <command>select content,ttl,prio,type,domain_id,name from records where name='%s' and domain_id=%d</command>
9128 The %s is replaced by the name of the domain, the %d by the numerical domain id.
9129 </para>
9130 </listitem>
9131 </varlistentry>
9132 </variablelist>
9133 </para>
9134 <para>
9135 The last query is for listing the entire contents of a zone. This is needed when performing a zone transfer, but sometimes also internally:
9136 <variablelist>
9137 <varlistentry>
9138 <term>list-query</term>
9139 <listitem>
9140 <para>
9141 To list an entire zone.
9142 Default: <command>select content,ttl,prio,type,domain_id,name from records where domain_id=%d</command>
9143 </para>
9144 </listitem>
9145 </varlistentry>
9146 </variablelist>
9147 </para>
9148 </sect2>
468e50b8
BH		 9149 <sect2 id="master-slave-queries"><title>Master/slave queries</title>
9150 <para>
9151 Most installations will have zero need to change the following settings, but should the need arise, here they are:
9152 <variablelist>
9153 <varlistentry>
9154 <term>master-zone-query</term>
9155 <listitem>
9156 <para>
9157 Called to determine the master of a zone.
9158 Default: <command>select master from domains where name='%s' and type='SLAVE'</command>
9159 </para>
9160 </listitem>
9161 </varlistentry>
9162 <varlistentry>
9163 <term>info-zone-query</term>
9164 <listitem>
9165 <para>
9166 Called to retrieve (nearly) all information for a domain:
9167 Default: <command>select id,name,master,last_check,notified_serial,type from domains where name='%s'</command>
9168 </para>
9169 </listitem>
9170 </varlistentry>
9171 <varlistentry>
9172 <term>info-all-slaves-query</term>
9173 <listitem>
9174 <para>
9175 Called to retrieve all slave domains
9176 Default: <command>select id,name,master,last_check,type from domains where type='SLAVE'</command>
9177 </para>
9178 </listitem>
9179 </varlistentry>
9180 <varlistentry>
9181 <term>supermaster-query</term>
9182 <listitem>
9183 <para>
6d5e9bba 9184 Called to determine if a certain host is a supermaster for a certain domain name.
468e50b8
BH		 9185 Default: <command>
9186 select account from supermasters where ip='%s' and nameserver='%s'");
9187 </command>
9188 </para>
9189 </listitem>
9190 </varlistentry>
9191 <varlistentry>
9192 <term>insert-slave-query</term>
9193 <listitem>
9194 <para>
9195 Called to add a domain as slave after a supermaster notification.
9196 Default: <command>
9197 insert into domains (type,name,master,account) values('SLAVE','%s','%s','%s')
9198 </command>
9199 </para>
9200 </listitem>
9201 </varlistentry>
9202 <varlistentry>
9203 <term>insert-record-query</term>
9204 <listitem>
9205 <para>
9206 Called during incoming AXFR.
9207 Default: <command>
9208 insert into records (content,ttl,prio,type,domain_id,name) values ('%s',%d,%d,'%s',%d,'%s')
9209 </command>
9210 </para>
9211 </listitem>
9212 </varlistentry>
9213 <varlistentry>
9214 <term>update-serial-query</term>
9215 <listitem>
9216 <para>
9217 Called to update the last notified serial of a master domain.
9218 Default: <command>
9219 update domains set notified_serial=%d where id=%d
9220 </command>
9221 </para>
9222 </listitem>
9223 </varlistentry>
9224 <varlistentry>
9225 <term>update-lastcheck-query</term>
9226 <listitem>
9227 <para>
9228 Called to update the last time a slave domain was checked for freshness.
9229 Default: <command>
9230 update domains set notified_serial=%d where id=%d
9231 </command>
9232 </para>
9233 </listitem>
9234 </varlistentry>
9235 <varlistentry>
9236 <term>info-all-master-query</term>
9237 <listitem>
9238 <para>
9239 Called to get data on all domains for which the server is master.
9240 Default: <command>
9241 select id,name,master,last_check,notified_serial,type from domains where type='MASTER'
9242 </command>
9243 </para>
9244 </listitem>
9245 </varlistentry>
9246 <varlistentry>
9247 <term>delete-zone-query</term>
9248 <listitem>
9249 <para>
9250 Called to delete all records of a zone. Used before an incoming AXFR.
9251 Default: <command>
9252 delete from records where domain_id=%d
9253 </command>
9254 </para>
9255 </listitem>
9256 </varlistentry>
9257 </variablelist>
12c86877
BH		 9258 <sect2><title>Fancy records</title>
9259 <para>
9260 If PDNS is used with so called 'Fancy Records', the 'MBOXFW' record exists which specifies an email address forwarding instruction,
9261 wildcard queries are sometimes needed. This is not enabled by default. A wildcard query is
9262 an internal concept - it has no relation to *.domain-type lookups. You can safely leave these queries blank.
9263 <variablelist>
9264 <varlistentry>
9265 <term>wildcard-query</term>
9266 <listitem>
9267 <para>
9268 Can be left blank. See above for an explanation.
7c3e815e 9269 Default: <command>select content,ttl,prio,type,domain_id,name from records where type='%s' and name like '%s'</command>
12c86877
BH		 9270 </para>
9271 </listitem>
9272 </varlistentry>
9273 <varlistentry>
9274 <term>wildcard-id-query</term>
9275 <listitem>
9276 <para>
9277 Can be left blank. See above for an explanation.
7c3e815e 9278 Default: <command>select content,ttl,prio,type,domain_id,name from records where type='%s' and name like '%s' and domain_id=%d</command>
12c86877
BH		 9279 Used for doing lookups within a domain.
9280 </para>
9281 </listitem>
9282 </varlistentry>
9283 <varlistentry>
9284 <term>wildcard-any-query</term>
9285 <listitem>
9286 <para>
9287 For doing wildcard ANY queries.
9288 Default: <command>select content,ttl,prio,type,domain_id,name from records where name like '%s'</command>
9289 </para>
9290 </listitem>
9291 </varlistentry>
9292 <varlistentry>
9293 <term>wildcard-any-id-query</term>
9294 <listitem>
9295 <para>
9296 For doing wildcard ANY queries within a domain.
9297 Default: <command>select content,ttl,prio,type,domain_id,name from records where name like '%s' and domain_id=%d</command>
9298 </para>
9299 </listitem>
9300 </varlistentry>
9301 </variablelist>
9302 </para>
9303 </sect2>
9304
9305 <sect2><title>Settings and specifying queries</title>
9306 <para>
9307 The queries above are specified in pdns.conf. For example, the basic-query would appear as:
9308 <screen>
7c3e815e 9309 gpgsql-basic-query=select content,ttl,prio,type,domain_id,name from records where type='%s' and name='%s'
12c86877 9310 </screen>
0d8612f2
BH		 9311 When using the Generic PostgreSQL backend, they appear as above. When using the generic MySQL backend, change the
9312 "gpgsql-" prefix to "gmysql-".
9313 </para>
9314 <para>
12c86877
BH		 9315 Queries can span multiple lines, like this:
9316 <screen>
9317 gpgsql-basic-query=select content,ttl,prio,type,domain_id,name from records \
7c3e815e 9318 where type='%s' and name='%s'
12c86877
BH		 9319 </screen>
9320 Do not wrap statements in quotes as this will not work.
9321 Besides the query related settings, the following configuration options are available:
9322 </para>
9323 <para>
9324 <variablelist>
9325 <varlistentry>
9326 <term>gpgsql-dbname</term>
9327 <listitem>
9328 <para>
9329 Database name to connect to
9330 </para>
9331 </listitem>
9332 </varlistentry>
9333 <varlistentry>
9334 <term>gpgsql-host</term>
9335 <listitem>
9336 <para>
9337 Database host to connect to. WARNING: When specified as a hostname a chicken/egg situation might arise where the database
9338 is needed to resolve the IP address of the database. It is best to supply an IP address of the database here.
9339 </para>
9340 </listitem>
9341 </varlistentry>
6cfc883f 9342 <varlistentry>
9f1d5826 9343 <term>gmysql-socket (only for MySQL!)</term>
6cfc883f
BH		 9344 <listitem>
9345 <para>
9346 Filename where the MySQL connection socket resides. Often <filename>/tmp/mysql.sock</filename> or <filename>/var/run/mysqld/mysqld.sock</filename>.
9347 </para>
9348 </listitem>
9349 </varlistentry>
12c86877
BH		 9350 <varlistentry>
9351 <term>gpgsql-password</term>
9352 <listitem>
9353 <para>
9354 Password to connect with
9355 </para>
9356 </listitem>
9357 </varlistentry>
9358 <varlistentry>
9359 <term>gpgsql-user</term>
9360 <listitem>
9361 <para>
9362 PgSQL user to connect as
9363 </para>
9364 </listitem>
9365 </varlistentry>
9366 </variablelist>
9367 </para>
9368 </sect2>
9369 <sect2><title>Native operation</title>
9370 <para>
9371 For native operation, either drop the FOREIGN KEY on the domain_id field, or (recommended), make sure
9372 the <command>domains</command> table is filled properly. To add a domain, issue the following:
9373 <programlisting>
9374 insert into domains (name,type) values ('powerdns.com','NATIVE');
9375 </programlisting>
9376 The records table can now be filled by with the domain_id set to the id of the domains table row just inserted.
9377 </para>
9378 </sect2>
9379 <sect2><title>Slave operation</title>
9380 <para>
9381 The PostgreSQL backend is fully slave capable. To become a slave of the 'powerdns.com' domain, execute this:
9382 <programlisting>
9383 insert into domains (name,master,type) values ('powerdns.com','213.244.168.217','SLAVE');
9384 </programlisting>
9385 And wait a while for PDNS to pick up the addition - which happens within one minute. There is no need to inform PDNS that a new domain
9386 was added.
9387 Typical output is:
9388 <programlisting>
9389 Apr 09 13:34:29 All slave domains are fresh
9390 Apr 09 13:35:29 1 slave domain needs checking
9391 Apr 09 13:35:29 Domain powerdns.com is stale, master serial 1, our serial 0
9392 Apr 09 13:35:30 [gPgSQLBackend] Connected to database
9393 Apr 09 13:35:30 AXFR started for 'powerdns.com'
9394 Apr 09 13:35:30 AXFR done for 'powerdns.com'
9395 Apr 09 13:35:30 [gPgSQLBackend] Closing connection
9396 </programlisting>
9397 </para>
9398 <para>
9399 From now on, PDNS is authoritative for the 'powerdns.com' zone and will respond accordingly for queries within that zone.
9400 </para>
9401 <para>
9402 Periodically, PDNS schedules checks to see if domains are still fresh. The default <command>slave-cycle-interval</command> is 60 seconds, large installations may need to raise this value. Once a domain has been checked, it will not be checked before its SOA refresh timer has expired. Domains whose status is unknown get checked every 60 seconds by default.
9403 </para>
9404 </sect2>
9405 <sect2><title>Superslave operation</title>
9406 <para>
9407 To configure a supermaster with IP address 10.0.0.11 which lists this installation as 'autoslave.powerdns.com', issue the following:
9408 <programlisting>
9409 insert into supermasters ('10.0.0.11','autoslave.powerdns.com','internal');
9410 </programlisting>
9411 From now on, valid notifies from 10.0.0.11 that list a NS record containing 'autoslave.powerdns.com' will lead to the
9412 provisioning of a slave domain under the account 'internal'. See <xref linkend="supermaster"> for details.
9413 </para>
9414 </sect2>
9415 <sect2><title>Master operation</title>
9416 <para>
9417 The PostgreSQL backend is fully master capable with automatic discovery of serial changes. Raising the serial number of a domain
9418 suffices to trigger PDNS to send out notifications. To configure a domain for master operation instead of the default native replication,
9419 issue:
9420 <programlisting>
9421 insert into domains (name,type) values ('powerdns.com','MASTER');
9422 </programlisting>
9423 Make sure that the assigned id in the domains table matches the domain_id field in the records table!
9424 </para>
9425 </sect1>
9426
c3cf76c4 9427 <sect1 id="oracle"><Title>Oracle backend</title>
12c86877
BH		 9428 <para>
9429 <table>
9430 <title>Oracle backend capabilities</title>
9431 <tgroup cols=2>
9432 <tbody>
9433 <row><entry>Native</entry><entry>Yes</entry></row>
9434 <row><entry>Master</entry><entry>No</entry></row>
9435 <row><entry>Slave</entry><entry>No</entry></row>
9436 <row><entry>Superslave</entry><entry>No</entry></row>
9437 <row><entry>Autoserial</entry><entry>Yes</entry></row>
d022a079
BH		 9438 <row><entry>Module name</entry><entry>oracle</entry></row>
9439 <row><entry>Launch name</entry><entry>oracle</entry></row>
9440
12c86877
BH		 9441 </tbody>
9442 </tgroup>
9443 </table>
9444 </para>
9445 <para>
9446 Oracle backend with easily configurable SQL statements, allowing you to graft PDNS on any Oracle database of your choosing.
9447 </para>
9448 <para>
9449 PowerDNS is currently ascertaining if this backend can be distributed in binary form without violating Oracle licensing. In the meantime,
152b4591 9450 the source code to the Oracle backend is available in the pdns distribution.
12c86877
BH		 9451 </para>
9452 <para>
9453 The following configuration settings are available:
9454 </para>
9455 <para>
9456 <variablelist>
9457 <varlistentry>
9458 <term>oracle-debug-queries</term>
9459 <listitem>
9460 <para>
9461 Output all queries to disk for debugging purposes.
9462 </para>
9463 </listitem>
9464 </varlistentry>
9465 <varlistentry>
9466 <term>oracle-time-queries</term>
9467 <listitem>
9468 <para>
9469 Output all queries to disk for timing purposes.
9470 </para>
9471 </listitem>
9472 </varlistentry>
9473 <varlistentry>
9474 <term>oracle-uppercase-database</term>
9475 <listitem>
9476 <para>
9477 Change all domain names to uppercase before querying database.
9478 </para>
9479 </listitem>
9480 </varlistentry>
9481 <varlistentry>
9482 <term>oracle-database</term>
9483 <listitem>
9484 <para>
9485 Oracle database name to connect to.
9486 </para>
9487 </listitem>
9488 </varlistentry>
9489 <varlistentry>
9490 <term>oracle-home</term>
9491 <listitem>
9492 <para>
9493 PDNS can set the ORACLE_HOME environment variable from within the executable, allowing execution of
9494 the daemon from init.d scripts where ORACLE_HOME may not yet be set.
9495 </para>
9496 </listitem>
9497 </varlistentry>
9498 <varlistentry>
9499 <term>oracle-sid</term>
9500 <listitem>
9501 <para>
9502 PDNS can set the ORACLE_SID environment variable from within the executable, allowing execution of
9503 the daemon from init.d scripts where ORACLE_SID may not yet be set.
9504 </para>
9505 </listitem>
9506 </varlistentry>
9507 <varlistentry>
9508 <term>oracle-username</term>
9509 <listitem>
9510 <para>
9511 Oracle username to connect as.
9512 </para>
9513 </listitem>
9514 </varlistentry>
9515 <varlistentry>
9516 <term>oracle-password</term>
9517 <listitem>
9518 <para>
9519 Oracle password to connect with.
9520 </para>
9521 </listitem>
9522 </varlistentry>
9523 </variablelist>
9524 </para>
9525 <para>
9526 The generic Oracle backend can be configured to use user-specified queries. The following are the default queries
9527 and their names:
9528 </para>
9529 <para>
9530 <variablelist>
9531 <varlistentry>
9532 <term>oracle-forward-query</term>
9533 <listitem>
9534 <para>
9535 select content, TimeToLive, Priority, type, ZoneId, nvl(ChangeDate,0) from Records where name = :name and type = :type
9536 </para>
9537 </listitem>
9538 </varlistentry>
9539 <varlistentry>
9540 <term>oracle-forward-query-by-zone</term>
9541 <listitem>
9542 <para>
9543 select content, TimeToLive, Priority, type, ZoneId, nvl(ChangeDate,0) from records where name = :name and type = :type and ZoneId = :id
9544 </para>
9545 </listitem>
9546 </varlistentry>
9547 <varlistentry>
9548 <term>oracle-forward-any-query</term>
9549 <listitem>
9550 <para>
9551 select content, TimeToLive, Priority, type, ZoneId, nvl(ChangeDate,0) from records where name = :name
9552 </para>
9553 </listitem>
9554 </varlistentry>
9555 <varlistentry>
9556 <term>oracle-list-query</term>
9557 <listitem>
9558 <para>
9559 select content, TimeToLive, Priority, type, ZoneId, nvl(ChangeDate, 0), name from records where ZoneId = :id
9560 </para>
9561 </listitem>
9562 </varlistentry>
9563 </variablelist>
9564 </para>
9565 <sect2><title>Setting up Oracle for use with PowerDNS</title>
9566 <para>
9567 To setup a database that corresponds to these default queries, issue the following as Oracle user sys:
9568 <screen>
9569 create user powerdns identified by YOURPASSWORD;
9570 grant connect to powerdns;
9571
9572 create tablespace powerdns datafile '/opt/oracle/oradata/oracle/powerdns.dbf'
9573 size 256M extent management local autoallocate;
9574
9575 alter user powerdns quota unlimited on powerdns;
9576 </screen>
9577 </para>
9578 <para>
9579 As user 'powerdns' continue with:
9580 <screen>
9581create table Domains (
9582 ID number(11) NOT NULL,
9583 NAME VARCHAR(255) NOT NULL,
9584 MASTER VARCHAR(20) DEFAULT NULL,
9585 LAST_CHECK INT DEFAULT NULL,
9586 TYPE VARCHAR(6) NOT NULL,
9587 NOTIFIED_SERIAL INT DEFAULT NULL,
9588 ACCOUNT VARCHAR(40) DEFAULT NULL,
9589 primary key (ID)
9590)tablespace POWERDNS;
9591
9592create index DOMAINS$NAME on Domains (NAME) tablespace POWERDNS;
9593create sequence DOMAINS_ID_SEQUENCE;
9594
9595create table Records
9596(
9597 ID number(11) NOT NULL,
9598 ZoneID number(11) default NULL REFERENCES Domains(ID) ON DELETE CASCADE,
9599 NAME varchar2(255) default NULL,
9600 TYPE varchar2(6) default NULL,
9601 CONTENT varchar2(255) default NULL,
9602 TimeToLive number(11) default NULL,
9603 Priority number(11) default NULL,
9604 CreateDate number(11) default NULL,
9605 ChangeDate number(11) default NULL,
9606 primary key (ID)
9607)tablespace POWERDNS;
9608
9609create index RECORDS$NAME on RECORDS (NAME) tablespace POWERDNS;
9610create sequence RECORDS_ID_SEQUENCE;
9611 </screen>
9612 </para>
9613 <para>
9614 To insert records, either use <command>zone2sql</command> with the <command>--oracle</command> setting, or execute sql
9615 along the lines of:
9616 <screen>
9617insert into domains (id,name,type) values (domains_id_sequence.nextval,'netherlabs.nl','NATIVE');
9618insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RECORDS_ID_SEQUENCE.nextval,id ,'netherlabs.nl', 'SOA', 'ahu.casema.net. hostmaster.ds9a.nl. 2000081401 28800 7200 604800 86400', 3600, 0 from Domains where name='netherlabs.nl';
9619insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RECORDS_ID_SEQUENCE.nextval,id ,'netherlabs.nl', 'NS', 'ahu.casema.net', 3600, 0 from Domains where name='netherlabs.nl';
9620insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RECORDS_ID_SEQUENCE.nextval,id ,'netherlabs.nl', 'NS', 'ns1.pine.nl', 3600, 0 from Domains where name='netherlabs.nl';
9621insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RECORDS_ID_SEQUENCE.nextval,id ,'netherlabs.nl', 'NS', 'ns2.pine.nl', 3600, 0 from Domains where name='netherlabs.nl';
9622insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RECORDS_ID_SEQUENCE.nextval,id ,'netherlabs.nl', 'A', '213.244.168.210', 3600, 0 from Domains where name='netherlabs.nl';
9623insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RECORDS_ID_SEQUENCE.nextval,id ,'netherlabs.nl', 'MX', 'outpost.ds9a.nl', 3600, 10 from Domains where name='netherlabs.nl';
9624
9625 </screen>
9626 </para>
9627 <para>
9628 For performance reasons it is best to specify <command>--transactions</command> too!
9629 </para>
9630 </sect2>
9631 </sect1>
9632
fededf47
BH		 9633 <sect1 id="gsqlite">
9634 <title>Generic SQLite backend</title>
9635 <para>
9636 <table>
9637 <title>Generic SQLite backend capabilities</title>
9638 <tgroup cols=2>
9639 <tbody>
9640 <row><entry>Native</entry><entry>Yes</entry></row>
9641 <row><entry>Master</entry><entry>Yes</entry></row>
9642 <row><entry>Slave</entry><entry>Yes</entry></row>
9643 <row><entry>Superslave</entry><entry>Yes</entry></row>
9644 <row><entry>Module name</entry><entry>gsqlite</entry></row>
9645 <row><entry>Launch name</entry><entry>gsqlite</entry></row>
9646 </tbody>
9647 </tgroup>
9648 </table>
9649 </para>
9650 <para>
9651 This backend retrieves all data from a SQLite database, which is a RDBMS that's embedded into the application itself, so you won't need to be running a seperate server process.
9652 It also reduces overhead, and simplifies installation.
9653 At <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink> you can find more information about SQLite.
9654 </para>
9655 <para>
9656 As this is a generic backend, built on top of the gSql framework, you can specify all queries as documented in <link linkend="generic-mypgsql-backends">Generic MySQL and PgSQL backends</link>.
9657 </para>
9658 <sect2>
9659 <title>Compiling the SQLite backend</title>
9660 <para>
9661 Before you can begin compiling PowerDNS with the SQLite backend you need to have the SQLite utility and library installed on your system.
9662 You can download these from <ulink url="http://www.sqlite.org/download.html">http://www.sqlite.org/download.html</ulink>, or you can use packages (if your distribution provides those).
9663 </para>
9664 <para>
9665 When you've installed the library you can use: <command>./configure --with-modules="gsqlite"</command> to configure PowerDNS to use the SQLite backend.
9666 Compilation can then proceed as usual.
9667 </para>
9668 <para>
9669 SQLite is included in most PowerDNS binary releases.
9670 </para>
9671 </sect2>
9672 <sect2>
9673 <title>Setting up the database</title>
9674 <para>
9675 Before you can use this backend you first have to set it up and fill it with data.
9676 The default setup conforms to the following schema:
9677
9678 <programlisting>
9679 create table domains (
9680 id INTEGER PRIMARY KEY,
9681 name VARCHAR(255) NOT NULL,
9682 master VARCHAR(20) DEFAULT NULL,
9683 last_check INTEGER DEFAULT NULL,
9684 type VARCHAR(6) NOT NULL,
9685 notified_serial INTEGER DEFAULT NULL,
9686 account VARCHAR(40) DEFAULT NULL
9687 );
9688
9689 CREATE UNIQUE INDEX name_index ON domains(name);
9690
9691 CREATE TABLE records (
9692 id INTEGER PRIMARY KEY,
9693 domain_id INTEGER DEFAULT NULL,
9694 name VARCHAR(255) DEFAULT NULL,
9695 type VARCHAR(6) DEFAULT NULL,
9696 content VARCHAR(255) DEFAULT NULL,
9697 ttl INTEGER DEFAULT NULL,
9698 prio INTEGER DEFAULT NULL,
9699 change_date INTEGER DEFAULT NULL
9700 );
9701
9702 CREATE INDEX rec_name_index ON records(name);
9703 CREATE INDEX nametype_index ON records(name,type);
9704 CREATE INDEX domain_id ON records(domain_id);
9705
9706 create table supermasters (
9707 ip VARCHAR(25) NOT NULL,
9708 nameserver VARCHAR(255) NOT NULL,
9709 account VARCHAR(40) DEFAULT NULL
9710 );
9711 </programlisting>
9712 </para>
9713 <para>
9714 This schema contains all elements needed for master, slave and superslave operation.
9715 </para>
9716 <para>
9717 After you have created the database you probably want to fill it with data.
9718 If you have a BIND zonefile it's as easy as: <command>zone2sql --zone=myzonefile --gmysql | sqlite powerdns.sqlite</command>, but
9719 you can also use AXFR (or insert data manually if you have too much time ;)).
9720 </para>
9721 </sect2>
9722 <sect2>
9723 <title>Using the SQLite backend</title>
9724 <para>
9725 The last thing you need to do is telling PowerDNS to use the SQLite backend.
9726 </para>
9727 <para>
9728 <programlisting>
9729 # in pdns.conf
9730 launch=gsqlite
9731 gsqlite-database=&lt;path to your SQLite database&gt;
9732 </programlisting>
9733 </para>
9734 <para>
9735 Then you can start PowerDNS and it should notify you that a connection to the database was made.
9736 </para>
9737 </sect2>
9738 </sect1>
9739
12c86877
BH		 9740 <sect1 id="db2"><Title>DB2 backend</title>
9741 <para>
9742 <table>
9743 <title>DB2 backend capabilities</title>
9744 <tgroup cols=2>
9745 <tbody>
9746 <row><entry>Native</entry><entry>Yes</entry></row>
9747 <row><entry>Master</entry><entry>No</entry></row>
9748 <row><entry>Slave</entry><entry>No</entry></row>
9749 <row><entry>Superslave</entry><entry>No</entry></row>
9750 <row><entry>Autoserial</entry><entry>Yes</entry></row>
d022a079
BH		 9751 <row><entry>Module name</entry><entry>db2</entry></row>
9752 <row><entry>Launch name</entry><entry>db2</entry></row>
9753
12c86877
BH		 9754 </tbody>
9755 </tgroup>
9756 </table>
9757 </para>
9758 <para>
d022a079 9759 PowerDNS is currently ascertaining if this backend can be distributed in binary form without violating IBM DB2 licensing.
12c86877
BH		 9760 </para>
9761 <para>
9762 The DB2 backend executes the following queries:
9763 <variablelist>
9764 <varlistentry>
9765 <term>Forward Query</term>
9766 <listitem>
9767 <para>
9768 select Content, TimeToLive, Priority, Type, ZoneId, 0 as ChangeDate, Name from Records where Name = ? and type = ?
9769 </para>
9770 </listitem>
9771 </varlistentry>
9772 <varlistentry>
9773 <term>Forward By Zone Query</term>
9774 <listitem>
9775 <para>
9776 select Content, TimeToLive, Priority, Type, ZoneId, 0 as ChangeDate, Name from Records where Name = ? and Type = ? and ZoneId = ?
9777 </para>
9778 </listitem>
9779 </varlistentry>
9780 <varlistentry>
9781 <term>Forward Any Query</term>
9782 <listitem>
9783 <para>
9784 select Content, TimeToLive, Priority, Type, ZoneId, 0 as ChangeDate, Name from Records where Name = ?
9785 </para>
9786 </listitem>
9787 </varlistentry>
9788 <varlistentry>
9789 <term>List Query</term>
9790 <listitem>
9791 <para>
9792 select Content, TimeToLive, Priority, Type, ZoneId, 0 as ChangeDate, Name from Records where ZoneId = ?
9793 </para>
9794 </listitem>
9795 </varlistentry>
9796 </variablelist>
9797 </para>
9798 <para>
9799 Configuration settings:
9800 <variablelist>
9801 <varlistentry>
9802 <term>db2-server</term>
9803 <listitem>
9804 <para>
9805 Server name to connect to. Defaults to 'powerdns'. Make sure that your nameserver is not needed to resolve an IP address needed to connect as
9806 this might lead to a chicken/egg situation.
9807 </para>
9808 </listitem>
9809 </varlistentry>
9810 <varlistentry>
9811 <term>db2-user</term>
9812 <listitem>
9813 <para>
9814 Username to connect as. Defaults to 'powerdns'.
9815 </para>
9816 </listitem>
9817 </varlistentry>
9818 <varlistentry>
9819 <term>db2-password</term>
9820 <listitem>
9821 <para>
9822 Password to connect with. Defaults to 'powerdns'.
9823 </para>
9824 </listitem>
9825 </varlistentry>
9826 </variablelist>
9827 </para>
9828 </sect1>
9829
9830 <sect1 id="bindbackend"><Title>Bind zone file backend</title>
9831 <para>
9832 <table>
9833 <title>Bind zone file backend capabilities</title>
9834 <tgroup cols=2>
9835 <tbody>
9836 <row><entry>Native</entry><entry>Yes</entry></row>
11a45617
BH		 9837 <row><entry>Master</entry><entry>Yes</entry></row>
9838 <row><entry>Slave</entry><entry>Yes</entry></row>
12c86877
BH		 9839 <row><entry>Superslave</entry><entry>No</entry></row>
9840 <row><entry>Autoserial</entry><entry>No</entry></row>
d022a079
BH		 9841 <row><entry>Module name</entry><entry>none (built in)</entry></row>
9842 <row><entry>Launch</entry><entry>bind</entry></row>
12c86877
BH		 9843 </tbody>
9844 </tgroup>
9845 </table>
9846 </para>
bdf40704
BH		 9847 <para>
9848 <note>
9849 <para>
9850 There is also the Bind2backend which works exactly like this backend but is far more experimental. In the future it supplant the bindbackend.
9851 </para>
9852 </note>
9853 </para>
12c86877
BH		 9854 <para>
9855 The BindBackend started life as a demonstration of the versatility of PDNS but quickly gained in importance when there appeared to be demand
9856 for a Bind 'workalike'.
9857 </para>
9858 <para>
9859 The BindBackend parses a Bind-style named.conf and extracts information about zones from it. It makes no attempt to honour other configuration flags,
9860 which you should configure (when available) using the PDNS native configuration.
9861 </para>
9862 <para>
9863 <variablelist>
9864 <varlistentry>
9865 <term>--help=bind</term>
9866 <listitem>
9867 <para>
9868 Outputs all known parameters related to the bindbackend
9869 </para>
9870 </listitem>
9871 </varlistentry>
9872 <varlistentry>
9873 <term>bind-example-zones</term>
9874 <listitem>
9875 <para>
9876 Loads the 'example.com' zone which can be queried to determine if PowerDNS is functioning without configuring
9877 database backends.
9878 </para>
9879 </listitem>
9880 </varlistentry>
9881 <varlistentry>
9882 <term>bind-config=</term>
9883 <listitem>
9884 <para>
9885 Location of the Bind configuration file to parse.
9886 </para>
9887 </listitem>
9888 </varlistentry>
9889 <varlistentry>
9890 <term>bind-check-interval=</term>
9891 <listitem>
9892 <para>
9893 How often to check for zone changes. See 'Operation' section.
9894 </para>
9895 </listitem>
9896 </varlistentry>
9897 <varlistentry>
9898 <term>bind-enable-huffman</term>
9899 <listitem>
9900 <para>
9901 Enable Huffman compression on zone data. Currently saves around 20% of memory actually used, but slows down operation
9902 somewhat.
9903 </para>
9904 </listitem>
9905 </varlistentry>
9906 </variablelist>
9907 </para>
9908 <sect2>
9909 <title>Operation</title>
9910 <para>
9911 On launch, the BindBackend first parses the named.conf to determine which zones need to be loaded. These will then be parsed
9912 and made available for serving, as they are parsed. So a named.conf with 100.000 zones may take 20 seconds to load, but after 10 seconds,
9913 50.000 zones will already be available. While a domain is being loaded, it is not yet available, to prevent incomplete answers.
9914 </para>
9915 <para>
9916 Reloading is currently done only when a request for a zone comes in, and then only after <command>bind-check-interval</command> seconds have passed
9917 after the last check. If a change occurred, access to the zone is disabled, the file is reloaded, access is restored, and the question is answered.
9918 For regular zones, reloading is fast enough to answer the question which lead to the reload within the DNS timeout.
9919 </para>
9920 <para>
11a45617
BH		 9921 If <command>bind-check-interval</command> is specified as zero, no checks will be performed until the <command>pdns_control reload</command>
9922 is given.
12c86877 9923 </para>
11a45617
BH		 9924 <sect2 id="bind-control-commands"><title>Pdns_control commands</title>
9925 <para>
9926 <variablelist>
9927 <varlistentry>
9928 <term>bind-domain-status <userinput>domain</userinput> [<userinput>domain</userinput>]</term>
9929 <listitem>
9930 <para>
9931 Output status of domain or domains. Can be one of 'seen in named.conf, not parsed', 'parsed successfully at &lt;time;&gt;' or
9932 'error parsing at line ... at &lt;time&gt;'.
9933 </para>
9934 </listitem>
9935 </varlistentry>
9936 <varlistentry>
9937 <term>bind-list-rejects</term>
9938 <listitem>
9939 <para>
9940 Lists all zones that have problems, and what those problems are.
9941 </para>
9942 </listitem>
9943 </varlistentry>
9944 <varlistentry>
9945 <term>bind-reload-now <userinput>domain</userinput></term>
9946 <listitem>
9947 <para>
9948 Reloads a zone from disk NOW, reporting back results.
9949 </para>
9950 </listitem>
9951 </varlistentry>
9952 </variablelist>
9953 </para>
9954 </sect2>
12c86877
BH		 9955 <sect2><title>Performance</title>
9956 <para>
9957 The BindBackend does not benefit from the packet cache as it is fast enough on its own. Furthermore, on most systems, there will
9958 be no benefit in using multiple CPUs for the packetcache, so a noticeable speedup can be attained by specifying
9959 <command>distributor-threads=1</command> in <filename>pdns.conf</filename>.
9960 </para>
9961 </sect2>
9962 <sect2><title>Master/slave configuration</title>
11a45617
BH		 9963 <sect3><title>Master</title>
9964 <para>
9965 Works as expected. At startup, no notification storm is performed as this is generally not useful. Perhaps in the future the Bind Backend
9966 will attempt to store zone metadata in the zone, allowing it to determine if a zone has changed its serial since the last time
9967 notifications were sent out.
9968 </para>
9969 <para>
9970 Changes which are discovered when reloading zones do lead to notifications however.
9971 </para>
9972 </sect3>
9973 <sect3><title>Slave</title>
9974 <para>
9975 Also works as expected. The Bind backend expects to be able to write to a directory where a slave domain lives. The incoming zone is stored
9976 as 'zonename.RANDOM' and atomically renamed if it is retrieved successfully, and parsed only then.
9977 </para>
9978 <para>
9979 In the future, this may be improved so the old zone remains available should parsing fail.
9980 </para>
9981 </sect3>
973ad2b5
BH		 9982 <sect2><title>Commands</title>
9983 <para>
9984 <command>pdns_control</command> offers commands to communicate instructions to PowerDNS. These are detailed here.
9985 <variablelist>
9986 <varlistentry>
9987 <term>rediscover</term>
9988 <listitem>
9989 <para>
9990 Reread the bind configuration file (<filename>named.conf</filename>). If parsing fails, the old configuration
9991 remains in force and pdns_control reports the error. Any newly discovered domains are read, discarded domains
9992 are removed from memory.
9993 <note>
9994 <para>
9995 Except that with 2.9.3, they are not removed from memory.
9996 </para>
9997 </note>
9998 </para>
9999 </listitem>
10000 </varlistentry>
10001 <varlistentry>
bdf40704 10002 <term>reload</term>
973ad2b5
BH		 10003 <listitem>
10004 <para>
10005 All zones with a changed timestamp are reloaded at the next incoming query for them.
10006 </para>
10007 </listitem>
10008 </varlistentry>
10009 </variablelist>
10010 </para>
10011 </sect2>
12c86877
BH		 10012 </sect1>
10013
10014 <sect1 id="odbc">
10015 <Title>ODBC backend</Title>
10016 <para>
10017 <table>
10018 <title>ODBC backend capabilities</title>
10019 <tgroup cols=2>
10020 <tbody>
10021 <row><entry>Native</entry><entry>Yes</entry></row>
10022 <row><entry>Master</entry><entry>Yes (experimental)</entry></row>
10023 <row><entry>Slave</entry><entry>Yes (experimental)</entry></row>
10024 <row><entry>Superslave</entry><entry>No</entry></row>
10025 <row><entry>Autoserial</entry><entry>Yes</entry></row>
10026 </tbody>
10027 </tgroup>
10028 </table>
10029 </para>
10030 <para>
10031 The ODBC backend can retrieve zone information from any source that has a ODBC driver available.
10032 <note><para>This backend is only available on PowerDNS for Windows.</para></note>
10033 </para>
10034
10035 <para>
10036 The ODBC backend needs data in a fixed schema which is the same as the data needed by the MySQL backend. The create statement
10037 will resemble this:
10038 <screen>
10039 CREATE TABLE records (
10040 id int(11) NOT NULL auto_increment,
10041 domain_id int(11) default NULL,
10042 name varchar(255) default NULL,
10043 type varchar(6) default NULL,
10044 content varchar(255) default NULL,
10045 ttl int(11) default NULL,
10046 prio int(11) default NULL,
10047 change_date int(11) default NULL,
10048 PRIMARY KEY (id),
10049 KEY name_index(name),
10050 KEY nametype_index(name,type),
10051 KEY domainid_index(domain_id)
10052 );
10053 </screen>
10054 </para>
10055
10056 <para>
10057 To use the ODBC backend an ODBC source has to be created, to do this see the section Installing PowerDNS on Microsoft Windows, <xref linkend="windows">.
10058 </para>
10059
10060 <para>
10061 The following configuration settings are available:
10062
10063 <variablelist>
10064 <varlistentry>
10065 <term>odbc-datasource</term>
10066 <listitem>
10067 <para>
10068 Specifies the name of the data source to use.
10069 </para>
10070 </listitem>
10071 </varlistentry>
10072 <varlistentry>
10073 <term>odbc-user</term>
10074 <listitem>
10075 <para>
10076 Specifies the username that has to be used to log into the datasource.
10077 </para>
10078 </listitem>
10079 </varlistentry>
10080 <varlistentry>
10081 <term>odbc-pass</term>
10082 <listitem>
10083 <para>
10084 Specifies the user's password.
10085 </para>
10086 </listitem>
10087 </varlistentry>
10088 <varlistentry>
10089 <term>odbc-table</term>
10090 <listitem>
10091 <para>
10092 Specifies the name of the table containing the zone information.
10093 </para>
10094 </listitem>
10095 </varlistentry>
10096 </variablelist>
10097 </para>
10098 <para>
10099 The ODBC backend has been tested with Microsoft Access, MySQL (via MyODBC) and Microsoft SQLServer. As the SQL statements used are very basic,
10100 it is expected to work with many ODBC drivers.
10101 </para>
731f58b8
BH		 10102 </sect1>
10103 <sect1 id="xdbbackend"><Title>XDB Backend</title>
10104 <para>
10105 Special purpose backend for grandiose performance. Can talk to Tridge's Trivial Database, or to regular *db tables on disk. Currently only sparsely
10106 documented. Very useful if you need to do &gt;50.000 queries/second, which we actually measured on the .ORG zone.
10107 </para>
10108 <para>
10109 More documentation will follow.
10110 </para>
10111 </sect1>
3de83124 10112 <sect1 id="ldap"><Title>LDAP backend</title>
5a0f9e64
BH		 10113 <para>
10114 <warning>
10115 <para>
10116 This documentation has moved to <ulink url="http://wiki.linuxnetworks.de/index.php/PowerDNS_ldapbackend">its own page</ulink>. The information in this chapter
10117 may be outdated!
10118 </para>
10119 </warning>
6d5e9bba
BH		 10120 <para>
10121 The main author for this module is Norbert Sendetzky who also has his own <ulink url="http://www.linuxnetworks.de/pdnsldap/index.html">PowerDNS-LDAP page</ulink>.
10122 </para>
5a0f9e64
BH		 10123 <para>
10124 He also maintains the <ulink url="http://wiki.linuxnetworks.de/index.php/PowerDNS_ldapbackend">LDAP backends documentation</ulink> there. The information
10125 below may be outdated!
10126 </para>
3de83124
BH		 10127 <para>
10128 <table>
10129 <title>LDAP backend capabilities</title>
10130 <tgroup cols=2>
10131 <tbody>
10132 <row><entry>Native</entry><entry>Yes</entry></row>
10133 <row><entry>Master</entry><entry>No</entry></row>
10134 <row><entry>Slave</entry><entry>No</entry></row>
10135 <row><entry>Superslave</entry><entry>No</entry></row>
10136 <row><entry>Autoserial</entry><entry>Yes</entry></row>
10137 </tbody>
10138 </tgroup>
10139 </table>
10140 </para>
10141 <para>
10142 As of 2.9.6, PowerDNS comes with an LDAP backend. The code for this was submitted by Norbert Sendetzky.
10143 </para>
10144 <para>
10145 The following settings are available to configure the LDAP backend:
10146 <variablelist>
10147 <varlistentry>
10148 <term>ldap-host</term>
10149 <listitem>
10150 <para>
c4bee46c 10151 LDAP host to connect to, defaults to localhost.
3de83124
BH		 10152 </para>
10153 </listitem>
10154 </varlistentry>
10155 <varlistentry>
10156 <term>ldap-port</term>
10157 <listitem>
10158 <para>
10159 LDAP port to connect to, defaults to 389.
10160 </para>
10161 </listitem>
10162 </varlistentry>
10163 <varlistentry>
c4bee46c 10164 <term>ldap-basedn</term>
3de83124
BH		 10165 <listitem>
10166 <para>
c4bee46c 10167 Root for DNS searches. Must be configured before the LDAP backend will work.
3de83124
BH		 10168 </para>
10169 </listitem>
10170 </varlistentry>
10171 <varlistentry>
10172 <term>ldap-binddn</term>
10173 <listitem>
10174 <para>
c4bee46c 10175 Distinguished Name to bind with to the LDAP server. Defaults to the empty string for anonymous bind.
3de83124
BH		 10176 </para>
10177 </listitem>
10178 </varlistentry>
10179 <varlistentry>
10180 <term>ldap-secret</term>
10181 <listitem>
10182 <para>
c4bee46c 10183 Secret to bind with to LDAP server. Defaults to the empty string for anonymous bind.
3de83124
BH		 10184 </para>
10185 </listitem>
10186 </varlistentry>
dcf9bd8f
BH		 10187 <varlistentry>
10188 <term>ldap-default-ttl</term>
10189 <listitem>
10190 <para>
10191 TTL for records with no dnsttl attribute. Defaults to 86400 seconds.
10192 </para>
10193 </listitem>
10194 </varlistentry>
3de83124
BH		 10195 </variablelist>
10196 </para>
10197 <para>
c4bee46c
BH		 10198 The schema used is that defined by RFC 1279 and is present in OpenLDAP under the name 'cosine.schema'.
10199 An example LDIF file:
3de83124 10200 <screen>
3de83124
BH		 10201# zone related things including SOA, NS and MX records
10202
c4bee46c 10203dn: dc=example
3de83124
BH		 10204objectclass: top
10205objectclass: dnsdomain
10206objectclass: domainrelatedobject
10207dc: example
10208soarecord: ns.example.dom hostmaster@example.dom 2002010401 1800 3600 604800 84600
10209nsrecord: ns.example.dom
10210mxrecord: 10 mail.example.dom
10211mxrecord: 20 mail2.example.dom
10212associateddomain: example.dom
10213
10214
10215# Simple record (mail.example.dom has address 172.168.0.2)
10216
c4bee46c 10217dn: dc=mail,dc=example
3de83124
BH		 10218objectclass: top
10219objectclass: dnsdomain
10220objectclass: domainrelatedobject
10221dc: mail
10222arecord: 172.168.0.2
10223associateddomain: mail.example.dom
c4bee46c
BH		 10224
10225# There may more than one entry per record
10226# This is also applicable to all other records including "associateddomain"
10227# but not for a CNAME record
10228
10229dn: dc=server,dc=snapcount
10230objectclass: top
10231objectclass: dnsdomain
10232objectclass: domainrelatedobject
10233dc: server
10234arecord: 10.1.0.1
10235arecord: 172.168.0.1
10236associateddomain: server.example.dom
10237
10238
10239# domain alias ({mail2,ns}.example.dom is CNAME for server.example.dom)
10240# cnamerecord must only contain one entry
10241
10242dn: dc=backup,dc=snapcount
10243objectclass: top
10244objectclass: dnsdomain
10245objectclass: domainrelatedobject
10246dc: server
10247cnamerecord: server.example.dom
10248associateddomain: mail2.example.dom
10249associateddomain: ns.example.dom
3de83124
BH		 10250</screen>
10251 </para>
3de83124 10252 </sect1>
731f58b8 10253 </appendix>
12c86877
BH		 10254<appendix id="pdns-internals"><title>PDNS internals</title>
10255 <para>
10256 PDNS is normally launched by the init.d script but is actually a binary called <filename>pdns_server</filename>. This
10257 file is started by the <command>start</command> and <command>monitor</command> commands to the init.d script. Other commands
10258 are implemented using the controlsocket.
10259 </para>
10260 <sect1 id="controlsocket"><title>Controlsocket</title>
10261 <para>
10262 The controlsocket is the means to contact a running PDNS daemon, or as we now know, a running <filename>pdns_server</filename>.
10263 Over this sockets, instructions can be sent using the <filename>pdns_control</filename> program. Like the <filename>pdns_server</filename>,
10264 this program is normally accessed via the init.d script.
10265 </para>
10266 <sect2 id="pdnscontrol"><title>pdns_control</title>
10267
10268 <para>
10269 To communicate with PDNS over the controlsocket, the <command>pdns_control</command> command is used. The init.d script also calls
10270 pdns_control. The syntax is simple: <command>pdns_control command arguments</command>. Currently this is most useful for telling backends
10271 to rediscover domains or to force the transmission of notifications. See <xref linkend="master">.
10272 </para>
10273 <para>
10274 Besides the commands implemented by the init.d script, for which see <xref linkend="pdns-on-unix">, the following pdns_control commands
10275 are available:
10276 <variablelist>
10277 <varlistentry>
10278 <term>ccounts</term>
10279 <listitem>
10280 <para>
10281 Returns counts on the contents of the cache.
10282 </para>
10283 </listitem>
10284 </varlistentry>
10285 <varlistentry>
11a45617 10286 <term>notify <userinput>domain</userinput></term>
12c86877
BH		 10287 <listitem>
10288 <para>
11a45617
BH		 10289 Adds a domain to the notification list, causing PDNS to send out notifications to the nameservers of a domain. Can be used if
10290 a slave missed previous notifications or is generally hard of hearing.
10291 </para>
10292 </listitem>
10293 </varlistentry>
10294 <varlistentry>
10295 <term>notify-host <userinput>domain</userinput> <userinput>host</userinput></term>
10296 <listitem>
10297 <para>
10298 Same as above but with operator specified IP address as destination, to be used if you know better than PowerDNS.
12c86877
BH		 10299 </para>
10300 </listitem>
10301 </varlistentry>
10302 <varlistentry>
10303 <term>purge</term>
10304 <listitem>
10305 <para>
10306 Purges the entire Packet Cache - see <xref linkend="performance">.
10307 </para>
10308 </listitem>
10309 </varlistentry>
10310 <varlistentry>
10311 <term>purge <userinput>record</userinput></term>
10312 <listitem>
10313 <para>
10314 Purges all entries for this exact record name - see <xref linkend="performance">.
10315 </para>
10316 </listitem>
10317 </varlistentry>
11a45617 10318 <varlistentry>
12c86877
BH		 10319 <term>purge <userinput>record</userinput>$</term>
10320 <listitem>
10321 <para>
11a45617
BH		 10322 Purges all cache entries ending on this name, effectively purging an entire domain - see <xref linkend="performance">.
10323 </para>
10324 </listitem>
10325 </varlistentry>
10326 <varlistentry>
10327 <term>purge</term>
10328 <listitem>
10329 <para>
10330 Purges the entire Packet Cache - see <xref linkend="performance">.
10331 </para>
10332 </listitem>
10333 </varlistentry>
10334 <varlistentry>
10335 <term>purge <userinput>record</userinput></term>
10336 <listitem>
10337 <para>
10338 Purges all entries for this exact record name - see <xref linkend="performance">.
10339 </para>
10340 </listitem>
10341 </varlistentry>
10342 <varlistentry>
10343 <term>rediscover</term>
10344 <listitem>
10345 <para>
10346 Instructs backends that new domains may have appeared in the database, or, in the case of the Bind backend, in
10347 named.conf.
10348 </para>
10349 </listitem>
10350 </varlistentry>
10351 <varlistentry>
10352 <term>reload</term>
10353 <listitem>
10354 <para>
10355 Instructs backends that the contents of domains may have changed. Many backends ignore this, the Bind backend will check
10356 timestamps for all zones (once queries come in for it) and reload if needed.
10357 </para>
10358 </listitem>
10359 </varlistentry>
10360 <varlistentry>
10361 <term>retrieve <userinput>domain</userinput></term>
10362 <listitem>
10363 <para>
10364 Retrieve a slave domain from its master. Done nearly immediatly.
12c86877
BH		 10365 </para>
10366 </listitem>
10367 </varlistentry>
10368 <varlistentry>
10369 <term>set <userinput>variable value</userinput></term>
10370 <listitem>
10371 <para>
10372 Set a configuration parameter. Currently only the 'query-logging' parameter can be set.
10373 </para>
10374 </listitem>
10375 </varlistentry>
11a45617
BH		 10376 <varlistentry>
10377 <term>uptime</term>
10378 <listitem>
10379 <para>
10380 Reports the uptime of the daemon in human readable form.
10381 </para>
10382 </listitem>
10383 </varlistentry>
10384 <varlistentry>
10385 <term>version</term>
10386 <listitem>
10387 <para>
10388 returns the version of a running pdns daemon.
10389 </para>
10390 </listitem>
10391 </varlistentry>
12c86877
BH		 10392 </variablelist>
10393 </para>
10394 </sect2>
10395 </sect1>
10396
10397 <sect1 id="guardian"><title>Guardian</title>
10398 <para>
10399 When launched by the init.d script, <filename>pdns_server</filename> wraps itself inside a 'guardian'. This guardian monitors the
10400 performance of the inner <filename>pdns_server</filename> instance which shows up in the process list of your OS as
10401 <filename>pdns_server-instance</filename>.
10402
10403 It is also this guardian that <filename>pdns_control</filename> talks to. A <command>STOP</command> is interpreted by the guardian,
10404 which causes the guardian to sever the connection to the inner process and terminate it, after which it terminates itself.
10405
10406 The init.d script <command>DUMP</command> and <command>SHOW</command> commands need to access the inner process, because
10407 the guardian itself does not run a nameserver. For this purpose, the guardian passes controlsocket requests to the control console of the
10408 inner process. This is the same console as seen with init.d <command>MONITOR</command>.
10409 </para></sect1>
10410 <sect1 id="modules"><title>Modules &amp; Backends</title>
10411 <para>
10412 PDNS has the concept of backends and modules. Non-static PDNS distributions have the ability to load new modules at runtime, while the
10413 static versions come with a number of modules built in, but cannot load more.
10414 </para>
10415 <para>
10416 Related parameters are:
10417 <variablelist>
10418 <varlistentry>
10419 <term>--help</term>
10420 <listitem>
10421 <para>
10422 Outputs all known parameters, including those of launched backends, see below.
10423 </para>
10424 </listitem>
10425 </varlistentry>
10426 <varlistentry>
10427 <term>--launch=backend,backend1,backend1:name</term>
10428 <listitem>
10429 <para>
10430 Launches backends. In its most simple form, supply all backends that need to be launched. If you find
10431 that you need to launch single backends multiple times, you can specify a name for later instantiations.
10432 In this case, there are 2 instances of backend1, and the second one is called 'name'.
10433
10434 This means that <command>--backend1-setting</command> is available to configure the first or main instance, and
10435 <command>--backend1-name-setting</command> for the second one.
10436 </para>
10437 </listitem>
10438 </varlistentry>
10439 <varlistentry>
10440 <term>--load-modules=/directory/libyourbackend.so</term>
10441 <listitem>
10442 <para>
10443 If backends are available in nonstandard directories, specify their location here. Multiple files
10444 can be loaded if separated by commas. Only available in non-static PDNS distributions.
10445 </para>
10446 </listitem>
10447 </varlistentry>
10448 <varlistentry>
10449 <term>--list-modules</term>
10450 <listitem>
10451 <para>
10452 Will list all available modules, both compiled in and in dynamically loadable modules.
10453 </para>
10454 </listitem>
10455 </varlistentry>
10456 </variablelist>
10457 To run on the commandline, use the <command>pdns_server</command> binary. For example, to see options for the gpgsql backend,
10458 use the following:
10459 <screen>
10460 $ /usr/sbin/pdns_server --launch=gpgsql --help=gpgsql
10461 </screen>
10462 </para>
10463 </sect1>
10464 <sect1 id="dns-to-query"><title>How PDNS translates DNS queries into backend queries</title>
10465 <para>
10466 A DNS query is not a straightforward lookup. Many DNS queries need to check the backend for additional data, for example to
10467 determine of an unfound record should lead to an NXDOMAIN ('we know about this domain, but that record does not exist') or an
10468 unauthoritative response.
10469 </para>
10470 <para>
10471 Simplified, without CNAME processing and wildcards, the algorithm is like this:
10472 </para>
10473 <para>
10474 When a query for a <command>qname</command>/<command>qtype</command> tuple comes in, it is requested directly from the backend.
10475 If present, PDNS adds the contents of the reply to the list of records to return. A question tuple may generate multiple answer
10476 records.
10477 </para>
10478 <para>
10479 Each of these records is now investigated to see if it needs 'additional processing'. This holds for example for MX records which may
10480 point to hosts for which the PDNS backends also contain data. This involves further lookups for A or AAAA records.
10481 </para>
10482 <para>
10483 After all additional processing has been performed, PDNS sieves out all double records which may well have appeared. The resulting set of
10484 records is added to the answer packet, and sent out.
10485 </para>
10486 <para>
10487 A zone transfer works by looking up the <command>domain_id</command> of the SOA record of the name and then listing all records of that
10488 <command>domain_id</command>. This is why all records in a domain need to have the same domain_id.
10489 </para>
10490 <para>
10491 When a query comes in for an unknown domain, PDNS starts looking for SOA records of all subdomains of the qname, so
10492 no.such.powerdns.com turns into a SOA query for no.such.powerdns.com, such.powerdns.com, powerdns.com, com, ''. When a SOA is found,
10493 that zone is consulted for relevant NS instructions which lead to a referral. If nothing is found within the zone, an authoritative
10494 NXDOMAIN is sent out.
10495 </para>
10496 <para>
10497 If no SOA was found, an unauthoritative no-error is returned.
10498 </para>
10499 <para>
10500 In reality, each query for a question tuple first involves checking for a CNAME, unless that resolution has been disabled with the
10501 <command>skip-cname</command> option.
10502 </para>
10503 <para>
10504 PDNS breaks strict RFC compatability by not always checking for the presence of a SOA record first. This is unlikely to lead to
10505 problems though.
10506 </para>
10507 </appendix>
10508 <appendix id="backend-writers-guide"><title>Backend writers' guide</title>
10509 <para>
10510 PDNS backends are implemented via a simple yet powerful C++ interface. If your needs are not met by the PipeBackend, you
cdc01a90 10511 may want to write your own. Before doing any PowerDNS development, please visit <ulink url="http://wiki.powerdns.com">the wiki</ulink>.
12c86877
BH		 10512 </para>
10513 <para>
10514 A backend contains zero DNS logic. It need not look for CNAMES, it need not return NS records unless explicitly asked for, etcetera.
10515 All DNS logic is contained within PDNS itself - backends should simply return records matching the description asked for.
10516 </para>
10517 <para>
10518 <warning><para>
10519 However, please note that your backend can get queries in aNy CAsE! If your database is case sensitive, like most are (with the notable
10520 exception of MySQL), you must make sure that you do find answers which differ only in case.
10521 </para></warning>
10522 </para>
10523 <sect1 id="simple-backends"><title>Simple read-only native backends</title>
10524 <para>
10525 Implementing a backend consists of inheriting from the DNSBackend class. For read-only backends, which do not support slave operation,
10526 only the following methods are relevant:
10527
10528 <programlisting>
10529 class DNSBackend
10530 {
10531 public:
10532
10533 virtual bool lookup(const QType &amp;qtype, const string &amp;qdomain, DNSPacket *pkt_p=0, int zoneId=-1)=0;
10534 virtual bool list(int domain_id)=0;
10535 virtual bool get(DNSResourceRecord &amp;r)=0;
10536 virtual bool getSOA(const string &amp;name, SOAData &amp;soadata);
10537 };
10538 </programlisting>
10539
10540 Note that the first three methods must be implemented. <function>getSOA()</function> has a useful default implementation.
10541 </para>
10542 <para>
10543 The semantics are simple. Each instance of your class only handles one (1) query at a time. There is no need for locking as PDNS guarantees
10544 that your backend will never be called reentrantly.
10545 </para>
10546 <para>
10547 Some examples, a more formal specification is down below. A normal lookup starts like this:
10548
10549 <programlisting>
10550 YourBackend yb;
10551 yb.lookup(QType::CNAME,"www.powerdns.com");
10552 </programlisting>
10553
10554 Your class should now do everything to start this query. Perform as much preparation as possible - handling errors at this stage is better for PDNS
10555 than doing so later on. A real error should be reported by throwing an exception.
10556 </para>
10557 <para>
10558 PDNS will then call the <function>get()</function> method to get <command>DNSResourceRecord</command>s back. The following code illustrates
10559 a typical query:
10560
10561 <programlisting>
10562 yb.lookup(QType::CNAME,"www.powerdns.com");
10563
10564 DNSResourceRecord rr;
10565 while(yb.get(rr))
10566 cout&lt;&lt;"Found cname pointing to '"+rr.content+"'"&lt;&lt;endl;
10567 }
10568 </programlisting>
10569 </para>
10570 <para>
10571 Each zone starts with a Start of Authority (SOA) record. This record is special so many backends will choose to implement it
10572 specially. The default <function>getSOA()</function> method performs a regular lookup on your backend to figure out the SOA,
10573 so if you have no special treatment for SOA records, where is no need to implement your own <function>getSOA()</function>.
10574 </para>
10575 <para>
10576 Besides direct queries, PDNS also needs to be able to list a zone, to do zone transfers for example. Each zone has an id which should be
10577 unique within the backend. To list all records belonging to a zone id, the <function>list()</function> method is used. Conveniently,
10578 the domain_id is also available in the <command>SOAData</command> structure.
10579 </para>
10580 <para>
10581 The following lists the contents of a zone called "powerdns.com".
10582
10583 <programlisting>
10584 SOAData sd;
10585 if(!yb.getSOA("powerdns.com",sd)) // are we authoritative over powerdns.com?
10586 return RCode::NotAuth; // no
10587
10588 yb.list(sd.domain_id);
10589 while(yb.get(rr))
10590 cout&lt;&lt;rr.qname&lt;&lt;"\t IN "&lt;&lt;rr.qtype.getName()&lt;&lt;"\t"&lt;&lt;rr.content&lt;&lt;endl;
10591 </programlisting>
10592 </para>
10593 <para>
10594 Please note that when so called 'fancy records' (see <xref linkend="fancy-records">) are enabled, a backend can receive
10595 wildcard lookups. These have a % as the first character of the qdomain in lookup.
10596 </para>
10597 <sect2><title>A sample minimal backend</title>
10598 <para>
10599 This backend only knows about the host "random.powerdns.com", and furthermore, only about its A record:
10600
10601 <programlisting>
10602/* FIRST PART */
10603class RandomBackend : public DNSBackend
10604{
10605public:
10606 bool list(int id) {
10607 return false; // we don't support AXFR
10608 }
10609
10610 void lookup(const QType &amp;type, const string &amp;qdomain, DNSPacket *p, int zoneId)
10611 {
10612 if(type.getCode()!=QType::A || qdomain!="random.powerdns.com") // we only know about random.powerdns.com A
10613 d_answer=""; // no answer
10614 else {
10615 ostringstream os;
10616 os&lt;&lt;random()%256&lt;&lt;"."&lt;&lt;random()%256&lt;&lt;"."&lt;&lt;random()%256&lt;&lt;"."&lt;&lt;random()%256;
10617 d_answer=os.str(); // our random ip address
10618 }
10619 }
10620
10621 bool get(DNSResourceRecord &amp;rr)
10622 {
10623 if(!d_answer.empty()) {
10624 rr.qname="random.powerdns.com"; // fill in details
10625 rr.qtype=QType::A; // A record
10626 rr.ttl=86400; // 1 day
10627 rr.content=d_answer;
10628
10629 d_answer=""; // this was the last answer
10630
10631 return true;
10632 }
10633 return false; // no more data
10634 }
10635
10636private:
10637 string d_answer;
10638};
10639
10640/* SECOND PART */
10641
10642class RandomFactory : public BackendFactory
10643{
10644public:
10645 RandomFactory() : BackendFactory("random") {}
10646
10647 DNSBackend *make(const string &amp;suffix)
10648 {
10649 return new RandomBackend();
10650 }
10651};
10652
10653/* THIRD PART */
10654
10655class RandomLoader
10656{
10657public:
10658 Loader()
10659 {
10660 BackendMakers().report(new RandomFactory);
10661
10662 L&lt;&lt;Logger::Info&lt;&lt;" [RandomBackend] This is the randombackend ("__DATE__", "__TIME__") reporting"&lt;&lt;endl;
10663 }
10664};
10665
10666static RandomLoader randomloader;
10667 </programlisting>
10668 This simple backend can be used as an 'overlay'. In other words, it only knows about a single record, another loaded backend would have
10669 to know about the SOA and NS records and such. But nothing prevents us from loading it without another backend.
10670 </para>
10671 <para>
10672 The first part of the code contains the actual logic and should be pretty straightforward. The second part is a boilerplate
10673 'factory' class which PDNS calls to create randombackend instances. Note that a 'suffix' parameter is passed. Real life backends
10674 also declare parameters for the configuration file; these get the 'suffix' appended to them. Note that the "random" in the
10675 constructor denotes the name by which the backend will be known.
10676 </para>
10677 <para>
10678 The third part registers the RandomFactory with PDNS. This is a simple C++ trick which makes sure that this function
10679 is called on execution of the binary or when loading the dynamic module.
10680 </para>
10681 <para>
10682 Please note that a RandomBackend is actually in most PDNS releases. By default it lives on random.example.com, but you can change
10683 that by setting <command>random-hostname</command>.
10684 </para>
10685 <para>
10686 NOTE: this simple backend neglects to handle case properly! For a more complete example, see the full pdns-dev distribution as found on
10687 <ulink url="http://www.powerdns.com/pdns">the website</ulink>.
10688 </para>
10689 </sect2>
10690 <sect2><title>Interface definition</title>
10691 <para>
10692 Classes:
10693 <table>
10694 <title>DNSResourceRecord class</title>
10695 <tgroup cols=2>
10696 <tbody>
10697 <row>
10698 <entry>QType qtype</entry><entry>QType of this record</entry>
10699 </row>
10700 <row>
10701 <entry>string qname</entry><entry>name of this record</entry>
10702 </row>
10703 <row>
10704 <entry>string content</entry><entry>ASCII representation of right hand side</entry>
10705 </row>
10706 <row>
10707 <entry>u_int16_t priority</entry><entry>priority of an MX record.</entry>
10708 </row>
10709 <row>
10710 <entry>u_int32_t ttl</entry><entry>Time To Live of this record</entry>
10711 </row>
10712 <row>
10713 <entry>int domain_id</entry><entry>ID of the domain this record belongs to</entry>
10714 </row>
10715 <row>
10716 <entry>time_t last_modified</entry><entry>If unzero, last time_t this record was changed</entry>
10717 </row>
10718 </tbody>
10719 </tgroup>
10720 </table>
10721 </para>
10722 <para>
10723 <table>
10724 <title>SOAData struct</title>
10725 <tgroup cols=2>
10726 <tbody>
10727 <row>
10728 <entry>string nameserver</entry><entry>Name of the master nameserver of this zone</entry>
10729 </row>
10730 <row>
10731 <entry>string hostmaster</entry><entry>Hostmaster of this domain. May contain an @</entry>
10732 </row>
10733 <row>
10734 <entry>u_int32_t serial</entry><entry>Serial number of this zone</entry>
10735 </row>
10736 <row>
10737 <entry>u_int32_t refresh</entry><entry>How often this zone should be refreshed</entry>
10738 </row>
10739 <row>
10740 <entry>u_int32_t retry</entry><entry>How often a failed zone pull should be retried.</entry>
10741 </row>
10742 <row>
10743 <entry>u_int32_t expire</entry><entry>If zone pulls failed for this long, retire records</entry>
10744 </row>
10745 <row>
10746 <entry>u_int32_t default_ttl</entry><entry>Difficult</entry>
10747 </row>
10748 <row>
10749 <entry>int domain_id</entry><entry>The ID of the domain within this backend. Must be filled!</entry>
10750 </row>
10751 <row>
10752 <entry>DNSBackend *db</entry><entry>Pointer to the backend that feels authoritative for a domain and can act as a slave</entry>
10753 </row>
10754 </tbody>
10755 </tgroup>
10756 </table>
10757 </para>
10758 <para>
10759 Methods:
10760 <variablelist>
10761 <varlistentry>
10762 <term>void lookup(const QType &amp;qtype, const string &amp;qdomain, DNSPacket *pkt=0, int zoneId=-1)</term>
10763 <listitem>
10764 <para>
10765 This function is used to initiate a straight lookup for a record of name 'qdomain' and type 'qtype'.
10766 A QType can be converted into an integer by invoking its <function>getCode()</function> method and into
10767 a string with the <function>getCode()</function>.
10768 </para>
10769 <para>
10770 The original question may or may not be passed in the pointer p. If it is, you can retrieve (from 1.99.11 onwards)
10771 information about who asked the question with the <function>getRemote(DNSPacket *)</function> method. Alternatively,
10772 <function>bool getRemote(struct sockaddr *sa, socklen_t *len)</function> is available.
10773 </para>
10774 <para>
10775 Note that <command>qdomain</command> can be of any case and that your backend should make sure it is in effect case
10776 insensitive. Furthermore, the case of the original question should be retained in answers returned by <function>get()</function>!
10777 </para>
10778 <para>
10779 Finally, the domain_id might also be passed indicating that only answers from the indicated zone need apply. This
10780 can both be used as a restriction or as a possible speedup, hinting your backend where the answer might be found.
10781 </para>
10782 <para>
10783 If initiated succesfully, as indicated by returning <command>true</command>, answers should be made available over the
10784 <function>get()</function> method.
10785 </para>
10786 <para>
10787 Should throw an AhuException if an error occured accessing the database. Returning otherwise indicates that the query
10788 was started succesfully. If it is known that no data is available, no exception should be thrown! An exception indicates
10789 that the backend considers itself broken - not that no answers are available for a question.
10790 </para>
10791 <para>
10792 It is legal to return here, and have the first call to <function>get()</function> return false. This is interpreted as 'no data'
10793 </para>
10794 </listitem>
10795 </varlistentry>
10796
10797 <varlistentry>
10798 <term>bool list(int domain_id)
10799 <listitem>
10800 <para>
10801 Initiates a list of the indicated domain. Records should then be made available via the <function>get()</function> method.
10802 Need not include the SOA record. If it is, PDNS will not get confused.
10803 </para>
10804 <para>
10805 Should return false if the backend does not consider itself authoritative for this zone.
10806 Should throw an AhuException if an error occured accessing the database. Returning true indicates that data is or should be available.
10807 </para>
10808 </listitem>
10809 </varlistentry>
10810
10811 <varlistentry>
10812 <term>bool get(DNSResourceRecord &amp;rr)</term>
10813 <listitem>
10814 <para>
10815 Request a DNSResourceRecord from a query started by <function>get()</function> of <function>list()</function>. If this functions returns
10816 <command>true</command>, <command>rr</command> has been filled with data. When it returns false, no more data is available,
10817 and <command>rr</command> does not contain new data. A backend should make sure that it either fills out all fields of the
10818 DNSResourceRecord or resets them to their default values.
10819 </para>
10820 <para>
10821 The qname field of the DNSResourceRecord should be filled out with the exact <function>qdomain</function> passed to lookup, preserving
10822 its case. So if a query for 'CaSe.yourdomain.com' comes in and your database contains dat afor 'case.yourdomain.com', the qname field of rr
10823 should contin 'CaSe.yourdomain.com'!
10824 </para>
10825 <para>
10826 Should throw an AhuException in case a database error occurred.
10827 </para>
10828 </listitem>
10829 </varlistentry>
10830
10831 <varlistentry>
10832 <term>bool getSOA(const string &amp;name, SOAData &amp;soadata)</term>
10833 <listitem>
10834 <para>
10835 If the backend considers itself authoritative over domain <function>name</function>, this method should fill out
10836 the passed <command>SOAData</command> structure and return a positive number. If the backend is functioning correctly, but
10837 does not consider itself authoritative, it should return 0. In case of errors, an AhuException should be thrown.
10838 </para>
10839 </listitem>
10840 </varlistentry>
10841 </variablelist>
10842 </para>
10843 </sect2>
10844 </sect1>
10845 <sect1 id="backend-error-reporting"><title>Reporting errors</title>
10846 <para>
10847 To report errors, the Logger class is available which works mostly like an iostream. Example usage is as shown above in the RandomBackend.
10848 Note that it is very important that each line is ended with <command>endl</command> as your message won't be visible otherwise.
10849 </para>
10850 <para>
10851 To indicate the importance of an error, the standard syslog errorlevels are available. They can be set by outputting
10852 <function>Logger::Critical</function>,
10853 <function>Logger::Error</function>,
10854 <function>Logger::Warning</function>,
10855 <function>Logger::Notice</function>,
10856 <function>Logger::Info</function> or
10857 <function>Logger::Debug</function> to <function>L</function>, in descending order of graveness.
10858 </para>
10859 </sect1>
10860 <sect1 id="backend-configuration-details"><title>Declaring and reading configuration details</title>
10861 <para>
10862 It is highly likely that a backend needs configuration details. On launch, these parameters need to be declared with PDNS so it knows it
10863 should accept them in the configuration file and on the commandline. Furthermore, they will be listed in the output of
10864 <command>--help</command>.
10865 </para>
10866 <para>
10867 Declaring arguments is done by implementing the member function <function>declareArguments()</function> in the factory class of your
10868 backend. PDNS will call this method after launching the backend.
10869 </para>
10870 <para>
10871 In the <function>declareArguments()</function> method, the function <function>declare()</function> is available. The exact definitions:
10872 <variablelist>
10873 <varlistentry>
10874 <term>void declareArguments(const string &amp;suffix="")</term>
10875 <listitem>
10876 <para>
10877 This method is called to allow a backend to register configurable parameters. The suffix is the sub-name of this module. There is
10878 no need to touch this suffix, just pass it on to the declare method.
10879 </para>
10880 </listitem>
10881 </varlistentry>
10882
10883 <varlistentry>
10884 <term>void declare(const string &amp;suffix, const string &amp;param, const string &amp;explanation, const string &amp;value)</term>
10885 <listitem>
10886 <para>The suffix is passed to your method, and can be passed on to declare. <command>param</command> is the name of your parameter.
10887 <command>explanation</command> is what will appear in the output of --help. Furthermore, a default value can be supplied in the
10888 <command>value</command> parameter.
10889 </para>
10890 </listitem>
10891 </varlistentry>
10892 </variablelist>
10893 </para>
10894 <para>
10895 A sample implementation:
10896 <programlisting>
10897 void declareArguments(const string &amp;suffix)
10898 {
10899 declare(suffix,"dbname","Pdns backend database name to connect to","powerdns");
10900 declare(suffix,"user","Pdns backend user to connect as","powerdns");
10901 declare(suffix,"host","Pdns backend host to connect to","");
10902 declare(suffix,"password","Pdns backend password to connect with","");
10903 }
10904 </programlisting>
10905 </para>
10906 <para>
10907 After the arguments have been declared, they can be accessed from your backend using the <function>mustDo()</function>,
10908 <function>getArg()</function> and <function>getArgAsNum()</function> methods. The are defined as follows in the DNSBackend class:
10909 </para>
10910 <para>
10911 <variablelist>
10912 <varlistentry>
10913 <term>void setArgPrefix(const string &amp;prefix)</term>
10914 <listitem>
10915 <para>
10916 Must be called before any of the other accessing functions are used. Typical usage is '<function>setArgPrefix("mybackend"+suffix)</function>'
10917 in the constructor of a backend.
10918 </para>
10919 </listitem>
10920 </varlistentry>
10921
10922 <varlistentry>
10923 <term>bool mustDo(const string &amp;key)</term>
10924 <listitem>
10925 <para>
10926 Returns true if the variable <function>key</function> is set to anything but 'no'.
10927 </para>
10928 </listitem>
10929 </varlistentry>
10930
10931 <varlistentry>
10932 <term>const string&amp; getArg(const string &amp;key)</term>
10933 <listitem>
10934 <para>
10935 Returns the exact value of a parameter.
10936 </para>
10937 </listitem>
10938 </varlistentry>
10939
10940 <varlistentry>
10941 <term>int getArgAsNum(const string &amp;key)</term>
10942 <listitem>
10943 <para>
10944 Returns the numerical value of a parameter. Uses <function>atoi()</function> internally
10945 </para>
10946 </listitem>
10947 </varlistentry>
10948 </variablelist>
10949 </para>
10950 <para>
10951 Sample usage from the BindBackend, using the <command>bind-example-zones</command> and <command>bind-config</command>
10952 parameters.
10953 <programlisting>
10954 if(mustDo("example-zones")) {
10955 insert(0,"www.example.com","A","1.2.3.4");
10956 /* ... */
10957 }
10958
10959
10960 if(!getArg("config").empty()) {
10961 BindParser BP;
10962
10963 BP.parse(getArg("config"));
10964 }
10965
10966 </programlisting>
10967 </para>
10968 </sect1>
10969
10970 <sect1 id="rw-backends"><title>Read/write slave-capable backends</title>
10971 <para>
10972 The backends above are 'natively capable' in that they contain all data relevant for a domain and do not pull in data from other nameservers.
10973 To enable storage of information, a backend must be able to do more.
10974 </para>
10975 <para>
10976 Before diving into the details of the implementation some theory is in order. Slave domains are pulled from the master. PDNS needs to
10977 know for which domains it is to be a slave, and for each slave domain, what the IP address of the master is.
10978 </para>
10979 <para>
10980 A slave zone is pulled from a master, after which it is 'fresh', but this is only temporary. In the SOA record of a zone there is a field
10981 which specifies the 'refresh' interval. After that interval has elapsed, the slave nameserver needs to check at the master ff the serial
10982 number there is higher than what is stored in the backend locally.
10983 </para>
10984 <para>
10985 If this is the case, PDNS dubs the domain 'stale', and schedules a transfer of data from the remote. This transfer remains scheduled
10986 until the serial numbers remote and locally are identical again.
10987 </para>
10988 <para>
10989 This theory is implemented by the <function>getUnfreshSlaveInfos</function> method, which is called on all backends periodically.
10990 This method fills a vector of <command>SlaveDomain</command>s with domains that are unfresh and possibly stale.
10991 </para>
10992 <para>
10993 PDNS then retrieves the SOA of those domains remotely and locally and creates a list of stale domains. For each of these domains, PDNS
10994 starts a zonetransfer to resynchronise. Because zone transfers can fail, it is important that the interface to the backend allows
10995 for transaction semantics because a zone might otherwise be left in a halfway updated situation.
10996 </para>
10997 <para>
10998 The following excerpt from the DNSBackend shows the relevant functions:
10999 </para>
11000 <para>
11001 <programlisting>
11002 class DNSBackend {
11003 public:
11004 /* ... */
11005 virtual bool getDomainInfo(const string &amp;domain, DomainInfo &amp;di);
11006 virtual bool isMaster(const string &amp;name, const string &amp;ip);
11007 virtual bool startTransaction(const string &amp;qname, int id);
11008 virtual bool commitTransaction();
11009 virtual bool abortTransaction();
11010 virtual bool feedRecord(const DNSResourceRecord &amp;rr);
11011 virtual void getUnfreshSlaveInfos(vector&lt;DomainInfo&gt;* domains);
11012 virtual void setFresh(int id);
11013 /* ... */
11014 }
11015 </programlisting>
11016 </para>
11017 <para>
11018 The mentioned DomainInfo struct looks like this:
11019 <table>
11020 <title>DomainInfo struct</title>
11021 <tgroup cols=2>
11022 <tbody>
11023 <row>
11024 <entry>int id</entry><entry>ID of this zone within this backend</entry>
11025 </row>
11026 <row>
11027 <entry>string master</entry><entry>IP address of the master of this domain, if any</entry>
11028 </row>
11029 <row>
11030 <entry>u_int32_t serial</entry><entry>Serial number of this zone</entry>
11031 </row>
11032 <row>
11033 <entry>u_int32_t notified_serial</entry><entry>Last serial number of this zone that slaves have seen</entry>
11034 </row>
11035 <row>
11036 <entry>time_t last_check</entry><entry>Last time this zone was checked over at the master for changes</entry>
11037 </row>
11038 <row>
11039 <entry>enum {Master,Slave,Native} kind</entry><entry>Type of zone</entry>
11040 </row>
11041 <row>
11042 <entry>DNSBackend *backend</entry><entry>Pointer to the backend that feels authoritative for a domain and can act as a slave</entry>
11043 </row>
11044 </tbody>
11045 </tgroup>
11046 </table>
11047 </para>
11048 <para>
11049 These functions all have a default implementation that returns false - which explains that these methods can be omitted in simple backends.
11050 Furthermore, unlike with simple backends, a slave capable backend must make sure that the 'DNSBackend *db' field of the SOAData record is filled
11051 out correctly - it is used to determine which backend will house this zone.
11052 <variablelist>
11053 <varlistentry>
11054 <term>bool isMaster(const string &amp;name, const string &amp;ip);</term>
11055 <listitem>
11056 <para>
11057 If a backend considers itself a slave for the domain <command>name</command> and if the IP address in <command>ip</command>
11058 is indeed a master, it should return true. False otherwise. This is a first line of checks to guard against reloading a domain
11059 unnecessarily.
11060 </para>
11061 </listitem>
11062 </varlistentry>
11063 <varlistentry>
11064 <term>void getUnfreshSlaveInfos(vector&lt;DomainInfo&gt;* domains)</term>
11065 <listitem>
11066 <para>
11067 When called, the backend should examine its list of slave domains and add any unfresh ones to the domains vector.
11068 </para>
11069 </listitem>
11070 </varlistentry>
11071 <varlistentry>
11072 <term>bool getDomainInfo(const string &amp;name, DomainInfo &amp; di)</term>
11073 <listitem>
11074 <para>
11075 This is like getUnfreshSlaveInfos, but for a specific domain. If the backend considers itself authoritative for the named
11076 zone, <function>di</function> should be filled out, and 'true' be returned. Otherwise return false.
11077 </para>
11078 </listitem>
11079 </varlistentry>
11080 <varlistentry>
11081 <term>bool startTransaction(const string &amp;qname, int id)</term>
11082 <listitem>
11083 <para>
11084 When called, the backend should start a transaction that can be committed or rolled back atomically later on.
11085 In SQL terms, this function should <command>BEGIN</command> a transaction and <command>DELETE</command> all
11086 records.
11087 </para>
11088 </listitem>
11089 </varlistentry>
11090 <varlistentry>
11091 <term>bool feedRecord(const DNSResourceRecord &amp;rr)</term>
11092 <listitem>
11093 <para>
11094 Insert this record.
11095 </para>
11096 </listitem>
11097 </varlistentry>
11098
11099 <varlistentry>
11100 <term>bool commitTransaction();</term>
11101 <listitem>
11102 <para>
11103 Make the changes effective. In SQL terms, execute <command>COMMIT</command>.
11104 </para>
11105 </listitem>
11106 </varlistentry>
11107
11108 <varlistentry>
11109 <term>bool abortTransaction();</term>
11110 <listitem>
11111 <para>
11112 Abort changes. In SQL terms, execute <command>ABORT</command>.
11113 </para>
11114 </listitem>
11115 </varlistentry>
11116 <varlistentry>
11117 <term>bool setFresh()</term>
11118 <listitem>
11119 <para>
11120 Indicate that a domain has either been updated or refreshed without the need for a retransfer. This causes
11121 the domain to vanish from the vector modified by <function>getUnfreshSlaveInfos()</function>.
11122 </para>
11123 </listitem>
11124 </varlistentry>
11125
11126 </variablelist>
11127 </para>
11128 <para>
11129 PDNS will always call <function>startTransaction()</function> before making calls to <function>feedRecord()</function>.
11130 Although it is likely that <function>abortTransaction()</function> will be called in case of problems, backends should also
11131 be prepared to abort from their destructor.
11132 </para>
11133 <para>
11134 The actual code in PDNS is currently (1.99.9):
11135 <programlisting>
11136 Resolver resolver;
11137 resolver.axfr(remote,domain.c_str());
11138
11139 db->startTransaction(domain, domain_id);
11140
11141 L&lt;&lt;Logger::Error&lt;&lt;"AXFR started for '"&lt;&lt;domain&lt;&lt;"'"&lt;&lt;endl;
11142 Resolver::res_t recs;
11143
11144 while(resolver.axfrChunk(recs)) {
11145 for(Resolver::res_t::const_iterator i=recs.begin();i!=recs.end();++i) {
11146 db->feedRecord(*i);
11147 }
11148 }
11149 db->commitTransaction();
11150 db->setFresh(domain_id);
11151 L&lt;&lt;Logger::Error&lt;&lt;"AXFR done for '"&lt;&lt;domain&lt;&lt;"'"&lt;&lt;endl;
11152 </programlisting>
11153 </para>
11154 <sect2><title>Supermaster/Superslave capability</title>
11155 <para>
11156 A backend that wants to act as a 'superslave' for a master should implement the following method:
11157 <programlisting>
11158 class DNSBackend
11159 {
11160 virtual bool superMasterBackend(const string &amp;ip, const string &amp;domain, const vector&lt;DNSResourceRecord&gt;&amp;nsset, string *account, DNSBackend **db)
11161 };
11162 </programlisting>
11163 This function gets called with the IP address of the potential supermaster, the domain it is sending a notification for and the set of NS records
11164 for this domain at that IP address.
11165 </para>
11166 <para>
11167 Using the supplied data, the backend needs to determine if this is a bonafide 'supernotification' which should be honoured. If it decides that it
11168 should, the supplied pointer to 'account' needs to be filled with the configured name of the supermaster (if accounting is desired), and the
11169 db needs to be filled with a pointer to your backend.
11170 </para>
11171 <para>
11172 Supermaster/superslave is a complicated concept, if this is all unclear see <xref linkend="supermaster">.
11173 </sect2>
11174 </sect1>
11175 <sect1 id="master-backends"><title>Read/write master-capable backends</title>
11176 <para>
11177 In order to be a useful master for a domain, notifies must be sent out whenever a domain is changed. Periodically, PDNS
11178 queries backends for domains that may have changed, and sends out notifications for slave nameservers.
11179 </para>
11180 <para>
11181 In order to do so, PDNS calls the <function>getUpdatedMasters()</function> method. Like the <function>getUnfreshSlaveInfos()</function>
11182 function mentioned above, this should add changed domain names to the vector passed.
11183 </para>
11184 <para>
11185 The following excerpt from the DNSBackend shows the relevant functions:
11186 </para>
11187 <para>
11188 <programlisting>
11189 class DNSBackend {
11190 public:
11191 /* ... */
11192 virtual void getUpdatedMasters(vector&lt;DomainInfo&gt;* domains);
11193 virtual void setNotifed(int id, u_int32_t serial);
11194 /* ... */
11195 }
11196 </programlisting>
11197 </para>
11198 <para>
11199 These functions all have a default implementation that returns false - which explains that these methods can be omitted in simple backends.
11200
11201 Furthermore, unlike with simple backends, a slave capable backend must make sure that the 'DNSBackend *db' field of the SOAData record is filled
11202 out correctly - it is used to determine which backend will house this zone.
11203
11204 <variablelist>
11205 <varlistentry>
11206 <term>void getUpdatedMasters(vector&lt;DomainInfo&gt;* domains)</term>
11207 <listitem>
11208 <para>
11209 When called, the backend should examine its list of master domains and add any changed ones to the DomainInfo vector
11210 </para>
11211 </listitem>
11212 </varlistentry>
11213 <varlistentry>
11214 <term>bool setNotified(int domain_id, u_int32_t serial)</term>
11215 <listitem>
11216 <para>
11217 Indicate that notifications have been queued for this domain and that it need not be considered 'updated' anymore
11218 </para>
11219 </listitem>
11220 </varlistentry>
11221 </variablelist>
11222 </para>
11223 </sect1>
11224
11225 </appendix>
11226 <appendix id="compiling-powerdns"><title>Compiling PowerDNS</title>
d022a079
BH		 11227 <sect1 id="on-unix"><title>Compiling PowerDNS on Unix</title>
11228 <para>
11229 <note><para>
50c56696 11230 For now, see <ulink url="http://wiki.powerdns.com/">the Open Source PowerDNS site</ulink>.
d022a079
BH		 11231 <command>./configure ; make ; make install</command> will do The Right Thing for most people.
11232 </para></note>
11233 </para>
11234 <para>
11235 PowerDNS can becompiled with modules built in, or with modules designed to be loaded at runtime. All that is configured
11236 before compiling using the well known autoconf/automake system.
11237 </para>
11238 <para>
11239 To compile in modules, specify them as <command>--with-modules="mod1 mod2 mod3"</command>, substituting the desired module names.
11240 Each backend has a module name in the table at the beginning of its section.
11241 </para>
11242 <para>
11243 To compile a module for inclusion at runtime, which is great if you are a unix vendor, use <command>--with-dynmodules="mod1 mod2 mod3"</command>.
11244 These modules then end up as .so files in the compiled libdir.
11245 </para>
50c56696
BH		 11246 <para>
11247 Starting with version 2.9.18, PowerDNS requires 'Boost' to compile, it is available for most operating systems. Otherwise, see <ulink url="http://www.boost.org">the Boost
11248 website</ulink>.
11249 </para>
7da81ec4
BH		 11250 <para>
11251 If your operating system does not have a Boost package, you don't need to compile all of boost just for PowerDNS.
11252 PowerDNS only uses Boost include files, so there is no need to install all of boost. Just untar the Boost distribution file and
11253 point instruct ./configure to find it, perhaps like this:
11254 <screen>
11255 $ CXXFLAGS=-I/home/bert/download/boost_1_33_0 ./configure ...
11256 </screen>
11257 </para>
9c495589
BH		 11258 <sect2 id="unix-aix"><title>AIX</title>
11259 <para>
11260 Known to compile with gcc, but only since 2.9.8. AIX lacks POSIX semaphores so they need to be emulated, as with MacOS X.
11261 </para>
11262 </sect2>
1d329048
BH		 11263 <sect2 id="unix-freebsd"><title>FreeBSD</title>
11264 <para>
11265 Works fine, but use gmake. Pipe backend is currently broken, for reasons, see <xref linkend="pipebackend">. Due to the threading model
11266 of FreeBSD, PowerDNS does not benefit from additional CPUs on the system.
11267 </para>
7da81ec4
BH		 11268 <para>
11269 The FreeBSD Boost include files are installed in <filename>/usr/local/include</filename>, so prefix <command>CXXFLAGS=-I/usr/local/lib</command>
11270 to your <command>./configure</command> invocation.
1d329048
BH		 11271 </sect2>
11272 <sect2 id="unix-linux"><title>Linux</title>
11273 <para>
11274 Linux is probably the best supported platform as most of the main coders are Linux users. The static DEB distribution is known to have
11275 problems on Debian 'Sid', but that doesn't matter as PowerDNS is a native part of Debian 'Sid'. Just apt-get!
11276 </para>
11277 </sect2>
9c495589
BH		 11278 <sect2 id="unix-macosx"><title>MacOS X</title>
11279 <para>
11280 Did compile at one point but maintenance has lapsed. Let us know if you can provide us with a login on MacOS X or if you want to help.
11281 </para>
11282 </sect2>
1d329048
BH		 11283 <sect2 id="unix-openbsd"><title>OpenBSD</title>
11284 <para>
49f076e8 11285 Compiles but then does not work very well. We hear that it may work with more recent versions of gcc, please let us know on
1d329048
BH		 11286 <email>pdns-dev@mailman.powerdns.com</email>.
11287 </para>
11288 </sect2>
11289 <sect2 id="unix-solaris"><title>Solaris</title>
11290 <para>
11291 Solaris 7 is supported, but only just. AAAA records do not work on Solaris 7. Solaris 8 and 9 work fine. The 'Sunpro' compiler
11292 has not been tried but is reported to be lacking large parts of the Standard Template Library, which PowerDNS relies on heavily.
11293 Use gcc and gmake (if available). Regular Solaris make has some issues with some PowerDNS Makefile constructs.
11294 </para>
49f076e8
BH		 11295 <para>
11296 When compiling, make sure that you have <filename>/usr/ccs/bin</filename> in your path. Furthermore, with some versions of MySQL,
11297 you may have to add "LDFLAGS=-lz" before <command>./configure</command>.
11298 </para>
1d329048 11299 </sect2>
d022a079 11300 </sect1>
1258abe0
BH		 11301 <sect1 id="on-windows"><title>Compiling PowerDNS on Windows</title>
11302 <para>
178d5134 11303 By Michel Stol (<email>michel@powerdns.com</email>).
1258abe0
BH		 11304 <sect2><title>Assumptions</title>
11305 <para>
11306 I will assume these things from you:
11307 </para>
11308 <variablelist>
11309 <varlistentry>
11310 <term>
11311 You have the PowerDNS sources.
11312 </term>
11313 <listitem>
11314 <para>
11315 There's not much to compile without the source files, eh? :)
11316 </para>
11317 </listitem>
11318 </varlistentry>
11319
11320 <varlistentry>
11321 <term>
11322 You are using Microsoft Visual C++. If you get it to compile using a free compiler, please let us know!
11323 </term>
11324 <listitem>
11325 <para>
11326 From the day that we began porting the <acronym>UNIX</acronym> PowerDNS sources to Microsoft Windows
11327 we used Microsoft Visual C++ as our development environment of choice.
11328 </para>
11329
11330 <para>
11331 We used Visual C++ 6.0 to compile all sources (both standard version and SP5). Other versions
11332 (including Visual C++ .NET) are untested.
11333 </para>
11334 </listitem>
11335 </varlistentry>
11336
11337 <varlistentry>
11338 <term>
11339 You are using Microsoft Windows NT, 2000 or XP
11340 </term>
11341 <listitem>
11342 <para>
11343 I will assume that the system where you want to compile the sources on is running
11344 Microsoft Windows NT, 2000 or XP. These are the operating systems that where found
11345 running PowerDNS for Windows.
11346
11347 </para>
11348
11349 <note>
11350 <para>
11351 You probably can compile the sources on other Windows versions too, but that is currently untested.
11352 </para>
11353 </note>
11354 </listitem>
11355 </varlistentry>
11356
11357 <varlistentry>
11358 <term>
11359 You are using an English Windows version.
11360 </term>
11361 <listitem>
11362 <para>
11363 Troughout this document I will use the English names for menu items, names etc., so if you are
11364 running a non-English Windows or <acronym>MSVC</acronym> version you have to translate those things yourself. But
11365 I don't think that would be a big problem.
11366 </para>
11367 </listitem>
11368 </varlistentry>
11369
11370 </variablelist>
11371
11372 </sect2>
11373
11374 <sect2>
11375 <title>Prequisites</title>
11376
11377 <para>
11378 Although we tried to keep PowerDNS for Windows' dependencies down to a minimum, you will still need some
11379 programs and libraries to be able to compile the sources.
11380 </para>
11381
11382 <sect3>
11383 <title>pthreads for Windows</title>
11384
11385 <para>
11386 The pthreads for Windows library is a Windows implementation of the <acronym>POSIX</acronym> threads
11387 specification, which is used a lot in <acronym>UNIX</acronym> programs.
11388 </para>
11389
11390 <para>
11391 PowerDNS uses pthreads too, and to ease the porting process we decided not to reinvent the wheel,
11392 but to use pthreads for Windows instead.
11393 </para>
11394
11395 <sect4>
11396 <title>Getting pthreads for Windows</title>
11397
11398 <para>
11399 Pthreads for Windows is available from anonymous ftp at <ulink url="ftp://sources.redhat.com/pub/pthreads-win32/">ftp://sources.redhat.com/pub/pthreads-win32/</ulink>.
11400 You should download the latest <filename>pthreads-YYYY-MM-DD.exe</filename> file.
11401 </para>
11402
11403 <note>
11404 <para>
11405 PowerDNS for Windows was tested with the snapshot of 2002-03-02 of the library.
11406 </para>
11407 </note>
11408
11409 <para>
11410 For more information you can visit the pthreads for Windows homepage at <ulink url="http://sources.redhat.com/pthreads-win32/">http://sources.redhat.com/pthreads-win32/</ulink>
11411 </para>
11412 </sect4>
11413
11414 <sect3>
11415 <title>Installing pthreads for Windows</title>
11416
11417 <para>
11418 To install the pthreads for Windows library you have to locate your <filename>pthreads-YYYY-MM-DD.exe</filename>
11419 file and start it.
11420 </para>
11421
11422 <para>
11423 After starting the executable a self-extractor dialog will show up where you can specify where to extract
11424 the contents of the file. When you selected a location you can press the <guibutton>Extract</guibutton> button
11425 to extract all content to the target directory.
11426 </para>
11427
11428 <para>
11429 The library is now installed, we still have to tell Visual C++ where it's located though, more
11430 on that later.
11431 </para>
11432 </sect3>
11433
11434 </sect2>
11435
11436 <sect2>
11437 <title>Nullsoft Installer</title>
11438
11439 <para>
11440 For our installation program we used Nullsoft's Installer System (<acronym>NSIS</acronym>). We used
11441 <acronym>NSIS</acronym> because it's easy to use, versatile and free (and it uses <acronym><trademark>SuperPiMP</trademark></acronym> technology, but
11442 they refuse to tell us what it is ;)). If the name Nullsoft rings a bell, it's because they're the guys who made
11443 <ulink url="http://www.winamp.com/">winamp</ulink>.
11444 </para>
11445
11446 <sect3>
11447 <title>Getting the Nullsoft Installer</title>
11448
11449 <para>
11450 The Nullsoft Installer can be downloaded at their website, which is
11451 located at <ulink url="http://www.nullsoft.com/free/nsis/">http://www.nullsoft.com/free/nsis/</ulink>.
11452 The file that you should download is called <filename>nsisXXX.exe</filename> (where XXX is the latest version).
11453 </para>
11454
11455 <note>
11456 <para>
11457 You can find the <acronym>NSIS</acronym> documentation at that website too.
11458 </para>
11459 </note>
11460 </sect3>
11461
11462 <sect3>
11463 <title> Installing the Nullsoft Installer</title>
11464
11465 <para>
11466 Installing <acronym>NSIS</acronym> is easy. All there is to it is locating the installer and execute it.
11467 Then just follow the installation steps.
11468 </para>
11469 </sect3>
11470
11471 </sect2>
11472
11473 <sect2>
11474 <title>Setting up the build-environment</title>
11475
11476 <para>
11477 Before starting Microsoft Visual C++ and compile PowerDNS for Windows, you first
11478 have to set up your build environment.
11479 </para>
11480
11481 <sect3>
11482 <title>Make Microsoft Visual C++ recognize <filename>*.cc</filename> and <filename>*.hh</filename> (optional)</title>
11483
11484 <para>
11485 All PowerDNS source files are in the form <filename>name.cc</filename>, and all header files in the form
11486 <filename>name.hh</filename>. These extensions aren't recognized by <acronym>MSVC</acronym> by default, so
11487 you might want to change that first.
11488 </para>
11489
11490 <note>
11491 <para>
11492 Only perform this step if you want to be able to edit the <filename>*.cc</filename>
11493 and <filename>*.hh</filename> files in <acronym>MSVC</acronym>.
11494 </para>
11495 </note>
11496
11497 <caution>
11498 <para>
11499 If you decide to perform this step, remember that it requires modification of the Windows registry,
11500 always make a backup before modifying!
11501 </para>
11502 </caution>
11503
11504 <para>
11505 Ok, after that word of caution we can now proceed. You have to follow these steps:
11506 </para>
11507
11508 <orderedlist>
11509
11510 <listitem>
11511 <para>
11512 Start the registry editor by entering <filename>regedit.exe</filename> in the run prompt
11513 (<guimenu>Start-&gt;Run...</guimenu>).
11514 </para>
11515 </listitem>
11516
11517 <listitem>
11518 <para>
11519 Right click on <filename>HKEY_CLASSES_ROOT</filename> and select <guimenu>New-&gt;Key</guimenu>.
11520 A new key will appear, change that key to <quote><filename>.cc</filename></quote>, then change the default
11521 value to <quote>cppfile</quote>
11522 </para>
11523
11524 <para>
11525 Then perform the same step for <quote><filename>.hh</filename></quote> (use <quote>hfile</quote> instead of <quote>cppfile</quote>).
11526 </para>
11527 </listitem>
11528
11529 <listitem>
11530 <para>
11531 Go to <filename>HKEY_CURRENT_USER\Software\Microsoft\DevStudio\6.0\Build System\Components\Platforms\Win32 (x86)\Tools\32-bit C/C++ Compiler for 80x86</filename>. And
11532 add <quote>;*.cc</quote> to the <filename>Input_Spec</filename> value (so that it becomes <quote>*.c;*.cpp;*.cxx;*.cc</quote>).
11533 </para>
11534
11535 <note>
11536 <para>
11537 If you happen to use another platform (like alpha) to compile the sources, you have to do the step above for that platform.
11538 </para>
11539 </note>
11540 </listitem>
11541
11542 <listitem>
11543 <para>
11544 Go to <filename>HKEY_CURRENT_USER\Software\Microsoft\DevStudio\6.0\Search</filename>. And
11545 add <quote>;*.cc;*.hh</quote> to the <filename>FIF_Filter</filename> value (so that it becomes <quote>*.c;*.cpp;*.cxx;*.tli;*.h;*.tlh;*.inl;*.rc;*.cc;*.hh</quote>).
11546 </para>
11547 </listitem>
11548
11549 <listitem>
11550 <para>
11551 Finally change <filename>HKEY_CURRENT_USER\Software\Microsoft\DevStudio\6.0\Text Editor\Tabs/Language Settings\C/C++</filename>. And
11552 add <quote>;cc;hh</quote> to the <filename>FileExtensions</filename> value (so that it becomes <quote>cpp;cxx;c;h;hxx;hpp;inl;tlh;tli;rc;rc2;hh;cc</quote>).
11553 </para>
11554 </listitem>
11555
11556 <listitem>
11557 <para>
11558 Close the registry editor.
11559 </para>
11560 </listitem>
11561
11562 </orderedlist>
11563
11564 <para>
11565 Now should <acronym>MSVC</acronym> properly recognize the files as being C++.
11566 </para>
11567
11568 </sect3>
11569
11570 <sect3>
11571 <title>Setting Microsoft Visual C++'s directories</title>
11572
11573 <para>
11574 <acronym>MSVC</acronym> needs to locate some include files, libraries and executables
11575 when it has to build PowerDNS for Windows. We are now going to tell <acronym>MSVC</acronym> where
11576 to find those.
11577 </para>
11578
11579 <para>
11580 To enter the directory dialog you have to go to <guimenu>Tools-&gt;Options...-&gt;Directories</guimenu>.
11581 </para>
11582
11583 <sect4>
11584 <title>Setting the pthreads directories</title>
11585
11586 <para>
11587 When you are in the directory dialog you can add the pthreads for Windows directory.
11588 </para>
11589
11590 <para>
11591 First add the include directory, to do this you have to select <guilabel>Include files</guilabel>
11592 from the <guilabel>Show directories for:</guilabel> combobox. Then press the <guibutton>New</guibutton>
8f9aa910 11593 button and browse to the <command>include</command> directory of pthreads (ie. <filename>C:\pthreads\include</filename>).
1258abe0
BH		 11594 </para>
11595
11596 <para>
8f9aa910 11597 Then switch to <guilabel>Library files</guilabel> and add the <command>library</command> directory
1258abe0
BH		 11598 (ie. <filename>C:\pthreads\lib</filename>) using the same method as above.
11599 </para>
11600 </sect4>
11601
11602 <sect4>
11603 <title>Setting the Nullsoft Installer directory</title>
11604
11605 <para>
11606 While still being in the directory dialog, switch to <guilabel>Executable files</guilabel>
11607 and add the Nullsoft Installer directory (ie. <filename>C:\Program Files\NSIS</filename>) to the list.
11608 </para>
11609 </sect4>
11610
11611
11612 </sect3>
11613 </sect2>
11614
11615 <sect2>
11616 <title>Compilation</title>
11617
11618 <para>
11619 Finally, after all the reading, installing and configuring we are ready to start compiling
11620 PowerDNS for Windows.
11621 </para>
11622
11623 <sect3>
11624 <title>Starting the compilation</title>
11625
11626 <para>
11627 To start the compilation you first have to open the PowerDNS workspace (<filename>powerdns.dsw</filename>) using explorer or
11628 from the <guimenu>File-&gt;Open Workspace...</guimenu> menu in <acronym>MSVC</acronym>.
11629 </para>
11630
11631 <para>
11632 After you opened the workspace you can start compiling. Check all the checkboxes in the
11633 <guimenu>Build-&gt;Batch Build...</guimenu> menu and press the <guibutton>Build</guibutton> button.
11634 </para>
11635
11636 <para>
11637 Now cross your fingers and go make some coffee or tea while compiling PowerDNS for Windows. :)
11638 </para>
11639
11640 </sect3>
11641
11642 <sect3>
11643 <title>Yay! It compiled</title>
11644
11645 <para>
11646 Congratulations, you have now compiled PowerDNS for Windows!
11647 </para>
11648
12c86877 11649 <para>
1258abe0
BH		 11650 All the release builds of the binaries are in the <filename>Release</filename> directory (including the
11651 generated installer). The debug builds are in the, guess what, <filename>Debug</filename> directory.
12c86877 11652 </para>
1258abe0
BH		 11653
11654 <para>
11655 Now you can start installing PowerDNS, but that's beyond the scope of this document. See
11656 the <ulink url="http://downloads.powerdns.com/documentation/html/">online documentation</ulink> for
11657 more information about that.
11658 </para>
11659 </sect3>
11660
11661 <sect3>
11662 <title>What if it went wrong?</title>
11663
11664 <para>
11665 If the compilation fails, then try reading this article again, and again to see if you did something wrong.
11666 </para>
11667
11668 <para>
11669 If you are pretty sure that it's a bug, either in the PowerDNS sources, the build
178d5134 11670 system or in this article, then please send an e-mail to <email>pdns-dev@mailman.powerdns.com</email> describing your
1258abe0
BH		 11671 problem. We will then try to fix it.
11672 </para>
11673
11674 </sect3>
11675
11676 </sect2>
11677
11678 <sect2>
11679 <title>Miscellaneous</title>
11680
11681 <para>
11682 Some miscellaneous information.
11683 </para>
11684
11685 <sect3>
11686 <title>Credits</title>
11687
11688 <variablelist>
11689 <title>Michel Stol would like to thank these people:</title>
11690
11691 <varlistentry>
11692 <term>
11693 Bert Hubert
11694 </term>
11695 <listitem>
11696 <para>
11697 For writing the wonderfull PowerDNS software and learning me stuff
11698 that I'd otherwise never had learned.
11699 </para>
11700 </listitem>
11701 </varlistentry>
11702
11703 <varlistentry>
11704 <term>
11705 PowerDNS B.V.
11706 </term>
11707 <listitem>
11708 <para>
11709 For being great colleagues.
11710 </para>
11711 </listitem>
11712 </varlistentry>
11713
11714 <varlistentry>
11715 <term>
11716 The pthreads-win32 crew (see the pthreads-win32 <filename>CONTRIBUTORS</filename> file).
11717 </term>
11718 <listitem>
11719 <para>
11720 For easing our porting process by writing a great Windows implementation of pthreads.
11721 </para>
11722 </listitem>
11723 </varlistentry>
11724
11725 <varlistentry>
11726 <term>
11727 The guys over at Nullsoft.
11728 </term>
11729 <listitem>
11730 <para>
11731 For creating the Nullsoft Installer System (<acronym>NSIS</acronym>), and Winamp, the program we use every
11732 day to make a lot of noise in the office.
11733 </para>
11734 </listitem>
11735 </varlistentry>
11736
11737 </variablelist>
11738
11739 </sect3>
11740
11741 <sect3>
11742 <title>Contact information</title>
11743
11744 <para>
11745 If you have a comment, or a bug report concerning either this document or the PowerDNS sources
178d5134 11746 you can contact <email>pdns-dev@mailman.powerdns.com</email>
1258abe0
BH		 11747 </para>
11748
11749 <para>
11750 For general information about PowerDNS, the pdns server, express, documentation etc. I advice you to visit
11751 <ulink url="http://www.powerdns.com/">http://www.powerdns.com/</ulink>
11752 </para>
11753
11754 <para>
11755 If you are interested in buying PowerDNS you can send a mail to <email>sales@powerdns.com</email>
11756 or you can visit the PowerDNS website at <ulink url="http://www.powerdns.com/pdns/">http://www.powerdns.com/pdns/</ulink>
11757 </para>
11758
11759 <para>
11760 If you want to praise my work, ask me to marry you, deposit $1.000.000 on my bank account or flame me to death, then
178d5134 11761 you can mail me at <email>michel@powerdns.com</email> :)
1258abe0
BH		 11762 </para>
11763
11764 </sect3>
11765
11766 <sect3>
11767 <title>Legal information</title>
11768
11769 <para>
11770 Microsoft, Visual C++, Windows, Windows NT, Windows 2000, Windows XP and Win32 are
11771 either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries.
11772 </para>
11773
11774 <para>
11775 Other product and company names mentioned herein may be the trademarks of their respective owners.
11776 </para>
11777
11778 </sect3>
11779
11780 </sect2>
12c86877 11781 </sect1>
20177d1d
BH		 11782 <appendix id="license"><title>PowerDNS license (GNU General Public License version 2)</title>
11783 <para>
11784 GNU GENERAL PUBLIC LICENSE
11785 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
11786 </para>
11787 <para>
11788
11789 0. This License applies to any program or other work which contains
11790a notice placed by the copyright holder saying it may be distributed
11791under the terms of this General Public License. The "Program", below,
11792refers to any such program or work, and a "work based on the Program"
11793means either the Program or any derivative work under copyright law:
11794that is to say, a work containing the Program or a portion of it,
11795either verbatim or with modifications and/or translated into another
11796language. (Hereinafter, translation is included without limitation in
11797the term "modification".) Each licensee is addressed as "you".
11798</para><para>
11799Activities other than copying, distribution and modification are not
11800covered by this License; they are outside its scope. The act of
11801running the Program is not restricted, and the output from the Program
11802is covered only if its contents constitute a work based on the
11803Program (independent of having been made by running the Program).
11804Whether that is true depends on what the Program does.
11805</para><para>
11806 1. You may copy and distribute verbatim copies of the Program's
11807source code as you receive it, in any medium, provided that you
11808conspicuously and appropriately publish on each copy an appropriate
11809copyright notice and disclaimer of warranty; keep intact all the
11810notices that refer to this License and to the absence of any warranty;
11811and give any other recipients of the Program a copy of this License
11812along with the Program.
11813</para><para>
11814You may charge a fee for the physical act of transferring a copy, and
11815you may at your option offer warranty protection in exchange for a fee.
11816</para><para>
11817 2. You may modify your copy or copies of the Program or any portion
11818of it, thus forming a work based on the Program, and copy and
11819distribute such modifications or work under the terms of Section 1
11820above, provided that you also meet all of these conditions:
11821</para><para>
11822 a) You must cause the modified files to carry prominent notices
11823 stating that you changed the files and the date of any change.
11824</para><para>
11825 b) You must cause any work that you distribute or publish, that in
11826 whole or in part contains or is derived from the Program or any
11827 part thereof, to be licensed as a whole at no charge to all third
11828 parties under the terms of this License.
11829
11830</para><para>
11831 c) If the modified program normally reads commands interactively
11832 when run, you must cause it, when started running for such
11833 interactive use in the most ordinary way, to print or display an
11834 announcement including an appropriate copyright notice and a
11835 notice that there is no warranty (or else, saying that you provide
11836 a warranty) and that users may redistribute the program under
11837 these conditions, and telling the user how to view a copy of this
11838 License. (Exception: if the Program itself is interactive but
11839 does not normally print such an announcement, your work based on
11840 the Program is not required to print an announcement.)
11841
11842These requirements apply to the modified work as a whole. If
11843identifiable sections of that work are not derived from the Program,
11844and can be reasonably considered independent and separate works in
11845themselves, then this License, and its terms, do not apply to those
11846sections when you distribute them as separate works. But when you
11847distribute the same sections as part of a whole which is a work based
11848on the Program, the distribution of the whole must be on the terms of
11849this License, whose permissions for other licensees extend to the
11850entire whole, and thus to each and every part regardless of who wrote it.
11851</para><para>
11852Thus, it is not the intent of this section to claim rights or contest
11853your rights to work written entirely by you; rather, the intent is to
11854exercise the right to control the distribution of derivative or
11855collective works based on the Program.
11856</para><para>
11857In addition, mere aggregation of another work not based on the Program
11858with the Program (or with a work based on the Program) on a volume of
11859a storage or distribution medium does not bring the other work under
11860the scope of this License.
11861</para><para>
11862 3. You may copy and distribute the Program (or a work based on it,
11863under Section 2) in object code or executable form under the terms of
11864Sections 1 and 2 above provided that you also do one of the following:
11865</para><para>
11866 a) Accompany it with the complete corresponding machine-readable
11867 source code, which must be distributed under the terms of Sections
11868 1 and 2 above on a medium customarily used for software interchange; or,
11869</para><para>
11870 b) Accompany it with a written offer, valid for at least three
11871 years, to give any third party, for a charge no more than your
11872 cost of physically performing source distribution, a complete
11873 machine-readable copy of the corresponding source code, to be
11874 distributed under the terms of Sections 1 and 2 above on a medium
11875 customarily used for software interchange; or,
11876</para><para>
11877
11878 c) Accompany it with the information you received as to the offer
11879 to distribute corresponding source code. (This alternative is
11880 allowed only for noncommercial distribution and only if you
11881 received the program in object code or executable form with such
11882 an offer, in accord with Subsection b above.)
11883</para><para>
11884The source code for a work means the preferred form of the work for
11885making modifications to it. For an executable work, complete source
11886code means all the source code for all modules it contains, plus any
11887associated interface definition files, plus the scripts used to
11888control compilation and installation of the executable. However, as a
11889special exception, the source code distributed need not include
11890anything that is normally distributed (in either source or binary
11891form) with the major components (compiler, kernel, and so on) of the
11892operating system on which the executable runs, unless that component
11893itself accompanies the executable.
11894</para><para>
11895If distribution of executable or object code is made by offering
11896access to copy from a designated place, then offering equivalent
11897access to copy the source code from the same place counts as
11898distribution of the source code, even though third parties are not
11899compelled to copy the source along with the object code.
11900
11901 4. You may not copy, modify, sublicense, or distribute the Program
11902except as expressly provided under this License. Any attempt
11903otherwise to copy, modify, sublicense or distribute the Program is
11904void, and will automatically terminate your rights under this License.
11905However, parties who have received copies, or rights, from you under
11906this License will not have their licenses terminated so long as such
11907parties remain in full compliance.
11908</para><para>
11909 5. You are not required to accept this License, since you have not
11910signed it. However, nothing else grants you permission to modify or
11911distribute the Program or its derivative works. These actions are
11912prohibited by law if you do not accept this License. Therefore, by
11913modifying or distributing the Program (or any work based on the
11914Program), you indicate your acceptance of this License to do so, and
11915all its terms and conditions for copying, distributing or modifying
11916the Program or works based on it.
11917</para><para>
11918 6. Each time you redistribute the Program (or any work based on the
11919Program), the recipient automatically receives a license from the
11920original licensor to copy, distribute or modify the Program subject to
11921these terms and conditions. You may not impose any further
11922restrictions on the recipients' exercise of the rights granted herein.
11923You are not responsible for enforcing compliance by third parties to
11924this License.
11925</para><para>
11926 7. If, as a consequence of a court judgment or allegation of patent
11927infringement or for any other reason (not limited to patent issues),
11928conditions are imposed on you (whether by court order, agreement or
11929otherwise) that contradict the conditions of this License, they do not
11930excuse you from the conditions of this License. If you cannot
11931distribute so as to satisfy simultaneously your obligations under this
11932License and any other pertinent obligations, then as a consequence you
11933may not distribute the Program at all. For example, if a patent
11934license would not permit royalty-free redistribution of the Program by
11935all those who receive copies directly or indirectly through you, then
11936the only way you could satisfy both it and this License would be to
11937refrain entirely from distribution of the Program.
11938</para><para>
11939If any portion of this section is held invalid or unenforceable under
11940any particular circumstance, the balance of the section is intended to
11941apply and the section as a whole is intended to apply in other
11942circumstances.
11943
11944</para><para>
11945It is not the purpose of this section to induce you to infringe any
11946patents or other property right claims or to contest validity of any
11947such claims; this section has the sole purpose of protecting the
11948integrity of the free software distribution system, which is
11949implemented by public license practices. Many people have made
11950generous contributions to the wide range of software distributed
11951through that system in reliance on consistent application of that
11952system; it is up to the author/donor to decide if he or she is willing
11953to distribute software through any other system and a licensee cannot
11954impose that choice.
11955</para><para>
11956This section is intended to make thoroughly clear what is believed to
11957be a consequence of the rest of this License.
11958
11959 8. If the distribution and/or use of the Program is restricted in
11960certain countries either by patents or by copyrighted interfaces, the
11961original copyright holder who places the Program under this License
11962may add an explicit geographical distribution limitation excluding
11963those countries, so that distribution is permitted only in or among
11964countries not thus excluded. In such case, this License incorporates
11965the limitation as if written in the body of this License.
11966</para><para>
11967 9. The Free Software Foundation may publish revised and/or new versions
11968of the General Public License from time to time. Such new versions will
11969be similar in spirit to the present version, but may differ in detail to
11970address new problems or concerns.
11971</para><para>
11972Each version is given a distinguishing version number. If the Program
11973specifies a version number of this License which applies to it and "any
11974later version", you have the option of following the terms and conditions
11975either of that version or of any later version published by the Free
11976Software Foundation. If the Program does not specify a version number of
11977this License, you may choose any version ever published by the Free Software
11978Foundation.
11979</para><para>
11980 10. If you wish to incorporate parts of the Program into other free
11981programs whose distribution conditions are different, write to the author
11982to ask for permission. For software which is copyrighted by the Free
11983Software Foundation, write to the Free Software Foundation; we sometimes
11984make exceptions for this. Our decision will be guided by the two goals
11985of preserving the free status of all derivatives of our free software and
11986of promoting the sharing and reuse of software generally.
11987</para><para>
11988 NO WARRANTY
11989</para><para>
11990 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
11991FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
11992OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
11993PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
11994OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
11995MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
11996TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
11997PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
11998REPAIR OR CORRECTION.
11999
12000</para><para>
12001 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
12002WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
12003REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
12004INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
12005OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
12006TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
12007YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
12008PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
12009POSSIBILITY OF SUCH DAMAGES.
12010</para><para>
12011 END OF TERMS AND CONDITIONS
12012 </para>
12013 </appendix>
1258abe0 12014
12c86877 12015 </book>
fededf47
BH		 12016<!-- Keep this comment at the end of the file
12017Local variables:
12018mode: sgml
12019sgml-omittag:t
12020sgml-shorttag:t
12021sgml-namecase-general:t
12022sgml-general-insert-case:lower
12023sgml-minimize-attributes:nil
12024sgml-always-quote-attributes:t
12025sgml-indent-step:2
12026sgml-indent-data:t
12027sgml-parent-document:nil
12028sgml-exposed-tags:nil
12029sgml-local-catalogs:nil
12030sgml-local-ecat-files:nil
12031End:
12032-->
Unnamed repository; edit this file 'description' to name the repository.