10 * Multiple instances: Yes
12 \* If provided by the responder (your script).
14 This backend provides Unix socket, Pipe, HTTP and ZeroMQ remoting for
15 powerdns. You should think this as normal RPC thin client, which
16 converts native C++ calls into JSON/RPC and passes them to you via
22 Please do not use remotebackend shipped before version 3.3. This version
23 has severe bug that can crash the entire process.
25 There is a breaking change on v4.0 and later. Before version 4.0, the
26 DNS names passed in queries were without trailing dot, after version 4.0
27 the DNS names are sent with trailing dot. F.ex. example.org is now sent
30 In some (broken) network setups, the IP addresses provided in the
31 request (when this is an IPv6 address) may be suffixed with a ``%`` and
32 the name of the network interface (e.g. ``%eth1``). Keep this in mind
33 when checking the IP addresses.
38 To compile this backend, you need to configure
39 ``--with-modules="remote"``.
41 For versions prior to 3.4.0, if you want to use http connector, you need
42 libcurl and use ``--enable-remotebackend-http``.
44 If you want to use ZeroMQ connector, you need libzmq-dev or libzmq3-dev
45 and use ``--enable-remotebackend-zeromq``.
50 The only configuration options for backend are remote-connection-string
55 remote-connection-string=<type>:<param>=<value>,<param>=<value>...
57 You can pass as many parameters as you want. For unix and pipe
58 connectors, these are passed along to the remote end as initialization.
59 See :ref:`remote-api`. Initialize is not called for http connector.
64 parameters: path, timeout (default 2000ms)
68 remote-connection-string=unix:path=/path/to/socket
73 parameters: command,timeout (default 2000ms)
77 remote-connection-string=pipe:command=/path/to/executable,timeout=2000
82 parameters: url, url-suffix, post, post_json, timeout (default 2000ms)
86 remote-connection-string=http:url=http://localhost:63636/dns,url-suffix=.php
88 HTTP connector tries to do RESTful requests to your server. See
89 examples. You can also use post to change behaviour so that it will send
90 POST request to url/method + url_suffix with
91 parameters=json-formatted-parameters. If you use post and post_json, it
92 will POST url with text/javascript containing JSON formatted RPC
93 request, just like for pipe and unix. You can use '1', 'yes', 'on' or
94 'true' to turn these features on.
96 URL should not end with /, and url-suffix is optional, but if you define
97 it, it's up to you to write the ".php" or ".json". Lack of dot causes
98 lack of dot in URL. Timeout is divided by 1000 because libcurl only
99 supports seconds, but this is given in milliseconds for consistency with
102 HTTPS is not supported, `stunnel <https://www.stunnel.org>`__ is the
103 suggested workaround. HTTP Authentication is not supported.
108 parameters: endpoint, timeout (default 2000ms)
112 remote-connection-string=zeromq:endpoint=ipc:///tmp/tmp.sock
114 0MQ connector implements a REQ/REP RPC model. Please see
115 http://zeromq.org/ for more information.
125 Unix, Pipe and ZeroMQ connectors send JSON formatted strings to the
126 remote end. Each JSON query has two sections, 'method' and 'parameters'.
128 HTTP connector calls methods based on URL and has parameters in the
129 query string. Most calls are GET; see the methods listing for details.
130 You can change this with post and post_json attributes.
135 You **must** always reply with JSON hash with at least one key,
136 'result'. This must be boolean false if the query failed. Otherwise it
137 must conform to the expected result. For HTTP connector, to signal bare
138 success, you can just reply with HTTP 200 OK, and omit any output. This
139 will result in same outcome as sending {"result":true}.
141 You can optionally add an array of strings to the 'log' array; each line
142 in this array will be logged in PowerDNS at loglevel ``info`` (6).
147 Methods required for different features
148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
149 :Always required: ``initialize``, ``lookup``
150 :Master operation: ``list``, ``getUpdatedMasters``, ``setNotified``
151 :Slave operation: ``getUnfreshSlaveInfos``, ``startTransaction``, ``commitTransaction``, ``abortTransaction``, ``feedRecord``, ``setFresh``
152 :DNSSEC operation (live-signing): ``getDomainKeys``, ``getBeforeAndAfterNamesAbsolute``
153 :Filling the Zone Cache: ``getAllDomains``
158 Called to initialize the backend. This is not called for HTTP connector.
159 You should do your initializations here.
161 - Mandatory: Yes (except HTTP connector)
162 - Parameters: all parameters in connection string
163 - Reply: true on success / false on failure
172 {"method":"initialize", "parameters":{"command":"/path/to/something", "timeout":"2000", "something":"else"}}
185 This method is used to do the basic query. You can omit auth, but if you
186 are using DNSSEC this can lead into trouble.
189 - Parameters: qtype, qname, zone_id
190 - Optional parameters: remote, local, real-remote
191 - Reply: array of ``qtype,qname,content,ttl,domain_id,scopeMask,auth``
192 - Optional values: domain_id, scopeMask and auth
193 - Note: priority field is required before 4.0, after 4.0 priority is
194 added to content. This applies to any resource record which uses
195 priority, for example SRV or MX.
204 {"method":"lookup", "parameters":{"qtype":"ANY", "qname":"www.example.com.", "remote":"192.0.2.24", "local":"192.0.2.1", "real-remote":"192.0.2.24", "zone-id":-1}}
210 {"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
219 GET /dnsapi/lookup/www.example.com./ANY HTTP/1.1
220 X-RemoteBackend-remote: 192.0.2.24
221 X-RemoteBackend-local: 192.0.2.1
222 X-RemoteBackend-real-remote: 192.0.2.24
223 X-RemoteBackend-zone-id: -1
230 Content-Type: text/javascript; charset=utf-8
232 {"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
237 Lists all records for the zonename. If you are running dnssec, you
238 should take care of setting auth to appropriate value, otherwise things
241 - Mandatory: No (Gives AXFR support)
242 - Parameters: zonename, domain_id
243 - Optional parameters: domain_id
244 - Reply: array of ``qtype,qname,content,ttl,domain_id,scopeMask,auth``
245 - Optional values: domain_id, scopeMask and auth
254 {"method":"list", "parameters":{"zonename":"example.com.","domain_id":-1}}
256 Response (split into lines for ease of reading)
261 {"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600},
262 {"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60},
263 {"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60},
264 {"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60},
265 {"qtype":"A", "qname":"ns1.example.com", "content":"192.0.2.2", "ttl": 60},
266 {"qtype":"A", "qname":"mx1.example.com", "content":"192.0.2.3", "ttl": 60}
276 GET /dnsapi/list/-1/example.com HTTP/1.1
277 X-RemoteBackend-domain-id: -1
284 Content-Type: text/javascript; charset=utf-8
286 {"result":[{"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600},{"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60},{"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60},{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60},{"qtype":"A", "qname":"ns1.example.com", "content":"192.0.2.2", "ttl": 60},{"qtype":"A", "qname":"mx1.example.com", "content":"192.0.2.3", "ttl": 60}]}
288 ``getBeforeAndAfterNamesAbsolute``
289 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
291 Asks the names before and after qname. qname is given without domain part.
292 Care must be taken to handle wrap-around when qname is first or last in the ordered list.
293 Do not return nil or an empty string for ``before`` and ``after``.
294 When using NSEC, ``unhashed`` can be an empty string (but MUST be present in the response).
295 The ``qname`` will be hashed when using NSEC3 and in the response, ``unhashed`` should be the records' real name without the domain part, and ``before`` and ``after`` should be the hashes.
297 - Mandatory: for NSEC/NSEC3 non-narrow
298 - Parameters: id (domain ID), qname
299 - Reply: before, after, unhashed
308 {"method":"getBeforeAndAfterNamesAbsolute", "params":{"id":0,"qname":"www."}}
314 {"result":{"before":"ns1","after":""}}
323 /dnsapi/getbeforeandafternamesabsolute/0/www.example.com
329 {"result":{"before":"ns1","after":""}}
331 ``getAllDomainMetadata``
332 ~~~~~~~~~~~~~~~~~~~~~~~~
334 Returns the value(s) for variable kind for zone name. You **must**
335 always return something, if there are no values, you shall return empty
340 * Reply: hash of key to array of strings
349 {"method":"getalldomainmetadata", "parameters":{"name":"example.com"}}
355 {"result":{"PRESIGNED":["0"]}}
364 GET /dnsapi/getalldomainmetadata/example.com HTTP/1.1
371 Content-Type: text/javascript; charset=utf-8
373 {"result":{"PRESIGNED":["0"]}}
375 ``getDomainMetadata``
376 ~~~~~~~~~~~~~~~~~~~~~
378 Returns the value(s) for variable kind for zone name. Most commonly it's
379 one of NSEC3PARAM, PRESIGNED, SOA-EDIT. Can be others, too. You **must**
380 always return something, if there are no values, you shall return empty
384 - Parameters: name, kind
385 - Reply: array of strings
394 {"method":"getdomainmetadata", "parameters":{"name":"example.com.","kind":"PRESIGNED"}}
409 GET /dnsapi/getdomainmetadata/example.com./PRESIGNED HTTP/1.1
416 Content-Type: text/javascript; charset=utf-8
420 ``setDomainMetadata``
421 ~~~~~~~~~~~~~~~~~~~~~
423 Replaces the value(s) on domain name for variable kind to string(s) on
424 array value. The old value is discarded. Value can be an empty array,
425 which can be interpreted as deletion request.
428 - Parameters: name, kind, value
429 - Reply: true on success, false on failure
438 {"method":"setdomainmetadata","parameters":{"name":"example.com","kind":"PRESIGNED","value":["YES"]}}
453 PATCH /dnsapi/setdomainmetadata/example.com/PRESIGNED HTTP/1.1
454 Content-Type: application/x-www-form-urlencoded
464 Content-Type: text/javascript; charset=utf-8
468 .. _remote-getdomainkeys:
473 Retrieves any keys of kind. The id, flags are unsigned integers, and
474 active and published are boolean. Content must be valid key record in format
475 that PowerDNS understands. You are encouraged to implement :ref:`the
476 section called "addDomainKey" <remote-adddomainkey>`, as you can use
477 :doc:`../manpages/pdnsutil.1` to provision keys.
479 - Mandatory: for DNSSEC
480 - Parameters: name, kind
481 - Reply: array of ``id, flags, active, published, content``
490 {"method":"getDomainKeys","parameters":{"name":"example.com."}}
496 {"result":[{"id":1,"flags":256,"active":true,"published":true,"content":"Private-key-format: v1.2
497 Algorithm: 8 (RSASHA256)
498 Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
500 PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
501 Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
502 Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
503 Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
504 Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
505 Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w=="}]}
514 GET /dnsapi/getdomainkeys/example.com/0 HTTP/1.1
521 Content-Type: text/javascript; charset=utf-8
523 {"result":[{"id":1,"flags":256,"active":true,"published":true,"content":"Private-key-format: v1.2
524 Algorithm: 8 (RSASHA256)
525 Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
527 PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
528 Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
529 Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
530 Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
531 Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
532 Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w=="}]}
534 .. _remote-adddomainkey:
539 Adds key into local storage. See :ref:`remote-getdomainkeys` for more information.
542 - Parameters: name, key=\ ``<flags,active,published,content>``, id
543 - Reply: true for success, false for failure
552 {"method":"adddomainkey", "parameters":{"key":{"id":1,"flags":256,"active":true,"published":true,"content":"Private-key-format: v1.2
553 Algorithm: 8 (RSASHA256)
554 Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
556 PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
557 Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
558 Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
559 Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
560 Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
561 Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w=="}}}
576 PUT /dnsapi/adddomainkey/example.com HTTP/1.1
577 Content-Type: application/x-www-form-urlencoded
580 flags=256&active=1&published=1&content=Private-key-format: v1.2
581 Algorithm: 8 (RSASHA256)
582 Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
584 PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
585 Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
586 Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
587 Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
588 Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
589 Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w==
596 Content-Type: text/javascript; charset=utf-8
603 Removes key id from domain name.
606 - Parameters: name, id
607 - Reply: true for success, false for failure
616 {"method":"removedomainkey","parameters":{"name":"example.com","id":1}}
631 DELETE /dnsapi/removedomainkey/example.com/1 HTTP/1.1
638 Content-Type: text/javascript; charset=utf-8
642 ``activateDomainKey``
643 ~~~~~~~~~~~~~~~~~~~~~
645 Activates key id for domain name.
648 - Parameters: name, id
649 - Reply: true for success, false for failure
658 {"method":"activatedomainkey","parameters":{"name":"example.com","id":1}}
673 POST /dnsapi/activatedomainkey/example.com/1 HTTP/1.1
680 Content-Type: text/javascript; utf-8
684 ``deactivateDomainKey``
685 ~~~~~~~~~~~~~~~~~~~~~~~
687 Deactivates key id for domain name.
690 - Parameters: name, id
691 - Reply: true for success, false for failure
700 {"method":"deactivatedomainkey","parameters":{"name":"example.com","id":1}}
715 POST /dnsapi/deactivatedomainkey/example.com/1 HTTP/1.1
722 Content-Type: text/javascript; utf-8
729 Publish key id for domain name.
732 - Parameters: name, id
733 - Reply: true for success, false for failure
742 {"method":"publishdomainkey","parameters":{"name":"example.com","id":1}}
757 POST /dnsapi/publishdomainkey/example.com/1 HTTP/1.1
764 Content-Type: text/javascript; utf-8
769 ``unpublishDomainKey``
770 ~~~~~~~~~~~~~~~~~~~~~~
772 Unpublish key id for domain name.
775 - Parameters: name, id
776 - Reply: true for success, false for failure
785 {"method":"unpublishdomainkey","parameters":{"name":"example.com","id":1}}
800 POST /dnsapi/unpublishdomainkey/example.com/1 HTTP/1.1
807 Content-Type: text/javascript; utf-8
815 Retrieves the key needed to sign AXFR.
819 - Reply: algorithm, content
828 {"method":"gettsigkey","parameters":{"name":"example.com."}}
834 {"result":{"algorithm":"hmac-md5","content":"kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys="}}
843 GET /dnsapi/gettsigkey/example.com. HTTP/1.1
850 Content-Type: text/javascript; charset=utf-8
852 {"result":{"algorithm":"hmac-md5","content":"kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys="}}
857 Retrieves information about given domain from the backend. If your
858 return value has no zone attribute, the backend will signal error.
859 Everything else will default to something. Default values: serial:0,
860 kind:NATIVE, id:-1, notified_serial:-1, last_check:0, masters: [].
861 Masters, if present, must be array of strings.
866 - Optional values: serial, kind, id, notified_serial, last_check,
876 {"method":"getdomaininfo","parameters":{"name":"example.com"}}
882 {"result":{"id":1,"zone":"example.com","kind":"NATIVE","serial":2002010100}}
891 GET /dnsapi/getdomaininfo/example.com HTTP/1.1
898 content-Type: text/javascript: charset=utf-8
900 {"result":{id:1,"zone":"example.com","kind":"NATIVE","serial":2002010100}}
905 Updates last notified serial for the domain id. Any errors are ignored.
908 - Parameters: id, serial
909 - Reply: true for success, false for failure
918 {"method":"setnotified","parameters":{"id":1,"serial":2002010100}}
933 PATCH /dnsapi/setnotified/1 HTTP/1.1
934 Content-Type: application/x-www-form-urlencoded
944 Content-Type: text/javascript; charset=utf-8
951 Determines whether given IP is master for given domain name.
954 - Parameters: name,ip
955 - Reply: true for success, false for failure.
964 {"method":"isMaster","parameters":{"name":"example.com","ip":"198.51.100.0.1"}}
979 GET /dnsapi/isMaster/example.com/198.51.100.0.1 HTTP/1.1
986 Content-Type: text/javascript; charset=utf-8
990 ``superMasterBackend``
991 ~~~~~~~~~~~~~~~~~~~~~~
993 Creates new domain with given record(s) as master servers. IP address is
994 the address where notify is received from. nsset is array of NS resource
998 - Parameters: ip,domain,nsset,account
999 - Reply: true for success, false for failure. can also return
1000 account=>name of account< and nameserver.
1007 .. code-block:: json
1009 {"method":"superMasterBackend","parameters":{"ip":"198.51.100.0.1","domain":"example.com","nsset":[{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns1.example.com","ttl":300,"auth":true},{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns2.example.com","ttl":300,"auth":true}]}}
1013 .. code-block:: json
1017 Alternative response:
1019 .. code-block:: json
1021 {"result":{"account":"my account","nameserver":"ns2.example.com"}}
1028 .. code-block:: http
1030 POST /dnsapi/supermasterbackend/198.51.100.0.1/example.com HTTP/1.1
1031 Content-Type: application/x-www-form-urlencoded
1034 nsset[1][qtype]=NS&nsset[1][qname]=example.com&nsset[1][qclass]=1&nsset[1][content]=ns1.example.com&nsset[1][ttl]=300&nsset[1][auth]=true&nsset[2][qtype]=NS&nsset[2][qname]=example.com&nsset[2][qclass]=1&nsset[2][content]=ns2.example.com&nsset[2][ttl]=300&nsset[2][auth]=true
1038 .. code-block:: http
1041 Content-Type: text/javascript; charset=utf-8
1045 Alternative response
1047 .. code-block:: http
1050 Content-Type: text/javascript; charset=utf-8
1052 {"result":{"account":"my account"}}
1054 ``createSlaveDomain``
1055 ~~~~~~~~~~~~~~~~~~~~~
1056 Creates new domain. This method is called when NOTIFY is received and
1057 you are superslaving.
1060 - Parameters: ip, domain
1061 - Optional parameters: nameserver, account
1062 - Reply: true for success, false for failure
1069 .. code-block:: json
1071 {"method":"createSlaveDomain","parameters":{"ip":"198.51.100.0.1","domain":"pirate.example.net"}}
1075 .. code-block:: json
1084 .. code-block:: http
1086 POST /dnsapi/createslavedomain/198.51.100.0.1/pirate.example.net HTTP/1.1
1087 Content-Type: application/x-www-form-urlencoded
1092 .. code-block:: http
1095 Content-Type: text/javascript; charset=utf-8
1102 This method replaces a given resource record with new set. The new qtype
1103 can be different from the old.
1106 - Parameters: domain_id, qname, qtype, rrset
1107 - Reply: true for success, false for failure
1114 .. code-block:: json
1116 {"method":"replaceRRSet","parameters":{"domain_id":2,"qname":"replace.example.com","qtype":"A","trxid":1370416133,"rrset":[{"qtype":"A","qname":"replace.example.com","qclass":1,"content":"1.1.1.1","ttl":300,"auth":true}]}}
1120 .. code-block:: json
1129 .. code-block:: http
1131 PATCH /dnsapi/replacerrset/2/replace.example.com/A HTTP/1.1
1132 Content-Type: application/x-www-form-urlencoded
1135 trxid=1370416133&rrset[qtype]=A&rrset[qname]=replace.example.com&rrset[qclass]=1&rrset[content]=1.1.1.1&rrset[auth]=1
1139 .. code-block:: http
1142 Content-Type: text/javascript; charset=utf-8
1149 Asks to feed new record into system. If startTransaction was called,
1150 trxId identifies a transaction. It is not always called by PowerDNS.
1153 - Parameters: rr, trxid
1154 - Reply: true for success, false for failure
1161 .. code-block:: json
1163 {"method":"feedRecord","parameters":{"rr":{"qtype":"A","qname":"replace.example.com","qclass":1,"content":"127.0.0.1","ttl":300,"auth":true},"trxid":1370416133}}
1167 .. code-block:: json
1176 .. code-block:: http
1178 PATCH /dnsapi/feedrecord/1370416133 HTTP/1.1
1179 Content-Type: application/x-www-form-urlencoded
1182 rr[qtype]=A&rr[qname]=replace.example.com&rr[qclass]=1&rr[content]=127.0.0.1&rr[ttl]=300&rr[auth]=true
1186 .. code-block:: http
1189 Content-Type: text/javascript; charset=utf-8
1193 .. _remote-feedents:
1198 This method is used by pdnsutil rectify-zone to populate missing
1199 non-terminals. This is used when you have, say, record like
1200 _sip._upd.example.com, but no _udp.example.com. PowerDNS requires
1201 that there exists a non-terminal in between, and this instructs you to
1202 add one. If startTransaction is called, trxid identifies a transaction.
1205 - Parameters: nonterm, trxid
1206 - Reply: true for success, false for failure
1213 .. code-block:: json
1215 {"method":"feedEnts","parameters":{"domain_id":2,"trxid":1370416133,"nonterm":["_sip._udp","_udp"]}}
1219 .. code-block:: json
1228 .. code-block:: http
1230 PATCH /dnsapi/feedents/2 HTTP/1.1
1231 Content-Type: application/x-www-form-urlencoded
1234 trxid=1370416133&nonterm[]=_udp&nonterm[]=_sip.udp
1238 .. code-block:: http
1241 Content-Type: text/javascript; charset=utf-8
1248 Same as :ref:`remote-feedents`, but provides NSEC3 hashing
1249 parameters. Note that salt is BYTE value, and can be non-readable text.
1252 - Parameters: trxid, domain_id, domain, times, salt, narrow, nonterm
1253 - Reply: true for success, false for failure
1260 .. code-block:: json
1262 {"method":"feedEnts3","parameters":{"domain_id":2,"domain":"example.com","times":1,"salt":"9642","narrow":false,"trxid":1370416356,"nonterm":["_sip._udp","_udp"]}}
1266 .. code-block:: json
1275 .. code-block:: http
1277 PATCH /dnsapi/2/example.com HTTP/1.1
1278 Content-Type: application/x-www-form-urlencoded
1281 trxid=1370416356×=1&salt=9642&narrow=0&nonterm[]=_sip._udp&nonterm[]=_udp
1285 .. code-block:: http
1288 Content-Type: text/javascript; charset=utf-8
1292 ``startTransaction``
1293 ~~~~~~~~~~~~~~~~~~~~
1295 Starts a new transaction. Transaction ID is chosen for you. Used to
1296 identify f.ex. AXFR transfer.
1299 - Parameters: domain_id, domain, trxid
1300 - Reply: true for success, false for failure
1307 .. code-block:: json
1309 {"method":"startTransaction","parameters":{"trxid":1234,"domain_id":1,"domain":"example.com"}}
1313 .. code-block:: json
1322 .. code-block:: http
1324 POST /dnsapi/starttransaction/1/example.com HTTP/1.1
1325 Content-Type: application/x-www-form-urlencoded
1332 .. code-block:: http
1335 Content-Type: text/javascript; charset=utf-8
1339 ``commitTransaction``
1340 ~~~~~~~~~~~~~~~~~~~~~
1342 Signals successful transfer and asks to commit data into permanent
1347 - Reply: true for success, false for failure
1354 .. code-block:: json
1356 {"method":"commitTransaction","parameters":{"trxid":1234}}
1360 .. code-block:: json
1369 .. code-block:: http
1371 POST /dnsapi/committransaction/1234 HTTP/1.1
1372 Content-Type: application/x-www-form-urlencoded
1377 .. code-block:: http
1380 Content-Type: text/javascript; charset=utf-8
1384 ``abortTransaction``
1385 ~~~~~~~~~~~~~~~~~~~~
1387 Signals failed transaction, and that you should rollback any changes.
1391 - Reply: true for success, false for failure
1398 .. code-block:: json
1400 {"method":"abortTransaction","parameters":{"trxid":1234}}
1404 .. code-block:: json
1413 .. code-block:: http
1415 POST /dnsapi/aborttransaction/1234 HTTP/1.1
1416 Content-Type: application/x-www-form-urlencoded
1421 .. code-block:: http
1424 Content-Type: text/javascript; charset=utf-8
1428 ``calculateSOASerial``
1429 ~~~~~~~~~~~~~~~~~~~~~~
1431 Asks you to calculate a new serial based on the given data and update
1435 - Parameters: domain,sd
1436 - Reply: true for success, false for failure
1443 .. code-block:: json
1445 {"method":"calculateSOASerial","parameters":{"domain":"unit.test","sd":{"qname":"unit.test","nameserver":"ns.unit.test","hostmaster":"hostmaster.unit.test","ttl":300,"serial":1,"refresh":2,"retry":3,"expire":4,"default_ttl":5,"domain_id":-1,"scopeMask":0}}}
1449 .. code-block:: json
1451 {"result":2013060501}
1458 .. code-block:: http
1460 POST /dnsapi/calculatesoaserial/unit.test HTTP/1.1
1461 Content-Type: application/x-www-form-urlencoded
1464 sd[qname]=unit.test&sd[nameserver]=ns.unit.test&sd[hostmaster]=hostmaster.unit.test&sd[ttl]=300&sd[serial]=1&sd[refresh]=2&sd[retry]=3&sd[expire]=4&sd[default_ttl]=5&sd[domain_id]=-1&sd[scopemask]=0
1468 .. code-block:: http
1471 Content-Type: text/javascript; charset=utf-8
1473 {"result":2013060501}
1475 ``directBackendCmd``
1476 ~~~~~~~~~~~~~~~~~~~~
1478 Can be used to send arbitrary commands to your backend using
1479 :doc:`../dnssec/pdnsutil`.
1483 - Reply: anything but boolean false for success, false for failure
1490 .. code-block:: json
1492 {"method":"directBackendCmd","parameters":{"query":"PING"}}
1496 .. code-block:: json
1505 .. code-block:: http
1507 POST /dnsapi/directBackendCmd HTTP/1.1
1508 Content-Type: application/x-www-form-urlencoded
1515 .. code-block:: http
1518 Content-Type: text/javascript; charset=utf-8
1525 Get DomainInfo records for all domains in your backend.
1528 - Parameters: include_disabled
1529 - Reply: array of DomainInfo
1536 .. code-block:: json
1538 {"method": "getAllDomains", "parameters": {"include_disabled": true}}
1542 .. code-block:: json
1544 {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"native"}]}
1551 .. code-block:: http
1553 GET /dnsapi/getAllDomains?includeDisabled=true HTTP/1.1
1557 .. code-block:: http
1560 Content-Type: text/javascript; charset=utf-8
1562 {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"native"}]}
1567 Can be used to search records from the backend. This is used by web api.
1570 - Parameters: pattern, maxResults
1571 - Reply: same as :ref:`remote-lookup` or false to indicate failed
1579 .. code-block:: json
1581 {"method":"searchRecords","parameters":{"pattern":"www.example*","maxResults":100}}
1585 .. code-block:: json
1587 {"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
1594 .. code-block:: http
1596 GET /dnsapi/searchRecords?q=www.example*&maxResults=100 HTTP/1.1
1600 .. code-block:: http
1603 Content-Type: text/javascript; charset=utf-8
1605 {"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
1608 ``getUpdatedMasters``
1609 ~~~~~~~~~~~~~~~~~~~~~
1611 Used to find out any updates to master domains. This is used to trigger notifications in master mode.
1615 - Reply: array of DomainInfo or at least the ``id``, ``zone``, ``serial`` and ``notified_serial`` fields
1622 .. code-block:: json
1624 {"method": "getUpdatedMasters", "parameters": {}}
1628 .. code-block:: json
1630 {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"master"}]}
1637 .. code-block:: http
1639 GET /dnsapi/getUpdatedMasters HTTP/1.1
1643 .. code-block:: http
1646 Content-Type: text/javascript; charset=utf-8
1648 {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"master"}]}
1650 ``getUnfreshSlaveInfos``
1651 ~~~~~~~~~~~~~~~~~~~~~~~~
1653 Used to find out if slave zones need checking of the master's SOA Serial.
1657 - Reply: array of DomainInfo or at least the ``id``, ``zone``, ``serial`` and ``last_check`` fields
1664 .. code-block:: json
1666 {"method": "getUnfreshSlaveInfos", "parameters": {}}
1670 .. code-block:: json
1672 {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"serial":2,"last_check":1464693331,"kind":"slave"}]}
1679 .. code-block:: http
1681 GET /dnsapi/getUnfreshSlaveInfos HTTP/1.1
1685 .. code-block:: http
1688 Content-Type: text/javascript; charset=utf-8
1690 {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"serial":2,"last_check":1464693331,"kind":"slave"}]}
1695 Called when a slave freshness check succeeded. This does not indicate the
1696 zone was updated on the master.
1700 - Reply: true for success, false for failure
1707 .. code-block:: json
1709 {"method":"setFresh","parameters":{"id":1}}
1713 .. code-block:: json
1722 .. code-block:: http
1724 PATCH /dnsapi/setFresh/1 HTTP/1.1
1725 Content-Type: application/x-www-form-urlencoded
1730 .. code-block:: http
1733 Content-Type: text/javascript; charset=utf-8
1741 Scenario: SOA lookup via pipe, unix or zeromq connector
1742 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1746 .. code-block:: json
1751 "qname": "example.com",
1759 .. code-block:: json
1765 "qname": "example.com",
1766 "content": "dns1.icann.org. hostmaster.icann.org. 2012080849 7200 3600 1209600 3600",
1773 Scenario: SOA lookup with HTTP connector
1774 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1780 /dns/lookup/example.com/SOA
1784 .. code-block:: json
1790 "qname": "example.com",
1791 "content": "dns1.icann.org. hostmaster.icann.org. 2012080849 7200 3600 1209600 3600",
projects / thirdparty / pdns.git / blob