The release of the authoritative (authoritative) DNS server PowerDNS Authoritative Server 4.6, designed to organize the return of DNS zones, saw the light of day. According to the project developers, PowerDNS Authoritative Server serves approximately 30% of the total number of domains in Europe (if we consider only domains with DNSSEC signatures, then 90%). The project code is distributed under the GPLv2 license.
PowerDNS Authoritative Server provides the ability to store domain information in a variety of databases, including MySQL, PostgreSQL, SQLite3, Oracle, and Microsoft SQL Server, as well as in LDAP and plain text files in the BIND format. The return of the response can be additionally filtered (for example, to filter out spam) or redirected by connecting your own handlers in Lua, Java, Perl, Python, Ruby, C and C ++. Among the features, there are also tools for remote collection of statistics, including via SNMP or via the Web API (an http server is built in for statistics and management), instant restart, a built-in engine for connecting handlers in the Lua language, the ability to balance load based on the geographic location of the client .
Main innovations:
- Implemented support for PROXY protocol headers in incoming requests, which allows you to run a load balancer in front of a PowerDNS server while still passing information about the IP addresses of clients connecting to a load balancer such as dnsdist.
- Added support for the EDNS Cookies mechanism (RFC 7873), which makes it possible to identify the correctness of an IP address through the exchange of cookies between the DNS server and the client in order to protect against IP address spoofing, DoS attacks, using DNS as a traffic amplifier and cache poisoning attempts.
- A new interface has been added to the pdnsutil utility and API for managing autoprimary servers used to automate the deployment and updating of zones on secondary DNS servers without manually configuring secondary zones. It is enough to define a primary zone for the new domain on the autoprimary server, and the new domain will automatically pick up the secondary servers and configure the secondary zone for it.
Source: opennet.ru