PowerDNS Webinar - Part 2

©!Men!&!Mice!!http://menandmice.com!
PowerDNS
Part!2
Supermaster,!HTTP-API,!Lua-Scripting,!Tools
Thursday 17 September 15

PowerDNS
•Advanced!features!of!the!PowerDNS!authoritative!
server
•The!PowerDNS!HTTP-API
•Automatic!provisioning!of!slave!servers!via!a!“supermaster”
•Scripting!with!Lua
•PowerDNS!bundled!tools

©!Men!&!Mice!!http://menandmice,com!
PowerDNS!HTTP!API

PowerDNS!HTTP-API
•The!PowerDNS!authoritative!server!contains!an!HTTP-
API
•Currently!marked!as!“experimental”!and!“work!in!progress”
•Restful!
•Input!validation!via!the!PowerDNS!server
• Better!than!changing!zone-!or!configuration!data!in!a!backend!
database

PowerDNS!HTTP-API
•Function!examples
•Create!zones
•Delete!zones
•Set!zone!metadata
•Add/replace/delete!DNS!
records!in!zones
•Set!server!configuration
•Get!server!and!zone!
statistics
•Access!to!cache!content
•Management!of!TSIG!and!
DNSSEC!keys

PowerDNS!HTTP-API
•Use!cases
•DNS!server!automation!via!scripts
•Integration!of!PowerDNS!into!customer!portals
•Own!User-Interface!management!front-end!tools!with!
integrated!special!business!logic

PowerDNS!HTTP-API
DEMO

PowerDNS!“supermaster”

“traditional”!DNS!replication
Primary!
Master
Secondary!
1
Secondary!
2
Secondary!
3

SSH!login,!create!
master!zone,!add!
master!zone!to!
configuration

SSH!login,!add!
slave!zone!to!
configuration
SSH!login,!add!
slave!zone!to!
configuration
SSH!login,!add!
slave!zone!to!
configuration

Zonetransfer request

Zonetransfer
Zonetransfer
Zonetransfer

SSH!login,!add!
master!to!the!
supermaster!
table
SSH!login,!add!
master!to!the!
supermaster!
table
SSH!login,!add!
master!to!the!
supermaster!
table

SSH!login,!create!
master!zone,!add!
master!zone!to!
configuration

Notify
Notify
Notify

Notify!from!a!
“supermaster”?
Notify!from!a!
“supermaster”?
Notify!from!a!
“supermaster”?

Zonetransfer
Zonetransfer
Zonetransfer

PowerDNS!“supermaster”!
requirements
•The!secondary!must!have!the!IP-Address!of!the!master!
in!its!“supermaster”!table
•The!master!must!have!a!SOA!record!for!the!new!zone
•The!NS!record!set!of!the!new!domain!must!include!the!
names!of!the!secondary!and!master!server

DEMO

Lua!scripting

What!is!Lua?
•Lua!is!a!small!and!fast!scripting!
language!well!suited!for!
embedding
•Started!1993!at!Computer!
Graphics!Technology!Group,!Brazil
•Multi-paradigm,!easy!to!learn
•Executed!as!compiled!bytecode!for!
a!register!virtual-machine

Lua!uses
• Lua!is!very!popular!as!a!scripting!
engine!in!games
• Other!uses:
• Adobe!Lightroom
• Apache!HTTP-Server
• Cisco!ASA
• LuaTeX
• MediaWiki
• NetBSD!Kernel
• Prosody!Jabber!Server
• Redis!key-value!database
• Snort
• VIM!Editor
• Wireshark
• and!PowerDNS

PowerDNS!Lua!Backend
• With!the!PowerDNS!Lua!Backend,!DNS!answers!from!a!zone!can!
be!fully!scripted
• Use-cases:
• On-the-fly!creation!of!IPv6!and!IPv4!PTR!records!for!reverse!name!
resolution
• Create!records!from!backend!systems!not!directly!supported!by!
PowerDNS
• On-the-fly!creation!of!special!resource!records!(TLSA,!OPENPGPKEY,!
SMIMEA!...)

PowerDNS!Lua!Backend
DEMO

more!Lua
•Lua!zone-transfer!filter
•PowerDNS!can!call!a!filter!written!in!Lua!for!incoming!zone-
transfers
•Use!cases:
• Add!special!(informational)!records!to!zone
• Fix!zones!SOA!serial
• Add!zone!changes!to!a!version!control!system

PowerDNS!Tools

PowerDNS!Tools
•The!PowerDNS!distribution!includes!a!number!of!
interesting!tools
•The!tools!are!independent!from!the!PowerDNS!server!and!
can!also!be!used!with!other!DNS!server!products

PowerDNS!Tools
•Tools:
• dnsdist!-!a!DNS!load!balancer,!currently!being!transformed!into!
a!separate!product!
http://dnsdist.org/
• Tools!to!analyze!DNS!traffic:!dnswasher,!dnsscope,!dnsscan,!
dnsreplay
• Benchmark!tools:!dnsbulktest,!dnsreplay,!dnstcpbench
• DNS!troubleshooting:!nsec3dig,!saxfr

PowerDNS!Tools
DEMO

Upcoming!Training!and!
Webinars

Upcoming!trainings!(English)
•September!28!–!29,!2015!-!Introduction!to!DNS!&!
BIND!Hands!on!-!Arlington!(VA),!USA!(confirmed)
•September!28!–!October!2,!2015!-!Introduction!&!
Advanced!DNS!and!BIND!Hands!on,!Arlington!(VA),!
USA!(confirmed)

Upcoming!trainings!(German)
•19.!–!21.!October!2015!-!DHCP!Workshop!-!Essen,!
Deutschland
•26.!–!28.!October!2015!-!DNS!und!BIND!–!Die!Grundlagen!
des!Domain!Name!Systems!-!Essen,!Deutschland!(confirmed)
•26.!–!30.!October!2015!-!“DNS!und!Bind”!und!“DNS!
Security!&!DNSSEC”!-!Essen,!Deutschland!(confirmed)
•29.!–!30.!October!2015!-!DNS!Security!&!DNSSEC!-!Essen,!
Deutschland!(confirmed)

Upcoming!webinars
• Keeping!DNS!server!up-and-running!with!“runit”
22th!October!2015
• RIPE!71!and!IETF!94!reports
19th!November!2015
• DNSTAP!-!have!a!deep!look!into!DNS!server!operations!
(featuring!Unbound!and!Knot-DNS)
16th!December!2015
• The!DNS!server!in!Windows!2016!Server!-!a!big!leap!forward!(views,!response!rate!
limiting,!ACLs!and!more)
January!2016
• An!Update!on!DNSSEC!and!DANE:!new!implementations,!adoption!in!the!market,!
new!Internet!standards

Q/A
?

PowerDNS Webinar - Part 2

More Related Content

Viewers also liked (20)

Similar to PowerDNS Webinar - Part 2 (20)

More from Men and Mice (20)

Recently uploaded (20)

PowerDNS Webinar - Part 2