PowerDNS 3.4.11

Uptime: 5.74 months
Queries/second, 1, 5, 10 minute averages: 2.27e-28, 2.42e-08, 4.52e-06. Max queries/second: 27.8
Cache hitrate, 1, 5, 10 minute averages: 0.0%, 0.0%, 0.0%
Backend query cache hitrate, 1, 5, 10 minute averages: 0.0%, 0.0%, 0.0%
Backend query load, 1, 5, 10 minute averages: 1.61e-71, 1.97e-16, 8.3e-10. Max queries/second: 0.233
Total queries: 20202. Question/answer latency: 0.163ms


Reset

Log Messages

Total:0100%
Reset

Queries for existing records, but for type we don't have

Total:0100%
Reset

Queries for non-existent records within existent domains

Total:0100%
Reset

UDP Queries Received

activum.nu/ANY313.6%
dnsscan.shadowserver.org/A313.6%
leth.cc/ANY313.6%
test.openresolver.com/TXT29.1%
VERSION.BIND/TXT14.5%
a.gtld-servers.net/A14.5%
ada.gov/ANY14.5%
com/ANY14.5%
cpsc.gov/ANY14.5%
direct.shodan.io/A14.5%
Rest:522.7%
Total:22100%
Reset

Remote server IP addresses

185.188.207.13627.3%
191.96.249.131313.6%
23.252.100.10029.1%
34.202.233.5229.1%
80.82.77.13929.1%
185.94.111.114.5%
198.12.96.13714.5%
209.126.136.214.5%
221.218.124.2214.5%
74.82.47.2614.5%
Rest:29.1%
Total:22100%
Reset

Remote hosts sending corrupt packets

Total:0100%
Reset

Remote hosts querying domains for which we are not auth

23.252.100.100220.0%
139.162.117.40110.0%
209.126.136.2110.0%
221.218.124.22110.0%
34.202.233.52110.0%
74.82.47.26110.0%
74.82.47.30110.0%
74.82.47.34110.0%
80.82.77.139110.0%
Total:10100%
Reset

Queries that could not be answered due to backend errors

Total:0100%
Reset

Queries for domains that we are not authoritative for

dnsscan.shadowserver.org/A330.0%
test.openresolver.com/TXT220.0%
a.gtld-servers.net/A110.0%
direct.shodan.io/A110.0%
msn.com/A110.0%
www.qq.com/A110.0%
www.yahoo.com/A110.0%
Total:10100%

Variables

corrupt-packets125Number of corrupt packets received
deferred-cache-inserts0Amount of cache inserts that were deferred because of maintenance
deferred-cache-lookup0Amount of cache lookups that were deferred because of maintenance
dnsupdate-answers0DNS update packets successfully answered.
dnsupdate-changes0DNS update changes to records in total.
dnsupdate-queries0DNS update packets received.
dnsupdate-refused0DNS update packets that are refused.
packetcache-hit19
packetcache-miss19949
packetcache-size0
query-cache-hit48Number of hits on the query cache
query-cache-miss2699Number of misses on the query cache
rd-queries20170Number of recursion desired questions
recursing-answers0Number of recursive answers sent out
recursing-questions0Number of questions sent to recursor
recursion-unanswered0Number of packets unanswered by configured recursor
security-status0Security status based on regular polling
servfail-packets0Number of times a server-failed packet was sent out
signatures0Number of DNSSEC signatures made
tcp-answers109Number of answers sent out over TCP
tcp-queries112Number of TCP queries received
timedout-packets0Number of packets which weren't answered within timeout set
udp-answers20202Number of answers sent out over UDP
udp-answers-bytes867733Total size of answers sent out over UDP
udp-do-queries1Number of UDP queries received with DO bit
udp-queries20202Number of UDP queries received
udp4-answers20202Number of IPv4 answers sent out over UDP
udp4-queries20203Number of IPv4 UDP queries received
udp6-answers0Number of IPv6 answers sent out over UDP
udp6-queries0Number of IPv6 UDP queries received
key-cache-size0Number of entries in the key cache
latency163Average number of microseconds needed to answer a question
meta-cache-size0Number of entries in the metadata cache
qsize-q0Number of questions waiting for database attention
signature-cache-size0Number of entries in the signature cache
sys-msec139477Number of msec spent in system time
uptime15079080Uptime of process in seconds
user-msec762953Number of msec spent in user time
Arguments
allow-axfr-ips127.0.0.0/8,::1Allow zonetransfers only to these subnets
allow-dnsupdate-from127.0.0.0/8,::1A global setting to allow DNS updates from these IP ranges.
allow-notify-from0.0.0.0/0,::/0Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
allow-recursion0.0.0.0/0List of subnets that are allowed to recurse
also-notifyWhen notifying a domain, also notify these nameservers
any-to-tcpyesAnswer ANY queries with tc=1, shunting to TCP
cache-ttl20Seconds to store packets in the PacketCache
carbon-interval30Number of seconds between carbon (graphite) updates
carbon-ournameIf set, overrides our reported hostname for carbon stats
carbon-serverIf set, send metrics in carbon (graphite) format to this server
chrootIf set, chroot to this directory for more security
confignoProvide configuration file on standard output
config-dir/etc/pdnsLocation of configuration directory (pdns.conf)
config-nameName of this virtual configuration - will rename the binary image
control-consolenoDebugging switch - don't use
daemonOperate as a daemon
default-ksk-algorithmsrsasha256Default KSK algorithms
default-ksk-size0Default KSK size (0 means default)
default-soa-editDefault SOA-EDIT value
default-soa-edit-signedDefault SOA-EDIT value for signed zones
default-soa-mailmail address to insert in the SOA record if none set in the backend
default-soa-namea.misconfigured.powerdns.servername to insert in the SOA record if none set in the backend
default-ttl3600Seconds a result is valid if not set otherwise
default-zsk-algorithmsrsasha256Default ZSK algorithms
default-zsk-size0Default ZSK size (0 means default)
direct-dnskeynoFetch DNSKEY RRs from backend during DNSKEY synthesis
disable-axfrnoDisable zonetransfers but do allow TCP queries
disable-axfr-rectifynoDisable the rectify step during an outgoing AXFR. Only required for regression testing.
disable-syslognoDisable logging to syslog, useful when running inside a supervisor that logs stdout
disable-tcpnoDo not listen to TCP queries
distributor-threads3Default number of Distributor (backend) threads to start
do-ipv6-additional-processingyesDo AAAA additional processing
edns-subnet-processingnoIf we should act on EDNS Subnet options
entropy-source/dev/urandomIf set, read entropy from this file
experimental-api-keyREST API Static authentication key (required for API use)
experimental-api-readonlynoIf the JSON API should disallow data modification
experimental-dname-processingnoIf we should support DNAME records
experimental-dnsupdatenoEnable/Disable DNS update (RFC2136) support. Default is no.
experimental-json-interfacenoIf the webserver should serve JSON data
experimental-logfile/var/log/pdns.logFilename of the log file for JSON parser
forward-dnsupdateyesA global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
gmysql-activate-domain-key-queryupdate cryptokeys set active=1 where domain_id=(select id from domains where name='%s') and cryptokeys.id=%d
gmysql-add-domain-key-queryinsert into cryptokeys (domain_id, flags, active, content) select id, %d, %d, '%s' from domains where name='%s'
gmysql-any-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='%s' and domain_id=%dAny with ID query
gmysql-any-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='%s'Any query
gmysql-basic-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='%s' and name='%s'Basic query
gmysql-clear-domain-all-keys-querydelete from cryptokeys where domain_id=(select id from domains where name='%s')
gmysql-clear-domain-all-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name='%s')
gmysql-clear-domain-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name='%s') and domainmetadata.kind='%s'
gmysql-dbnamepowerdnsPdns backend database name to connect to
gmysql-deactivate-domain-key-queryupdate cryptokeys set active=0 where domain_id=(select id from domains where name='%s') and cryptokeys.id=%d
gmysql-delete-comment-rrset-queryDELETE FROM comments WHERE domain_id=%d AND name='%s' AND type='%s'
gmysql-delete-comments-queryDELETE FROM comments WHERE domain_id=%d
gmysql-delete-domain-querydelete from domains where name='%s'
gmysql-delete-empty-non-terminal-querydelete from records where domain_id='%d' and name='%s' and type is nulldelete empty non-terminal from zone
gmysql-delete-names-querydelete from records where domain_id = %d and name='%s'
gmysql-delete-rrset-querydelete from records where domain_id=%d and name='%s' and type='%s'
gmysql-delete-tsig-key-querydelete from tsigkeys where name='%s'
gmysql-delete-zone-querydelete from records where domain_id=%d
gmysql-dnssecnoEnable DNSSEC processing
gmysql-get-all-domain-metadata-queryselect kind,content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name='%s'
gmysql-get-all-domains-queryselect domains.id, domains.name, records.content, domains.type, domains.master, domains.notified_serial, domains.last_check, domains.account from domains LEFT JOIN records ON records.domain_id=domains.id AND records.type='SOA' AND records.name=domains.name WHERE records.disabled=0 OR %dRetrieve all domains
gmysql-get-domain-metadata-queryselect content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name='%s' and domainmetadata.kind='%s'
gmysql-get-order-after-queryselect ordername from records where ordername > '%s' and domain_id=%d and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, after
gmysql-get-order-before-queryselect ordername, name from records where ordername <= '%s' and domain_id=%d and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, before
gmysql-get-order-first-queryselect ordername, name from records where domain_id=%d and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, first
gmysql-get-order-last-queryselect ordername, name from records where ordername != '' and domain_id=%d and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, last
gmysql-get-tsig-key-queryselect algorithm, secret from tsigkeys where name='%s'
gmysql-get-tsig-keys-queryselect name,algorithm, secret from tsigkeys
gmysql-groupclientPdns backend MySQL 'group' to connect as
gmysql-hostlocalhostDatabase backend host to connect to
gmysql-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='%s' and name='%s' and domain_id=%dBasic with ID query
gmysql-info-all-master-queryselect id,name,master,last_check,notified_serial,type from domains where type='MASTER'
gmysql-info-all-slaves-queryselect id,name,master,last_check,type from domains where type='SLAVE'
gmysql-info-zone-queryselect id,name,master,last_check,notified_serial,type,account from domains where name='%s'
gmysql-innodb-read-committedyesUse InnoDB READ-COMMITTED transaction isolation level
gmysql-insert-comment-queryINSERT INTO comments (domain_id, name, type, modified_at, account, comment) VALUES (%d, '%s', '%s', %d, '%s', '%s')
gmysql-insert-empty-non-terminal-queryinsert into records (domain_id,name,type,disabled,auth) values ('%d','%s',null,0,'1')insert empty non-terminal in zone
gmysql-insert-ent-order-queryinsert into records (type,domain_id,disabled,name,ordername,auth) values (null,'%d',0,'%s','%s','%d')insert empty non-terminal in zone
gmysql-insert-ent-queryinsert into records (type,domain_id,disabled,name,auth) values (null,'%d',0,'%s','%d')insert empty non-terminal in zone
gmysql-insert-record-order-queryinsert into records (content,ttl,prio,type,domain_id,disabled,name,ordername,auth) values ('%s',%d,%d,'%s',%d,%d,'%s','%s','%d')
gmysql-insert-record-queryinsert into records (content,ttl,prio,type,domain_id,disabled,name,auth) values ('%s',%d,%d,'%s',%d,%d,'%s','%d')
gmysql-insert-slave-queryinsert into domains (type,name,master,account) values('SLAVE','%s','%s','%s')
gmysql-insert-zone-queryinsert into domains (type,name) values('NATIVE','%s')
gmysql-list-comments-querySELECT domain_id,name,type,modified_at,account,comment FROM comments WHERE domain_id=%d
gmysql-list-domain-keys-queryselect cryptokeys.id, flags, active, content from domains, cryptokeys where cryptokeys.domain_id=domains.id and name='%s'
gmysql-list-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE (disabled=0 OR %d) and domain_id='%d' order by name, typeAXFR query
gmysql-list-subzone-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and (name='%s' OR name like '%s') and domain_id='%d'Subzone listing
gmysql-master-zone-queryselect master from domains where name='%s' and type='SLAVE'Data
gmysql-nullify-ordername-and-auth-queryupdate records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d' and disabled=0DNSSEC nullify ordername and auth query
gmysql-nullify-ordername-and-update-auth-queryupdate records set ordername=NULL,auth=%d where domain_id='%d' and name='%s' and disabled=0DNSSEC nullify ordername and update auth query
gmysql-passwordSCvTEdCSSXMKSmfTz5KeftEaPdns backend password to connect with
gmysql-port0Database backend port to connect to
gmysql-remove-domain-key-querydelete from cryptokeys where domain_id=(select id from domains where name='%s') and cryptokeys.id=%d
gmysql-remove-empty-non-terminals-from-zone-querydelete from records where domain_id='%d' and type is nullremove all empty non-terminals from zone
gmysql-set-auth-on-ds-record-queryupdate records set auth=1 where domain_id='%d' and name='%s' and type='DS' and disabled=0DNSSEC set auth on a DS record
gmysql-set-domain-metadata-queryinsert into domainmetadata (domain_id, kind, content) select id, '%s', '%s' from domains where name='%s'
gmysql-set-order-and-auth-queryupdate records set ordername='%s',auth=%d where name='%s' and domain_id='%d' and disabled=0DNSSEC set ordering query
gmysql-set-tsig-key-queryreplace into tsigkeys (name,algorithm,secret) values('%s','%s','%s')
gmysql-socketPdns backend socket to connect to
gmysql-supermaster-name-to-ipsselect ip,account from supermasters where nameserver='%s' and account='%s'
gmysql-supermaster-queryselect account from supermasters where ip='%s' and nameserver='%s'
gmysql-update-account-queryupdate domains set account='%s' where name='%s'
gmysql-update-kind-queryupdate domains set type='%s' where name='%s'
gmysql-update-lastcheck-queryupdate domains set last_check=%d where id=%d
gmysql-update-master-queryupdate domains set master='%s' where name='%s'
gmysql-update-serial-queryupdate domains set notified_serial=%d where id=%d
gmysql-userpowerdns_userDatabase backend user to connect as
gmysql-zone-lastchange-queryselect max(change_date) from records where domain_id=%d
guardiannoRun within a guardian process
helpnoProvide a helpful message
include-dirInclude *.conf files from this directory
launchgmysqlWhich backends to launch and order to query them in
list-modulesnoLists all modules available
load-modulesLoad this module - supply absolute or relative path
local-address0.0.0.0Local IP addresses to which we bind
local-address-nonexist-failyesFail to start if one or more of the local-address's do not exist on this server
local-ipv6Local IP address to which we bind
local-ipv6-nonexist-failyesFail to start if one or more of the local-ipv6 addresses do not exist on this server
local-port53The port on which we listen
log-dns-detailsnoIf PDNS should log DNS non-erroneous details
log-dns-queriesnoIf PDNS should log all incoming DNS queries
logging-facilityLog under a specific facility
loglevel4Amount of logging. Higher is more. Do not set below 3
lua-prequery-scriptLua script with prequery handler
masternoAct as a master
max-cache-entries1000000Maximum number of cache entries
max-ent-entries100000Maximum number of empty non-terminals in a zone
max-nsec3-iterations500Limit the number of NSEC3 hash iterations
max-queue-length5000Maximum queuelength before considering situation lost
max-signature-cache-entriesMaximum number of signatures cache entries
max-tcp-connections10Maximum number of TCP connections
module-dir/usr/lib64/pdnsDefault directory for modules
negquery-cache-ttl60Seconds to store negative query results in the QueryCache
no-confignoDon't parse configuration file
no-shuffleoffSet this to prevent random shuffling of answers - for regression testing
only-notify0.0.0.0/0,::/0Only send AXFR NOTIFY to these IP addresses or netmasks
out-of-zone-additional-processingyesDo out of zone additional processing
overload-queue-length0Maximum queuelength moving to packetcache only
pipebackend-abi-version1Version of the pipe backend ABI
prevent-self-notificationyesDon't send notifications to what we think is ourself
query-cache-ttl20Seconds to store query results in the QueryCache
query-local-address0.0.0.0Source IP address for sending queries
query-local-address6::Source IPv6 address for sending queries
query-loggingnoHint backends that queries should be logged
queue-limit1500Maximum number of milliseconds to queue a query
receiver-threads1Default number of receiver threads to start
recursive-cache-ttl10Seconds to store packets for recursive queries in the PacketCache
recursornoIf recursion is desired, IP address of a recursing nameserver
retrieval-threads2Number of AXFR-retrieval threads for slave operation
reuseportnoEnable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
security-poll-suffixDomain name from which to query security update notifications
send-root-referralnoSend out old-fashioned root-referral instead of ServFail in case of no authority
server-idhostmaster.deltasync-dns.comReturned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
setgidpdnsIf set, change group id to this gid for more security
setuidpdnsIf set, change user id to this uid for more security
signing-threads3Default number of signer threads to start
slavenoAct as a slave
slave-cycle-interval60Schedule slave freshness checks once every .. seconds
slave-renotifynoIf we should send out notifications for slaved updates
soa-ex