PowerDNS 3.4.11

Uptime: 3.73 months
Queries/second, 1, 5, 10 minute averages: 1.63e-15, 8.68e-06, 8.53e-05. Max queries/second: 27.8
Cache hitrate, 1, 5, 10 minute averages: 0.0%, 0.0%, 0.0%
Backend query cache hitrate, 1, 5, 10 minute averages: 0.0%, 0.0%, 0.0%
Backend query load, 1, 5, 10 minute averages: 5.45e-190, 6.88e-40, 1.77e-21. Max queries/second: 0.2
Total queries: 19736. Question/answer latency: 0.068ms


Reset

Log Messages

HTTP STL Exception: Timeout writing data1100.0%
Total:1100%
Reset

Queries for existing records, but for type we don't have

Total:0100%
Reset

Queries for non-existent records within existent domains

Total:0100%
Reset

UDP Queries Received

hoffmeister.be/ANY240.0%
nccih.nih.gov/ANY120.0%
play.hypixel.net/ANY120.0%
satellite.cs.washington.edu/A120.0%
Total:5100%
Reset

Remote server IP addresses

185.165.29.85222.2%
198.20.69.74222.2%
149.56.65.89111.1%
192.26.136.242111.1%
46.101.101.234111.1%
72.52.246.62111.1%
74.82.47.38111.1%
Total:9100%
Reset

Remote hosts sending corrupt packets

Total:0100%
Reset

Remote hosts querying domains for which we are not auth

139.162.117.40120.0%
192.26.136.242120.0%
198.20.69.74120.0%
72.52.246.62120.0%
74.82.47.38120.0%
Total:5100%
Reset

Queries that could not be answered due to backend errors

Total:0100%
Reset

Queries for domains that we are not authoritative for

a.root-servers.net/A120.0%
direct.shodan.io/A120.0%
dnsscan.shadowserver.org/A120.0%
satellite.cs.washington.edu/A120.0%
www.qq.com/A120.0%
Total:5100%

Variables

corrupt-packets94Number of corrupt packets received
deferred-cache-inserts0Amount of cache inserts that were deferred because of maintenance
deferred-cache-lookup0Amount of cache lookups that were deferred because of maintenance
dnsupdate-answers0DNS update packets successfully answered.
dnsupdate-changes0DNS update changes to records in total.
dnsupdate-queries0DNS update packets received.
dnsupdate-refused0DNS update packets that are refused.
packetcache-hit19
packetcache-miss19548
packetcache-size0
query-cache-hit48Number of hits on the query cache
query-cache-miss1761Number of misses on the query cache
rd-queries19706Number of recursion desired questions
recursing-answers0Number of recursive answers sent out
recursing-questions0Number of questions sent to recursor
recursion-unanswered0Number of packets unanswered by configured recursor
security-status0Security status based on regular polling
servfail-packets0Number of times a server-failed packet was sent out
signatures0Number of DNSSEC signatures made
tcp-answers64Number of answers sent out over TCP
tcp-queries67Number of TCP queries received
timedout-packets0Number of packets which weren't answered within timeout set
udp-answers19737Number of answers sent out over UDP
udp-answers-bytes841683Total size of answers sent out over UDP
udp-do-queries1Number of UDP queries received with DO bit
udp-queries19736Number of UDP queries received
udp4-answers19737Number of IPv4 answers sent out over UDP
udp4-queries19737Number of IPv4 UDP queries received
udp6-answers0Number of IPv6 answers sent out over UDP
udp6-queries0Number of IPv6 UDP queries received
key-cache-size0Number of entries in the key cache
latency68Average number of microseconds needed to answer a question
meta-cache-size0Number of entries in the metadata cache
qsize-q0Number of questions waiting for database attention
signature-cache-size0Number of entries in the signature cache
sys-msec95402Number of msec spent in system time
uptime9793140Uptime of process in seconds
user-msec478275Number of msec spent in user time
Arguments
allow-axfr-ips127.0.0.0/8,::1Allow zonetransfers only to these subnets
allow-dnsupdate-from127.0.0.0/8,::1A global setting to allow DNS updates from these IP ranges.
allow-notify-from0.0.0.0/0,::/0Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
allow-recursion0.0.0.0/0List of subnets that are allowed to recurse
also-notifyWhen notifying a domain, also notify these nameservers
any-to-tcpyesAnswer ANY queries with tc=1, shunting to TCP
cache-ttl20Seconds to store packets in the PacketCache
carbon-interval30Number of seconds between carbon (graphite) updates
carbon-ournameIf set, overrides our reported hostname for carbon stats
carbon-serverIf set, send metrics in carbon (graphite) format to this server
chrootIf set, chroot to this directory for more security
confignoProvide configuration file on standard output
config-dir/etc/pdnsLocation of configuration directory (pdns.conf)
config-nameName of this virtual configuration - will rename the binary image
control-consolenoDebugging switch - don't use
daemonOperate as a daemon
default-ksk-algorithmsrsasha256Default KSK algorithms
default-ksk-size0Default KSK size (0 means default)
default-soa-editDefault SOA-EDIT value
default-soa-edit-signedDefault SOA-EDIT value for signed zones
default-soa-mailmail address to insert in the SOA record if none set in the backend
default-soa-namea.misconfigured.powerdns.servername to insert in the SOA record if none set in the backend
default-ttl3600Seconds a result is valid if not set otherwise
default-zsk-algorithmsrsasha256Default ZSK algorithms
default-zsk-size0Default ZSK size (0 means default)
direct-dnskeynoFetch DNSKEY RRs from backend during DNSKEY synthesis
disable-axfrnoDisable zonetransfers but do allow TCP queries
disable-axfr-rectifynoDisable the rectify step during an outgoing AXFR. Only required for regression testing.
disable-syslognoDisable logging to syslog, useful when running inside a supervisor that logs stdout
disable-tcpnoDo not listen to TCP queries
distributor-threads3Default number of Distributor (backend) threads to start
do-ipv6-additional-processingyesDo AAAA additional processing
edns-subnet-processingnoIf we should act on EDNS Subnet options
entropy-source/dev/urandomIf set, read entropy from this file
experimental-api-keyREST API Static authentication key (required for API use)
experimental-api-readonlynoIf the JSON API should disallow data modification
experimental-dname-processingnoIf we should support DNAME records
experimental-dnsupdatenoEnable/Disable DNS update (RFC2136) support. Default is no.
experimental-json-interfacenoIf the webserver should serve JSON data
experimental-logfile/var/log/pdns.logFilename of the log file for JSON parser
forward-dnsupdateyesA global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
gmysql-activate-domain-key-queryupdate cryptokeys set active=1 where domain_id=(select id from domains where name='%s') and cryptokeys.id=%d
gmysql-add-domain-key-queryinsert into cryptokeys (domain_id, flags, active, content) select id, %d, %d, '%s' from domains where name='%s'
gmysql-any-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='%s' and domain_id=%dAny with ID query
gmysql-any-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='%s'Any query
gmysql-basic-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='%s' and name='%s'Basic query
gmysql-clear-domain-all-keys-querydelete from cryptokeys where domain_id=(select id from domains where name='%s')
gmysql-clear-domain-all-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name='%s')
gmysql-clear-domain-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name='%s') and domainmetadata.kind='%s'
gmysql-dbnamepowerdnsPdns backend database name to connect to
gmysql-deactivate-domain-key-queryupdate cryptokeys set active=0 where domain_id=(select id from domains where name='%s') and cryptokeys.id=%d
gmysql-delete-comment-rrset-queryDELETE FROM comments WHERE domain_id=%d AND name='%s' AND type='%s'
gmysql-delete-comments-queryDELETE FROM comments WHERE domain_id=%d
gmysql-delete-domain-querydelete from domains where name='%s'
gmysql-delete-empty-non-terminal-querydelete from records where domain_id='%d' and name='%s' and type is nulldelete empty non-terminal from zone
gmysql-delete-names-querydelete from records where domain_id = %d and name='%s'
gmysql-delete-rrset-querydelete from records where domain_id=%d and name='%s' and type='%s'
gmysql-delete-tsig-key-querydelete from tsigkeys where name='%s'
gmysql-delete-zone-querydelete from records where domain_id=%d
gmysql-dnssecnoEnable DNSSEC processing
gmysql-get-all-domain-metadata-queryselect kind,content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name='%s'
gmysql-get-all-domains-queryselect domains.id, domains.name, records.content, domains.type, domains.master, domains.notified_serial, domains.last_check, domains.account from domains LEFT JOIN records ON records.domain_id=domains.id AND records.type='SOA' AND records.name=domains.name WHERE records.disabled=0 OR %dRetrieve all domains
gmysql-get-domain-metadata-queryselect content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name='%s' and domainmetadata.kind='%s'
gmysql-get-order-after-queryselect ordername from records where ordername > '%s' and domain_id=%d and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, after
gmysql-get-order-before-queryselect ordername, name from records where ordername <= '%s' and domain_id=%d and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, before
gmysql-get-order-first-queryselect ordername, name from records where domain_id=%d and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, first
gmysql-get-order-last-queryselect ordername, name from records where ordername != '' and domain_id=%d and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, last
gmysql-get-tsig-key-queryselect algorithm, secret from tsigkeys where name='%s'
gmysql-get-tsig-keys-queryselect name,algorithm, secret from tsigkeys
gmysql-groupclientPdns backend MySQL 'group' to connect as
gmysql-hostlocalhostDatabase backend host to connect to
gmysql-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='%s' and name='%s' and domain_id=%dBasic with ID query
gmysql-info-all-master-queryselect id,name,master,last_check,notified_serial,type from domains where type='MASTER'
gmysql-info-all-slaves-queryselect id,name,master,last_check,type from domains where type='SLAVE'
gmysql-info-zone-queryselect id,name,master,last_check,notified_serial,type,account from domains where name='%s'
gmysql-innodb-read-committedyesUse InnoDB READ-COMMITTED transaction isolation level
gmysql-insert-comment-queryINSERT INTO comments (domain_id, name, type, modified_at, account, comment) VALUES (%d, '%s', '%s', %d, '%s', '%s')
gmysql-insert-empty-non-terminal-queryinsert into records (domain_id,name,type,disabled,auth) values ('%d','%s',null,0,'1')insert empty non-terminal in zone
gmysql-insert-ent-order-queryinsert into records (type,domain_id,disabled,name,ordername,auth) values (null,'%d',0,'%s','%s','%d')insert empty non-terminal in zone
gmysql-insert-ent-queryinsert into records (type,domain_id,disabled,name,auth) values (null,'%d',0,'%s','%d')insert empty non-terminal in zone
gmysql-insert-record-order-queryinsert into records (content,ttl,prio,type,domain_id,disabled,name,ordername,auth) values ('%s',%d,%d,'%s',%d,%d,'%s','%s','%d')
gmysql-insert-record-queryinsert into records (content,ttl,prio,type,domain_id,disabled,name,auth) values ('%s',%d,%d,'%s',%d,%d,'%s','%d')
gmysql-insert-slave-queryinsert into domains (type,name,master,account) values('SLAVE','%s','%s','%s')
gmysql-insert-zone-queryinsert into domains (type,name) values('NATIVE','%s')
gmysql-list-comments-querySELECT domain_id,name,type,modified_at,account,comment FROM comments WHERE domain_id=%d
gmysql-list-domain-keys-queryselect cryptokeys.id, flags, active, content from domains, cryptokeys where cryptokeys.domain_id=domains.id and name='%s'
gmysql-list-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE (disabled=0 OR %d) and domain_id='%d' order by name, typeAXFR query
gmysql-list-subzone-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and (name='%s' OR name like '%s') and domain_id='%d'Subzone listing
gmysql-master-zone-queryselect master from domains where name='%s' and type='SLAVE'Data
gmysql-nullify-ordername-and-auth-queryupdate records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d' and disabled=0DNSSEC nullify ordername and auth query
gmysql-nullify-ordername-and-update-auth-queryupdate records set ordername=NULL,auth=%d where domain_id='%d' and name='%s' and disabled=0DNSSEC nullify ordername and update auth query
gmysql-passwordSCvTEdCSSXMKSmfTz5KeftEaPdns backend password to connect with
gmysql-port0Database backend port to connect to
gmysql-remove-domain-key-querydelete from cryptokeys where domain_id=(select id from domains where name='%s') and cryptokeys.id=%d
gmysql-remove-empty-non-terminals-from-zone-querydelete from records where domain_id='%d' and type is nullremove all empty non-terminals from zone
gmysql-set-auth-on-ds-record-queryupdate records set auth=1 where domain_id='%d' and name='%s' and type='DS' and disabled=0DNSSEC set auth on a DS record
gmysql-set-domain-metadata-queryinsert into domainmetadata (domain_id, kind, content) select id, '%s', '%s' from domains where name='%s'
gmysql-set-order-and-auth-queryupdate records set ordername='%s',auth=%d where name='%s' and domain_id='%d' and disabled=0DNSSEC set ordering query
gmysql-set-tsig-key-queryreplace into tsigkeys (name,algorithm,secret) values('%s','%s','%s')
gmysql-socketPdns backend socket to connect to
gmysql-supermaster-name-to-ipsselect ip,account from supermasters where nameserver='%s' and account='%s'
gmysql-supermaster-queryselect account from supermasters where ip='%s' and nameserver='%s'
gmysql-update-account-queryupdate domains set account='%s' where name='%s'
gmysql-update-kind-queryupdate domains set type='%s' where name='%s'
gmysql-update-lastcheck-queryupdate domains set last_check=%d where id=%d
gmysql-update-master-queryupdate domains set master='%s' where name='%s'
gmysql-update-serial-queryupdate domains set notified_serial=%d where id=%d
gmysql-userpowerdns_userDatabase backend user to connect as
gmysql-zone-lastchange-queryselect max(change_date) from records where domain_id=%d
guardiannoRun within a guardian process
helpnoProvide a helpful message
include-dirInclude *.conf files from this directory
launchgmysqlWhich backends to launch and order to query them in
list-modulesnoLists all modules available
load-modulesLoad this module - supply absolute or relative path
local-address0.0.0.0Local IP addresses to which we bind
local-address-nonexist-failyesFail to start if one or more of the local-address's do not exist on this server
local-ipv6Local IP address to which we bind
local-ipv6-nonexist-failyesFail to start if one or more of the local-ipv6 addresses do not exist on this server
local-port53The port on which we listen
log-dns-detailsnoIf PDNS should log DNS non-erroneous details
log-dns-queriesnoIf PDNS should log all incoming DNS queries
logging-facilityLog under a specific facility
loglevel4Amount of logging. Higher is more. Do not set below 3
lua-prequery-scriptLua script with prequery handler
masternoAct as a master
max-cache-entries1000000Maximum number of cache entries
max-ent-entries100000Maximum number of empty non-terminals in a zone
max-nsec3-iterations500Limit the number of NSEC3 hash iterations
max-queue-length5000Maximum queuelength before considering situation lost
max-signature-cache-entriesMaximum number of signatures cache entries
max-tcp-connections10Maximum number of TCP connections
module-dir/usr/lib64/pdnsDefault directory for modules
negquery-cache-ttl60Seconds to store negative query results in the QueryCache
no-confignoDon't parse configuration file
no-shuffleoffSet this to prevent random shuffling of answers - for regression testing
only-notify0.0.0.0/0,::/0Only send AXFR NOTIFY to these IP addresses or netmasks
out-of-zone-additional-processingyesDo out of zone additional processing
overload-queue-length0Maximum queuelength moving to packetcache only
pipebackend-abi-version1Version of the pipe backend ABI
prevent-self-notificationyesDon't send notifications to what we think is ourself
query-cache-ttl20Seconds to store query results in the QueryCache
query-local-address0.0.0.0Source IP address for sending queries
query-local-address6::Source IPv6 address for sending queries
query-loggingnoHint backends that queries should be logged
queue-limit1500Maximum number of milliseconds to queue a query
receiver-threads1Default number of receiver threads to start
recursive-cache-ttl10Seconds to store packets for recursive queries in the PacketCache
recursornoIf recursion is desired, IP address of a recursing nameserver
retrieval-threads2Number of AXFR-retrieval threads for slave operation
reuseportnoEnable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
security-poll-suffixDomain name from which to query security update notifications
send-root-referralnoSend out old-fashioned root-referral instead of ServFail in case of no authority
server-idhostmaster.deltasync-dns.comReturned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
setgidpdnsIf set, change group id to this gid for more security
setuidpdnsIf set, change user id to this uid for more security
signing-threads3Default number of signer threads to start
slavenoAct as a slave
slave-cycle-interval60Schedule slave freshness checks once every .. seconds
slave-renotifynoIf we should send out notifications for slaved updates
soa-expire-default604800Default SOA expire
soa-minimum-ttl3600Default SOA minimum ttl
soa-refresh-default10800Default SOA refresh
soa-retry-default3600Default SOA retry
socket-dir/var/runWhere the controlsocket will live
tcp-control-addressIf set, PowerDNS can be controlled over TCP on this address
tcp-control-port53000If set, PowerDNS can be controlled over TCP on this address
tcp-control-range127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10If set, remote control of PowerDNS is possible over these networks only
tcp-control-secretIf set, PowerDNS can be controlled over TCP after passing this secret
traceback-handleryesEnable the traceback handler (Linux only)
trust