Ahhh, PowerDNS! At the time I determined that BIND was completely unscalable to perform configuration management on (no include directives in those days, circa 2007), I determined that I needed a DNS server which supported ordinary SQL and a relational database on the backend.
PowerDNS was the only DNS server at the time to use a relational database, and they supported several, including Oracle, which is what won me over. I embarked on an epic journey to make PowerDNS a first class citizen on Solaris 10. It took me five years, but boy did it pay off with massive dividends in stability and scalability!
PowerDNS isn't a perfect piece of software though: it has two major weaknesses, first that it is written in C++ as opposed to C and that made it a bitch to port to Solaris, and second that it depends on Boost, which is also a massive, bloated C++ monster which is a nightmare to get to build on any platform, let alone Solaris.
However, the software itself is a damn good DNS server, resistant to most attacks and constantly improving having had loving care from its user community, some which could be core PowerDNS developers in their own right. Finally it bears writing that the owners of PowerDNS are some of the kindest, sweetest guys one ever had the pleasure of working with, and they are open to considering suggestions and accepting contributions in patches and features. They were an absolute blast to work with over the years and could serve as poster children on how open source collaboration could work and make money off of at the same time.
Database name has nothing to do with normal host name resolution; they are two separate worlds. Oracle uses her own name resolution: "sqlnet.ora" is the equivalent of nsswitch.conf(4), and "tnsnames.ora" defines the TNS listener's service name(s), protocol, port, and connection type.
Database name, user and password are then configured in powerdns.conf(4). When linked with Oracle client libraries, pdns(1M) Oracle backend module makes the database connection over "OCI", the Oracle client interface.
Other database backends, like for example SQLite run on the same server so pdns(1M) "gsqlite" backend module opens the database file directly.
I did a talk on that at OHM2013 but sadly the recordings got lost. Will blog it up one day. You can be a "good" open source company and still make money! It does require a lot of planning though.
They sell commercial support contracts, and because the software is so good, they have several very large customers, to write the least... PowerDNS powers a lot of top level domains by now.
That's because it uses [markdeep](https://casual-effects.com/markdeep/), which lets you add a <script> and stylesheet tag to your markdown file to have any JS-enabled browser render it as HTML. If you backslash/view source, you can see the original markdown with the <script> and stylesheet tags.
Markdeep is the single best Markdown implementation I have ever used. The generated pages are beautiful and it supports a vast number of features. If I want to save a processed page as plain HTML, I just have to save the page's current state.
It works with elinks. When the page is loaded, press backslash key (view page source). See below for sample.
I dont use Chrome. Cant comment on that.
<meta charset="utf-8" emacsmode="-*- markdown -*-">
**A warm welcome to DNS**
# Hello, and welcome to DNS!
This series of documents attempts to provide a correct introduction to the
Domain Name System as of 2018. The original RFCs remain the authoritative
source of normative text, but this document tries to make this venerable
protocol more accessible, while maintaining full alignment with all relevant
and useful RFCs.
You see something before hitting backslash. I guess you didnt even bother to try it? Why are you even commenting then? When you hit backslash it simply changes the formatting, making what you see easier to read. If I can read the content as text, then it works. Its a text-only browser. Its for reading text, not executing Javascript.
If I recall correctly many years ago on the djbdns mailing list djb said you did not know what you are talking about or something to that effect. At the time I thought maybe he was being a little harsh. As usual, he was right. You are annoying.
> In order to squeeze as much information as possible into the 512 bytes...
I appreciate that this is a work in progress but this section is misleading. As all too briefly mentioned elsewhere on the page, EDNS allows extending this. In practice most of the resolvers I connect to do support EDNS and a buffer of 4096. So yes 512 may be needed as a fallback (depending on what you're doing) but you'll almost certainly have more room to breathe than that. IPv6 and DNSSEC practically make the extra space a necessity.
> DNS names can (and often MUST) be compressed.
I don't think I've ever seen label compression in actual use? RFC 6891 (https://tools.ietf.org/html/rfc6891) seems to suggest they're obsolete.
Label compression is pretty common, I think all of the big name server implementations do it by default. Amazon Route 53 definitely does it - I wrote the code! But my favorite thing about DNS label compression is probably this quote from DJB's code where he implemented it ...
> I appreciate that this is a work in progress but this section is misleading. As all too briefly mentioned elsewhere on the page, EDNS allows extending this. In practice most of the resolvers I connect to do support EDNS and a buffer of 4096. So yes 512 may be needed as a fallback (depending on what you're doing) but you'll almost certainly have more room to breathe than that. IPv6 and DNSSEC practically make the extra space a necessity.
EDNS is fundamental DNS knowledge that any DNS server implementer knows and Bert is one. He's talking about "when DNS was created" in that context, i.e., the current DNS's RFC 1034/1035 times.
"The original RFCs remain the authoritative source of normative text, but this document tries to make this venerable protocol more accessible, while maintaining full alignment with all relevant and useful RFCs"
so if anyone has lost their mind looking for a complete list of DNS RFC's and their relationship / timeline, ... knock yourselves out: https://emaillab.jp/dns/dns-rfc/
Another viewer is https://powerdns.org/dns-camel - where you can select obsoleted, informational, experimental, historic, and standards (track) RFCs. And drafts!
I've implemented powerdns in prod a few times and really like it. There are some quirks but it has good documentation and a huge point for me is it is gpl (or gpl compat, I can't remember which)
Same, I use it as the central authoritative DNS server for our internal domains, backed by a simple sqlite datbase which seems to be able to handle it without a single issue. Local Bind9 instances are configured on all our sites to ASFR all zones, and handle the client-facing traffic. All this is managed using Ansible, and works like a charm.
"When in doubt: authoritative servers 'host' DNS data, 'resolvers' look up things over at authoritative servers and clients run 'stub resolvers' to look things up over at resolvers."
What about programs run by clients that look things up over at authoritative servers? (Programs that do not look things up over at resolvers.)
"Zone files are one way of storing DNS data, but these are not integral to the operation of a nameserver. The zone file format is standardized, but it is highly non-trivial to parse.
...
Of specific note, many people have attempted to write a grammar (parser) for zonefiles and it is almost impossible."
I am guessing this statement is only referring to "BIND" zone file format.
I wonder how that could be a desirable or even acceptable state of affairs: having a "standardized" format that is "almost impossible" to parse.
The author suggests zone files are "not integral" to operation of a nameserver.
If zonefiles are optional does that also leave the programmer the option to use a zonefile format of their own choosing?
IME, parsing a tinydns zonefile is not difficult at all, because the author did not use the "standardized" BIND zonefile format.
> Of specific note, many people have attempted to write a grammar (parser) for zonefiles and it is almost impossible.
I had to build a DNS zone file parser +3 years ago for the web application firewall that I was building for my employer. I have to agree that I had a lot of problems implementing the different formats but ultimately — implementing the most common ones — succeeded. The project later became the CDN of one of the biggest hosting providers in the US, and as far as I know, there hasn't been any problems with the configuration files.
BIND zone files are (for the most part) very straightforward.
It seems to be a straightforward format for expressing tabular data using whitespace. I'm pretty sure that it was designed to be parsed using hand-written code iterating over an array of characters. Most formats that were defined by their implementation using a hand-written parser tend to be difficult to force into a grammar-based paradigm, because context-sensitivity is much easier to introduce when you write the parser yourself.
C is similarly difficult to parse with a grammar, since pointer declarations like char * ptr and multiplications like x * y are only distinguishable using context about the available types.
> What about programs run by clients that look things up over at authoritative servers?
Aside from the utilities like dig, I call those “resolvers” too. Doesn’t matter if they’re client-specific. The term still fits, it describes what the code is doing.
You seem to be trying to classify DNS clients by what they do mechanically. But that isn't the case. DNS software is classified according to its role and expected capabilities. There's a relationship between role and action, but it's the former that matters much more when it comes to naming of parts.
Rather than looking at Wikipedia I suggest consulting RFC 7719 "DNS Terminology", https://tools.ietf.org/html/rfc7719 where you will find that your program is simply called a "resolver": "A program that extract[s] information from name servers in response to client requests."
That RFC further describes some specific classes of resolver, but dig is most definitely not a "stub resolver" because these are characterised by what they cannot do, whilst dig is a swiss-army knife utility that can do a great deal - which merely happens to include, amongst other things, sending the same queries that a stub resolver might send.
In terms of implementation details, your specific description: "programs that send only non-recursive queries and only send them to authoritative nameservers" describes the principal activity of the resolver side of most implementations of a full-service resolver. However if you read that RFC you'll see that it equivocates about the implementation details of full-service resolvers in general, because in classification the role and outcome matters more than the action.
I think you are asking too much out of this classification. The classification is useful to look at DNS from a "user" perspective, not from a "dns troubleshooter" perspective.
Tools like dig, zonemaster [1], etc. are out of the classification's scope. Oftentimes they can do everything DNS and hence fit none and all of the categories. I would call those "DNS powertools" or something like that.
PowerDNS was the only DNS server at the time to use a relational database, and they supported several, including Oracle, which is what won me over. I embarked on an epic journey to make PowerDNS a first class citizen on Solaris 10. It took me five years, but boy did it pay off with massive dividends in stability and scalability!
PowerDNS isn't a perfect piece of software though: it has two major weaknesses, first that it is written in C++ as opposed to C and that made it a bitch to port to Solaris, and second that it depends on Boost, which is also a massive, bloated C++ monster which is a nightmare to get to build on any platform, let alone Solaris.
However, the software itself is a damn good DNS server, resistant to most attacks and constantly improving having had loving care from its user community, some which could be core PowerDNS developers in their own right. Finally it bears writing that the owners of PowerDNS are some of the kindest, sweetest guys one ever had the pleasure of working with, and they are open to considering suggestions and accepting contributions in patches and features. They were an absolute blast to work with over the years and could serve as poster children on how open source collaboration could work and make money off of at the same time.