PowerDNS 4.0.3

Uptime: 13.5 months
Queries/second, 1, 5, 10 minute averages: 0.594, 0.307, 0.268. Max queries/second: 64.5
Cache hitrate, 1, 5, 10 minute averages: 7.5%, 15.0%, 14.4%
Backend query cache hitrate, 1, 5, 10 minute averages: 64.8%, 48.2%, 42.6%
Backend query load, 1, 5, 10 minute averages: 0.917, 0.636, 0.611. Max queries/second: 56.3
Total queries: 34102652. Question/answer latency: 12.4ms


Reset

Log Messages

Showing: Top 10 of 28 Resize: 10 100 500 1000 (10000) 500000
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'urkass.ninja.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'pinnacleholdingltd.com.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'minnie.se.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'jpconsulting.se.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'joolinsurance.se.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of '27.67.195.in-addr.arpa.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'custodianlife.com.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'custodianmobiletrader.com.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'custodianwebtrader.com.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'xn--hranalys-9za.se.' produced no results (RCode: Query Refused)4985.0%
Rest:501150.1%
Total:10000100%
Reset

Queries for existing records, but for type we don't have

Showing: Top 10 of 456 Resize: 10 100 500 (1000) 10000 500000
www.ford-training.se/AAAA727.2%
ns2.aoeu.info/AAAA646.4%
course.ford.lhl.se/AAAA434.3%
ns1.aoeu.info/AAAA404.0%
admin.ford-training.no/AAAA303.0%
admin.dev-se.ford.lhl.se/AAAA282.8%
admin.ford-training.se/AAAA272.7%
admin.dev-no.ford.lhl.se/AAAA252.5%
ext2.aoeu.io/AAAA232.3%
sittingjohn.customer.aoeu.info/AAAA232.3%
Rest:62562.5%
Total:1000100%
Reset

Queries for non-existent records within existent domains

Showing: Top 10 of 6 Resize: 10 100 500 1000 10000 (500000)
m.ford-training.se/A225.0%
msoid.lhl.se/AAAA225.0%
_atproto.ford-training.no/TXT112.5%
_dmarc.ForD-TRaIninG.nO/TXT112.5%
msoid.lhl.se/A112.5%
smtP.Aoeu.inFo/A112.5%
Total:8100%
Reset

UDP Queries Received

Showing: Top 10 of 2793 Resize: 10 100 500 1000 (10000) 500000
ns1.aoeu.info/A4955.7%
ns2.aoeu.info/A4455.1%
office.aoeu.info/A3624.2%
ns2.aoeu.info/AAAA2913.4%
www.ford-training.se/A1872.2%
www.ford-training.se/AAAA1782.1%
ns1.aoeu.info/AAAA1311.5%
ext2.aoeu.io/A1211.4%
course.ford.lhl.se/A1111.3%
course.ford.lhl.se/AAAA1111.3%
Rest:622271.9%
Total:8654100%
Reset

Queries that could not be answered due to backend errors

Showing: Top 10 of 0 Resize: 10 100 500 1000 (10000) 500000
Total:0100%
Reset

Queries for domains that we are not authoritative for

Showing: Top 10 of 397 Resize: 10 100 500 (1000) 10000 500000
www.grundingen.se/A949.4%
activeallocationfund.se/A909.0%
grundingen.se/A525.2%
activeallocationfund.se/AAAA444.4%
grundingen.se/NS343.4%
www.activeallocationfund.se/AAAA242.4%
activeallocationfund.se/MX212.1%
activeallocationfund.se/NS212.1%
www.grundingen.se/AAAA191.9%
activeallocationfund.se/DNSKEY181.8%
Rest:58358.3%
Total:1000100%
Reset

Remote server IP addresses

Showing: Top 10 of 35 Resize: 10 (100) 500 1000 10000 500000
145.116.218.13232.0%
195.67.27.1001717.0%
172.71.173.10955.0%
216.31.2.1033.0%
49.12.130.25222.0%
172.69.32.22922.0%
162.158.89.15822.0%
162.158.89.15622.0%
162.158.185.13522.0%
162.158.185.13422.0%
Rest:3131.0%
Total:100100%
Reset

Remote hosts sending corrupt packets

Showing: Top 10 of 4 Resize: 10 100 500 1000 10000 (500000)
45.148.10.81178199.8%
42.83.147.3510.1%
167.71.2.7810.1%
20.64.105.17410.1%
Total:1784100%
Reset

Remote hosts querying domains for which we are not auth

Showing: Top 10 of 142 Resize: 10 100 500 1000 (10000) 500000
185.140.119.164428.0%
185.42.136.8366.9%
145.116.218.1326.1%
93.188.1.114265.0%
93.188.1.115214.0%
141.8.180.27163.0%
83.151.158.196132.5%
104.23.218.16122.3%
192.178.93.152101.9%
67.23.230.25101.9%
Rest:30758.5%
Total:525100%

Variables

corrupt-packets22432Number of corrupt packets received
deferred-cache-inserts1260Amount of cache inserts that were deferred because of maintenance
deferred-cache-lookup1674Amount of cache lookups that were deferred because of maintenance
dnsupdate-answers0DNS update packets successfully answered.
dnsupdate-changes0DNS update changes to records in total.
dnsupdate-queries5DNS update packets received.
dnsupdate-refused5DNS update packets that are refused.
incoming-notifications823NOTIFY packets received.
overload-drops0Queries dropped because backends overloaded
packetcache-hit24050142
packetcache-miss10078976
packetcache-size322
query-cache-hit15727025Number of hits on the query cache
query-cache-miss31056192Number of misses on the query cache
rd-queries1302260Number of recursion desired questions
recursing-answers0Number of recursive answers sent out
recursing-questions0Number of questions sent to recursor
recursion-unanswered0Number of packets unanswered by configured recursor
security-status0Security status based on regular polling
servfail-packets2020Number of times a server-failed packet was sent out
signatures0Number of DNSSEC signatures made
tcp-answers46746Number of answers sent out over TCP
tcp-answers-bytes4585708Total size of answers sent out over TCP
tcp-queries47502Number of TCP queries received
tcp4-answers46746Number of IPv4 answers sent out over TCP
tcp4-answers-bytes4585708Total size of answers sent out over TCPv4
tcp4-queries47502Number of IPv4 TCP queries received
tcp6-answers0Number of IPv6 answers sent out over TCP
tcp6-answers-bytes0Total size of answers sent out over TCPv6
tcp6-queries0Number of IPv6 TCP queries received
timedout-packets5953Number of packets which weren't answered within timeout set
udp-answers34091836Number of answers sent out over UDP
udp-answers-bytes3970658662Total size of answers sent out over UDP
udp-do-queries9684910Number of UDP queries received with DO bit
udp-queries34102652Number of UDP queries received
udp4-answers34091836Number of IPv4 answers sent out over UDP
udp4-answers-bytes3970658662Total size of answers sent out over UDPv4
udp4-queries34102652Number of IPv4 UDP queries received
udp6-answers0Number of IPv6 answers sent out over UDP
udp6-answers-bytes0Total size of answers sent out over UDPv6
udp6-queries0Number of IPv6 UDP queries received
fd-usage25Number of open filedescriptors
key-cache-size18Number of entries in the key cache
latency12360Average number of microseconds needed to answer a question
meta-cache-size92Number of entries in the metadata cache
qsize-q0Number of questions waiting for database attention
real-memory-usage14901248Actual unique use of memory in bytes (approx)
signature-cache-size0Number of entries in the signature cache
sys-msec95784816Number of msec spent in system time
udp-in-errors522UDP 'in' errors
udp-noport-errors240390UDP 'noport' errors
udp-recvbuf-errors0UDP 'recvbuf' errors
udp-sndbuf-errors0UDP 'sndbuf' errors
uptime35477375Uptime of process in seconds
user-msec57797392Number of msec spent in user time
Arguments
8bit-dnsnoAllow 8bit dns queries
allow-axfr-ips195.67.27.100Allow zonetransfers only to these subnets
allow-dnsupdate-from127.0.0.0/8,::1A global setting to allow DNS updates from these IP ranges.
allow-notify-from0.0.0.0/0,::/0Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
allow-recursion127.0.0.1List of subnets that are allowed to recurse
allow-unsigned-notifyyesAllow unsigned notifications for TSIG secured domains
allow-unsigned-supermasteryesAllow supermasters to create zones without TSIG signed NOTIFY
also-notifyWhen notifying a domain, also notify these nameservers
any-to-tcpyesAnswer ANY queries with tc=1, shunting to TCP
apinoEnable/disable the REST API
api-keyStatic pre-shared authentication key for access to the REST API
api-logfile/var/log/pdns.logLocation of the server logfile (used by the REST API)
api-readonlynoDisallow data modification through the REST API when set
cache-ttl20Seconds to store packets in the PacketCache
carbon-interval30Number of seconds between carbon (graphite) updates
carbon-ournameIf set, overrides our reported hostname for carbon stats
carbon-serverIf set, send metrics in carbon (graphite) format to this server
chrootIf set, chroot to this directory for more security
confignoProvide configuration file on standard output
config-dir/etc/powerdnsLocation of configuration directory (pdns.conf)
config-nameName of this virtual configuration - will rename the binary image
control-consolenoDebugging switch - don't use
daemonnoOperate as a daemon
default-ksk-algorithmsecdsa256Default KSK algorithms
default-ksk-size0Default KSK size (0 means default)
default-soa-editDefault SOA-EDIT value
default-soa-edit-signedDefault SOA-EDIT value for signed zones
default-soa-mailmail address to insert in the SOA record if none set in the backend
default-soa-namea.misconfigured.powerdns.servername to insert in the SOA record if none set in the backend
default-ttl3600Seconds a result is valid if not set otherwise
default-zsk-algorithmsDefault ZSK algorithms
default-zsk-size0Default ZSK size (0 means default)
direct-dnskeynoFetch DNSKEY RRs from backend during DNSKEY synthesis
disable-axfryesDisable zonetransfers but do allow TCP queries
disable-axfr-rectifynoDisable the rectify step during an outgoing AXFR. Only required for regression testing.
disable-syslogDisable logging to syslog, useful when running inside a supervisor that logs stdout
disable-tcpnoDo not listen to TCP queries
distributor-threads3Default number of Distributor (backend) threads to start
dname-processingnoIf we should support DNAME records
dnssec-key-cache-ttl30Seconds to cache DNSSEC keys from the database
dnsupdatenoEnable/Disable DNS update (RFC2136) support. Default is no.
do-ipv6-additional-processingyesDo AAAA additional processing
domain-metadata-cache-ttl60Seconds to cache domain metadata from the database
edns-subnet-processingnoIf we should act on EDNS Subnet options
entropy-source/dev/urandomIf set, read entropy from this file
experimental-lua-policy-scriptLua script for the policy engine
forward-dnsupdateyesA global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
gmysql-activate-domain-key-queryupdate cryptokeys set active=1 where domain_id=(select id from domains where name=?) and cryptokeys.id=?
gmysql-add-domain-key-queryinsert into cryptokeys (domain_id, flags, active, content) select id, ?, ?, ? from domains where name=?
gmysql-any-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name=? and domain_id=?Any with ID query
gmysql-any-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name=?Any query
gmysql-basic-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type=? and name=?Basic query
gmysql-clear-domain-all-keys-querydelete from cryptokeys where domain_id=(select id from domains where name=?)
gmysql-clear-domain-all-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name=?)
gmysql-clear-domain-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name=?) and domainmetadata.kind=?
gmysql-dbnamepdnsPdns backend database name to connect to
gmysql-deactivate-domain-key-queryupdate cryptokeys set active=0 where domain_id=(select id from domains where name=?) and cryptokeys.id=?
gmysql-delete-comment-rrset-queryDELETE FROM comments WHERE domain_id=? AND name=? AND type=?
gmysql-delete-comments-queryDELETE FROM comments WHERE domain_id=?
gmysql-delete-domain-querydelete from domains where name=?
gmysql-delete-empty-non-terminal-querydelete from records where domain_id=? and name=? and type is nulldelete empty non-terminal from zone
gmysql-delete-names-querydelete from records where domain_id=? and name=?
gmysql-delete-rrset-querydelete from records where domain_id=? and name=? and type=?
gmysql-delete-tsig-key-querydelete from tsigkeys where name=?
gmysql-delete-zone-querydelete from records where domain_id=?
gmysql-dnssecnoEnable DNSSEC processing
gmysql-get-all-domain-metadata-queryselect kind,content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name=?
gmysql-get-all-domains-queryselect domains.id, domains.name, records.content, domains.type, domains.master, domains.notified_serial, domains.last_check, domains.account from domains LEFT JOIN records ON records.domain_id=domains.id AND records.type='SOA' AND records.name=domains.name WHERE records.disabled=0 OR ?Retrieve all domains
gmysql-get-domain-metadata-queryselect content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name=? and domainmetadata.kind=?
gmysql-get-order-after-queryselect ordername from records where ordername > ? and domain_id=? and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, after
gmysql-get-order-before-queryselect ordername, name from records where ordername <= ? and domain_id=? and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, before
gmysql-get-order-first-queryselect ordername from records where domain_id=? and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, first
gmysql-get-order-last-queryselect ordername, name from records where ordername != '' and domain_id=? and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, last
gmysql-get-tsig-key-queryselect algorithm, secret from tsigkeys where name=?
gmysql-get-tsig-keys-queryselect name,algorithm, secret from tsigkeys
gmysql-groupclientPdns backend MySQL 'group' to connect as
gmysql-hostlocalhostDatabase backend host to connect to
gmysql-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type=? and name=? and domain_id=?Basic with ID query
gmysql-info-all-master-queryselect id,name,master,last_check,notified_serial,type from domains where type='MASTER'
gmysql-info-all-slaves-queryselect id,name,master,last_check from domains where type='SLAVE'
gmysql-info-zone-queryselect id,name,master,last_check,notified_serial,type,account from domains where name=?
gmysql-innodb-read-committedyesUse InnoDB READ-COMMITTED transaction isolation level
gmysql-insert-comment-queryINSERT INTO comments (domain_id, name, type, modified_at, account, comment) VALUES (?, ?, ?, ?, ?, ?)
gmysql-insert-empty-non-terminal-order-queryinsert into records (type,domain_id,disabled,name,ordername,auth,change_date,content,ttl,prio) values (null,?,0,?,?,?,NULL,NULL,NULL,NULL)insert empty non-terminal in zone
gmysql-insert-record-queryinsert into records (content,ttl,prio,type,domain_id,disabled,name,ordername,auth,change_date) values (?,?,?,?,?,?,?,?,?,NULL)
gmysql-insert-zone-queryinsert into domains (type,name,master,account,last_check,notified_serial) values(?,?,?,?,NULL,NULL)
gmysql-list-comments-querySELECT domain_id,name,type,modified_at,account,comment FROM comments WHERE domain_id=?
gmysql-list-domain-keys-queryselect cryptokeys.id, flags, active, content from domains, cryptokeys where cryptokeys.domain_id=domains.id and name=?
gmysql-list-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE (disabled=0 OR ?) and domain_id=? order by name, typeAXFR query
gmysql-list-subzone-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and (name=? OR name like ?) and domain_id=?Subzone listing
gmysql-master-zone-queryselect master from domains where name=? and type='SLAVE'Data
gmysql-nullify-ordername-and-update-auth-queryupdate records set ordername=NULL,auth=? where domain_id=? and name=? and disabled=0DNSSEC nullify ordername and update auth for a qname query
gmysql-nullify-ordername-and-update-auth-type-queryupdate records set ordername=NULL,auth=? where domain_id=? and name=? and type=? and disabled=0DNSSEC nullify ordername and update auth for a rrset query
gmysql-passwords1lv3rpENGU!nPdns backend password to connect with
gmysql-port3306Database backend port to connect to
gmysql-remove-domain-key-querydelete from cryptokeys where domain_id=(select id from domains where name=?) and cryptokeys.id=?
gmysql-remove-empty-non-terminals-from-zone-querydelete from records where domain_id=? and type is nullremove all empty non-terminals from zone
gmysql-search-comments-querySELECT domain_id,name,type,modified_at,account,comment FROM comments WHERE name LIKE ? OR comment LIKE ? LIMIT ?
gmysql-search-records-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE name LIKE ? OR content LIKE ? LIMIT ?
gmysql-set-domain-metadata-queryinsert into domainmetadata (domain_id, kind, content) select id, ?, ? from domains where name=?
gmysql-set-tsig-key-queryreplace into tsigkeys (name,algorithm,secret) values(?,?,?)
gmysql-socketPdns backend socket to connect to
gmysql-supermaster-name-to-ipsselect ip,account from supermasters where nameserver=? and account=?
gmysql-supermaster-queryselect account from supermasters where ip=? and nameserver=?
gmysql-timeout10The timeout in seconds for each attempt to read/write to the server
gmysql-update-account-queryupdate domains set account=? where name=?
gmysql-update-kind-queryupdate domains set type=? where name=?
gmysql-update-lastcheck-queryupdate domains set last_check=? where id=?
gmysql-update-master-queryupdate domains set master=? where name=?
gmysql-update-ordername-and-auth-queryupdate records set ordername=?,auth=? where domain_id=? and name=? and disabled=0DNSSEC update ordername and auth for a qname query
gmysql-update-ordername-and-auth-type-queryupdate records set ordername=?,auth=? where domain_id=? and name=? and type=? and disabled=0DNSSEC update ordername and auth for a rrset query
gmysql-update-serial-queryupdate domains set notified_serial=? where id=?
gmysql-userpdnsDatabase backend user to connect as
gmysql-zone-lastchange-queryselect max(change_date) from records where domain_id=?
guardiannoRun within a guardian process
helpnoProvide a helpful message
include-dir/etc/powerdns/pdns.dInclude *.conf files from this directory
launchgmysqlWhich backends to launch and order to query them in
list-modulesnoLists all modules available
load-modulesLoad this module - supply absolute or relative path
local-address0.0.0.0Local IP addresses to which we bind
local-address-nonexist-failyesFail to start if one or more of the local-address's do not exist on this server
local-ipv6::Local IP address to which we bind
local-ipv6-nonexist-failyesFail to start if one or more of the local-ipv6 addresses do not exist on this server
local-port53The port on which we listen
log-dns-detailsnoIf PDNS should log DNS non-erroneous details
log-dns-queriesnoIf PDNS should log all incoming DNS queries
logging-facilityLog under a specific facility
loglevel4Amount of logging. Higher is more. Do not set below 3
lua-prequery-scriptLua script with prequery handler (DO NOT USE)
masternoAct as a master
max-cache-entries1000000Maximum number of cache entries
max-ent-entries100000Maximum number of empty non-terminals in a zone
max-nsec3-iterations500Limit the number of NSEC3 hash iterations
max-queue-length5000Maximum queuelength before considering situation lost
max-signature-cache-entriesMaximum number of signatures cache entries
max-tcp-connections20Maximum number of TCP connections
module-dir/usr/lib/i386-linux-gnu/pdnsDefault directory for modules
negquery-cache-ttl60Seconds to store negative query results in the QueryCache
no-confignoDon't parse configuration file
no-shuffleoffSet this to prevent random shuffling of answers - for regression testing
non-local-bindnoEnable binding to non-local addresses by using FREEBIND / BINDANY socket options
only-notify0.0.0.0/0,::/0Only send AXFR NOTIFY to these IP addresses or netmasks
out-of-zone-additional-processingyesDo out of zone additional processing
outgoing-axfr-expand-aliasnoExpand ALIAS records during outgoing AXFR
overload-queue-length0Maximum queuelength moving to packetcache only
prevent-self-notificationyesDon't send notifications to what we think is ourself
query-cache-ttl20Seconds to store query results in the QueryCache
query-local-address0.0.0.0Source IP address for sending queries
query-local-address6::Source IPv6 address for sending queries
query-loggingnoHint backends that queries should be logged
queue-limit1500Maximum number of milliseconds to queue a query
receiver-threads1Default number of receiver threads to start
recursive-cache-ttl10Seconds to store packets for recursive queries in the PacketCache
recursornoIf recursion is desired, IP address of a recursing nameserver
retrieval-threads2Number of AXFR-retrieval threads for slave operation
reuseportnoEnable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
security-poll-suffixsecpoll.powerdns.com.Domain name from which to query security update notifications
server-idaoeuReturned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
setgidpdnsIf set, change group id to this gid for more security
setuidpdnsIf set, change user id to this uid for more security
signing-threads3Default number of signer threads to start
slaveyesAct as a slave
slave-cycle-interval60Schedule slave freshness checks once every .. seconds
slave-renotifynoIf we should send out notifications for slaved updates
soa-expire-default604800Default SOA expire
soa-minimum-ttl3600Default SOA minimum ttl
soa-refresh-default10800Default SOA refresh
soa-retry-default3600Default SOA retry
socket-dir/var/runWhere the controlsocket will live, /var/run when unset and not chrooted
tcp-control-addressIf set, PowerDNS can be controlled over TCP on this address
tcp-control-port53000If set, PowerDNS can be controlled over TCP on this address
tcp-control-range127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10If set, remote control of PowerDNS is possible over these networks only
tcp-control-secretIf set, PowerDNS can be controlled over TCP after passing this secret
traceback-handleryesEnable the traceback handler (Linux only)
trusted-notification-proxyIP address of incoming notification proxy
udp-truncation-threshold1680Maximum UDP response size before we truncate
versionnoOutput version and compilation date
version-stringpowerdnsPowerDNS version in packets - full, anonymous, powerdns or custom
webserveryesStart a webserver for monitoring
webserver-address0.0.0.0IP Address of webserver to listen on
webserver-allow-from0.0.0.0/0,::/0Webserver access is only allowed from these subnets
webserver-passwordPassword required for accessing the webserver
webserver-port8081Port of webserver to listen on
webserver-print-argumentsyesIf the webserver should print arguments
write-pidnoWrite a PID file
xfr-max-received-mbytes100Maximum number of megabytes received from an incoming XFR