PowerDNS 4.0.3

Uptime: 13.5 months
Queries/second, 1, 5, 10 minute averages: 0.332, 0.298, 0.312. Max queries/second: 64.5
Cache hitrate, 1, 5, 10 minute averages: 39.4%, 17.9%, 15.7%
Backend query cache hitrate, 1, 5, 10 minute averages: 39.3%, 41.4%, 42.5%
Backend query load, 1, 5, 10 minute averages: 0.423, 0.606, 0.662. Max queries/second: 56.3
Total queries: 34106555. Question/answer latency: 11ms


Reset

Log Messages

Showing: Top 10 of 30 Resize: 10 100 500 1000 (10000) 500000
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'urkass.ninja.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'pinnacleholdingltd.com.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'minnie.se.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'jpconsulting.se.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of '27.67.195.in-addr.arpa.' produced no results (RCode: Query Refused)4995.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'custodianlife.com.' produced no results (RCode: Query Refused)4985.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'xn--hranalys-9za.se.' produced no results (RCode: Query Refused)4985.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'texpress.se.' produced no results (RCode: Query Refused)4985.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'nutritech.se.' produced no results (RCode: Query Refused)4985.0%
While checking domain freshness: Query to '195.67.27.100:53' for SOA of 'nutri-tech.nu.' produced no results (RCode: Query Refused)4985.0%
Rest:501550.1%
Total:10000100%
Reset

Queries for existing records, but for type we don't have

Showing: Top 10 of 0 Resize: 10 100 500 (1000) 10000 500000
Total:0100%
Reset

Queries for non-existent records within existent domains

Showing: Top 10 of 104 Resize: 10 100 500 1000 10000 (500000)
msoid.lhl.se/AAAA64.7%
msoid.lhl.se/A53.9%
m.gcbilverkstad.se/A43.1%
m.gcbilverkstad.se/AAAA32.3%
vxlqswm.aoeu.info/A32.3%
msoid.gisab.se/AAAA32.3%
_mta-sts.gotecarlsson.se/TXT21.6%
_dmarc.lhl.se/TXT21.6%
_dmarc.lhl.se/NS21.6%
u003etestar.aoeu.info/A21.6%
Rest:9775.2%
Total:129100%
Reset

UDP Queries Received

Showing: Top 10 of 3117 Resize: 10 100 500 1000 (10000) 500000
ns1.aoeu.info/A5625.6%
ns2.aoeu.info/A5585.6%
office.aoeu.info/A4744.7%
ns2.aoeu.info/AAAA3683.7%
www.ford-training.se/A1992.0%
www.ford-training.se/AAAA1941.9%
ns1.aoeu.info/AAAA1841.8%
ext2.aoeu.io/A1481.5%
course.ford.lhl.se/A1151.1%
course.ford.lhl.se/AAAA1151.1%
Rest:708370.8%
Total:10000100%
Reset

Queries that could not be answered due to backend errors

Showing: Top 10 of 0 Resize: 10 100 500 1000 (10000) 500000
Total:0100%
Reset

Queries for domains that we are not authoritative for

Showing: Top 10 of 402 Resize: 10 100 500 (1000) 10000 500000
www.grundingen.se/A11411.4%
grundingen.se/A525.2%
activeallocationfund.se/A505.0%
grundingen.se/NS363.6%
www.activeallocationfund.se/AAAA242.4%
activeallocationfund.se/NS212.1%
activeallocationfund.se/MX212.1%
activeallocationfund.se/DNSKEY191.9%
www.grundingen.se/AAAA191.9%
grundingen.se/DNSKEY181.8%
Rest:62662.6%
Total:1000100%
Reset

Remote server IP addresses

Showing: Top 10 of 47 Resize: 10 (100) 500 1000 10000 500000
195.67.27.1001717.0%
212.116.75.1466.0%
104.23.177.1355.0%
145.102.6.11455.0%
172.71.83.7055.0%
157.230.188.844.0%
17.132.66.13044.0%
51.178.111.23444.0%
45.148.10.8144.0%
68.183.95.13433.0%
Rest:4343.0%
Total:100100%
Reset

Remote hosts sending corrupt packets

Showing: Top 10 of 4 Resize: 10 100 500 1000 10000 (500000)
45.148.10.81212699.9%
42.83.147.3510.0%
167.71.2.7810.0%
20.64.105.17410.0%
Total:2129100%
Reset

Remote hosts querying domains for which we are not auth

Showing: Top 10 of 196 Resize: 10 100 500 1000 (10000) 500000
185.140.119.164426.4%
93.188.1.114385.8%
185.42.136.8365.5%
145.116.218.1324.9%
93.188.1.115304.6%
5.255.252.217253.8%
141.8.180.27162.5%
83.151.158.196132.0%
104.23.218.16121.8%
67.23.230.25101.5%
Rest:39961.1%
Total:653100%

Variables

corrupt-packets22777Number of corrupt packets received
deferred-cache-inserts1261Amount of cache inserts that were deferred because of maintenance
deferred-cache-lookup1674Amount of cache lookups that were deferred because of maintenance
dnsupdate-answers0DNS update packets successfully answered.
dnsupdate-changes0DNS update changes to records in total.
dnsupdate-queries5DNS update packets received.
dnsupdate-refused5DNS update packets that are refused.
incoming-notifications823NOTIFY packets received.
overload-drops0Queries dropped because backends overloaded
packetcache-hit24050847
packetcache-miss10082201
packetcache-size358
query-cache-hit15732713Number of hits on the query cache
query-cache-miss31065089Number of misses on the query cache
rd-queries1302467Number of recursion desired questions
recursing-answers0Number of recursive answers sent out
recursing-questions0Number of questions sent to recursor
recursion-unanswered0Number of packets unanswered by configured recursor
security-status0Security status based on regular polling
servfail-packets2043Number of times a server-failed packet was sent out
signatures0Number of DNSSEC signatures made
tcp-answers46775Number of answers sent out over TCP
tcp-answers-bytes4588585Total size of answers sent out over TCP
tcp-queries47531Number of TCP queries received
tcp4-answers46775Number of IPv4 answers sent out over TCP
tcp4-answers-bytes4588585Total size of answers sent out over TCPv4
tcp4-queries47531Number of IPv4 TCP queries received
tcp6-answers0Number of IPv6 answers sent out over TCP
tcp6-answers-bytes0Total size of answers sent out over TCPv6
tcp6-queries0Number of IPv6 TCP queries received
timedout-packets5953Number of packets which weren't answered within timeout set
udp-answers34095739Number of answers sent out over UDP
udp-answers-bytes3970979935Total size of answers sent out over UDP
udp-do-queries9688013Number of UDP queries received with DO bit
udp-queries34106555Number of UDP queries received
udp4-answers34095739Number of IPv4 answers sent out over UDP
udp4-answers-bytes3970979935Total size of answers sent out over UDPv4
udp4-queries34106555Number of IPv4 UDP queries received
udp6-answers0Number of IPv6 answers sent out over UDP
udp6-answers-bytes0Total size of answers sent out over UDPv6
udp6-queries0Number of IPv6 UDP queries received
fd-usage25Number of open filedescriptors
key-cache-size18Number of entries in the key cache
latency11019Average number of microseconds needed to answer a question
meta-cache-size92Number of entries in the metadata cache
qsize-q0Number of questions waiting for database attention
real-memory-usage14921728Actual unique use of memory in bytes (approx)
signature-cache-size0Number of entries in the signature cache
sys-msec95815672Number of msec spent in system time
udp-in-errors522UDP 'in' errors
udp-noport-errors240489UDP 'noport' errors
udp-recvbuf-errors0UDP 'recvbuf' errors
udp-sndbuf-errors0UDP 'sndbuf' errors
uptime35490752Uptime of process in seconds
user-msec57816064Number of msec spent in user time
Arguments
8bit-dnsnoAllow 8bit dns queries
allow-axfr-ips195.67.27.100Allow zonetransfers only to these subnets
allow-dnsupdate-from127.0.0.0/8,::1A global setting to allow DNS updates from these IP ranges.
allow-notify-from0.0.0.0/0,::/0Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
allow-recursion127.0.0.1List of subnets that are allowed to recurse
allow-unsigned-notifyyesAllow unsigned notifications for TSIG secured domains
allow-unsigned-supermasteryesAllow supermasters to create zones without TSIG signed NOTIFY
also-notifyWhen notifying a domain, also notify these nameservers
any-to-tcpyesAnswer ANY queries with tc=1, shunting to TCP
apinoEnable/disable the REST API
api-keyStatic pre-shared authentication key for access to the REST API
api-logfile/var/log/pdns.logLocation of the server logfile (used by the REST API)
api-readonlynoDisallow data modification through the REST API when set
cache-ttl20Seconds to store packets in the PacketCache
carbon-interval30Number of seconds between carbon (graphite) updates
carbon-ournameIf set, overrides our reported hostname for carbon stats
carbon-serverIf set, send metrics in carbon (graphite) format to this server
chrootIf set, chroot to this directory for more security
confignoProvide configuration file on standard output
config-dir/etc/powerdnsLocation of configuration directory (pdns.conf)
config-nameName of this virtual configuration - will rename the binary image
control-consolenoDebugging switch - don't use
daemonnoOperate as a daemon
default-ksk-algorithmsecdsa256Default KSK algorithms
default-ksk-size0Default KSK size (0 means default)
default-soa-editDefault SOA-EDIT value
default-soa-edit-signedDefault SOA-EDIT value for signed zones
default-soa-mailmail address to insert in the SOA record if none set in the backend
default-soa-namea.misconfigured.powerdns.servername to insert in the SOA record if none set in the backend
default-ttl3600Seconds a result is valid if not set otherwise
default-zsk-algorithmsDefault ZSK algorithms
default-zsk-size0Default ZSK size (0 means default)
direct-dnskeynoFetch DNSKEY RRs from backend during DNSKEY synthesis
disable-axfryesDisable zonetransfers but do allow TCP queries
disable-axfr-rectifynoDisable the rectify step during an outgoing AXFR. Only required for regression testing.
disable-syslogDisable logging to syslog, useful when running inside a supervisor that logs stdout
disable-tcpnoDo not listen to TCP queries
distributor-threads3Default number of Distributor (backend) threads to start
dname-processingnoIf we should support DNAME records
dnssec-key-cache-ttl30Seconds to cache DNSSEC keys from the database
dnsupdatenoEnable/Disable DNS update (RFC2136) support. Default is no.
do-ipv6-additional-processingyesDo AAAA additional processing
domain-metadata-cache-ttl60Seconds to cache domain metadata from the database
edns-subnet-processingnoIf we should act on EDNS Subnet options
entropy-source/dev/urandomIf set, read entropy from this file
experimental-lua-policy-scriptLua script for the policy engine
forward-dnsupdateyesA global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
gmysql-activate-domain-key-queryupdate cryptokeys set active=1 where domain_id=(select id from domains where name=?) and cryptokeys.id=?
gmysql-add-domain-key-queryinsert into cryptokeys (domain_id, flags, active, content) select id, ?, ?, ? from domains where name=?
gmysql-any-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name=? and domain_id=?Any with ID query
gmysql-any-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name=?Any query
gmysql-basic-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type=? and name=?Basic query
gmysql-clear-domain-all-keys-querydelete from cryptokeys where domain_id=(select id from domains where name=?)
gmysql-clear-domain-all-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name=?)
gmysql-clear-domain-metadata-querydelete from domainmetadata where domain_id=(select id from domains where name=?) and domainmetadata.kind=?
gmysql-dbnamepdnsPdns backend database name to connect to
gmysql-deactivate-domain-key-queryupdate cryptokeys set active=0 where domain_id=(select id from domains where name=?) and cryptokeys.id=?
gmysql-delete-comment-rrset-queryDELETE FROM comments WHERE domain_id=? AND name=? AND type=?
gmysql-delete-comments-queryDELETE FROM comments WHERE domain_id=?
gmysql-delete-domain-querydelete from domains where name=?
gmysql-delete-empty-non-terminal-querydelete from records where domain_id=? and name=? and type is nulldelete empty non-terminal from zone
gmysql-delete-names-querydelete from records where domain_id=? and name=?
gmysql-delete-rrset-querydelete from records where domain_id=? and name=? and type=?
gmysql-delete-tsig-key-querydelete from tsigkeys where name=?
gmysql-delete-zone-querydelete from records where domain_id=?
gmysql-dnssecnoEnable DNSSEC processing
gmysql-get-all-domain-metadata-queryselect kind,content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name=?
gmysql-get-all-domains-queryselect domains.id, domains.name, records.content, domains.type, domains.master, domains.notified_serial, domains.last_check, domains.account from domains LEFT JOIN records ON records.domain_id=domains.id AND records.type='SOA' AND records.name=domains.name WHERE records.disabled=0 OR ?Retrieve all domains
gmysql-get-domain-metadata-queryselect content from domains, domainmetadata where domainmetadata.domain_id=domains.id and name=? and domainmetadata.kind=?
gmysql-get-order-after-queryselect ordername from records where ordername > ? and domain_id=? and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, after
gmysql-get-order-before-queryselect ordername, name from records where ordername <= ? and domain_id=? and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, before
gmysql-get-order-first-queryselect ordername from records where domain_id=? and disabled=0 and ordername is not null order by 1 asc limit 1DNSSEC Ordering Query, first
gmysql-get-order-last-queryselect ordername, name from records where ordername != '' and domain_id=? and disabled=0 and ordername is not null order by 1 desc limit 1DNSSEC Ordering Query, last
gmysql-get-tsig-key-queryselect algorithm, secret from tsigkeys where name=?
gmysql-get-tsig-keys-queryselect name,algorithm, secret from tsigkeys
gmysql-groupclientPdns backend MySQL 'group' to connect as
gmysql-hostlocalhostDatabase backend host to connect to
gmysql-id-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type=? and name=? and domain_id=?Basic with ID query
gmysql-info-all-master-queryselect id,name,master,last_check,notified_serial,type from domains where type='MASTER'
gmysql-info-all-slaves-queryselect id,name,master,last_check from domains where type='SLAVE'
gmysql-info-zone-queryselect id,name,master,last_check,notified_serial,type,account from domains where name=?
gmysql-innodb-read-committedyesUse InnoDB READ-COMMITTED transaction isolation level
gmysql-insert-comment-queryINSERT INTO comments (domain_id, name, type, modified_at, account, comment) VALUES (?, ?, ?, ?, ?, ?)
gmysql-insert-empty-non-terminal-order-queryinsert into records (type,domain_id,disabled,name,ordername,auth,change_date,content,ttl,prio) values (null,?,0,?,?,?,NULL,NULL,NULL,NULL)insert empty non-terminal in zone
gmysql-insert-record-queryinsert into records (content,ttl,prio,type,domain_id,disabled,name,ordername,auth,change_date) values (?,?,?,?,?,?,?,?,?,NULL)
gmysql-insert-zone-queryinsert into domains (type,name,master,account,last_check,notified_serial) values(?,?,?,?,NULL,NULL)
gmysql-list-comments-querySELECT domain_id,name,type,modified_at,account,comment FROM comments WHERE domain_id=?
gmysql-list-domain-keys-queryselect cryptokeys.id, flags, active, content from domains, cryptokeys where cryptokeys.domain_id=domains.id and name=?
gmysql-list-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE (disabled=0 OR ?) and domain_id=? order by name, typeAXFR query
gmysql-list-subzone-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and (name=? OR name like ?) and domain_id=?Subzone listing
gmysql-master-zone-queryselect master from domains where name=? and type='SLAVE'Data
gmysql-nullify-ordername-and-update-auth-queryupdate records set ordername=NULL,auth=? where domain_id=? and name=? and disabled=0DNSSEC nullify ordername and update auth for a qname query
gmysql-nullify-ordername-and-update-auth-type-queryupdate records set ordername=NULL,auth=? where domain_id=? and name=? and type=? and disabled=0DNSSEC nullify ordername and update auth for a rrset query
gmysql-passwords1lv3rpENGU!nPdns backend password to connect with
gmysql-port3306Database backend port to connect to
gmysql-remove-domain-key-querydelete from cryptokeys where domain_id=(select id from domains where name=?) and cryptokeys.id=?
gmysql-remove-empty-non-terminals-from-zone-querydelete from records where domain_id=? and type is nullremove all empty non-terminals from zone
gmysql-search-comments-querySELECT domain_id,name,type,modified_at,account,comment FROM comments WHERE name LIKE ? OR comment LIKE ? LIMIT ?
gmysql-search-records-querySELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE name LIKE ? OR content LIKE ? LIMIT ?
gmysql-set-domain-metadata-queryinsert into domainmetadata (domain_id, kind, content) select id, ?, ? from domains where name=?
gmysql-set-tsig-key-queryreplace into tsigkeys (name,algorithm,secret) values(?,?,?)
gmysql-socketPdns backend socket to connect to
gmysql-supermaster-name-to-ipsselect ip,account from supermasters where nameserver=? and account=?
gmysql-supermaster-queryselect account from supermasters where ip=? and nameserver=?
gmysql-timeout10The timeout in seconds for each attempt to read/write to the server
gmysql-update-account-queryupdate domains set account=? where name=?
gmysql-update-kind-queryupdate domains set type=? where name=?
gmysql-update-lastcheck-queryupdate domains set last_check=? where id=?
gmysql-update-master-queryupdate domains set master=? where name=?
gmysql-update-ordername-and-auth-queryupdate records set ordername=?,auth=? where domain_id=? and name=? and disabled=0DNSSEC update ordername and auth for a qname query
gmysql-update-ordername-and-auth-type-queryupdate records set ordername=?,auth=? where domain_id=? and name=? and type=? and disabled=0DNSSEC update ordername and auth for a rrset query
gmysql-update-serial-queryupdate domains set notified_serial=? where id=?
gmysql-userpdnsDatabase backend user to connect as
gmysql-zone-lastchange-queryselect max(change_date) from records where domain_id=?
guardiannoRun within a guardian process
helpnoProvide a helpful message
include-dir/etc/powerdns/pdns.dInclude *.conf files from this directory
launchgmysqlWhich backends to launch and order to query them in
list-modulesnoLists all modules available
load-modulesLoad this module - supply absolute or relative path
local-address0.0.0.0Local IP addresses to which we bind
local-address-nonexist-failyesFail to start if one or more of the local-address's do not exist on this server
local-ipv6::Local IP address to which we bind
local-ipv6-nonexist-failyesFail to start if one or more of the local-ipv6 addresses do not exist on this server
local-port53The port on which we listen
log-dns-detailsnoIf PDNS should log DNS non-erroneous details
log-dns-queriesnoIf PDNS should log all incoming DNS queries
logging-facilityLog under a specific facility
loglevel4Amount of logging. Higher is more. Do not set below 3
lua-prequery-scriptLua script with prequery handler (DO NOT USE)
masternoAct as a master
max-cache-entries1000000Maximum number of cache entries
max-ent-entries100000Maximum number of empty non-terminals in a zone
max-nsec3-iterations500Limit the number of NSEC3 hash iterations
max-queue-length5000Maximum queuelength before considering situation lost
max-signature-cache-entriesMaximum number of signatures cache entries
max-tcp-connections20Maximum number of TCP connections
module-dir/usr/lib/i386-linux-gnu/pdnsDefault directory for modules
negquery-cache-ttl60Seconds to store negative query results in the QueryCache
no-confignoDon't parse configuration file
no-shuffleoffSet this to prevent random shuffling of answers - for regression testing
non-local-bindnoEnable binding to non-local addresses by using FREEBIND / BINDANY socket options
only-notify0.0.0.0/0,::/0Only send AXFR NOTIFY to these IP addresses or netmasks
out-of-zone-additional-processingyesDo out of zone additional processing
outgoing-axfr-expand-aliasnoExpand ALIAS records during outgoing AXFR
overload-queue-length0Maximum queuelength moving to packetcache only
prevent-self-notificationyesDon't send notifications to what we think is ourself
query-cache-ttl20Seconds to store query results in the QueryCache
query-local-address0.0.0.0Source IP address for sending queries
query-local-address6::Source IPv6 address for sending queries
query-loggingnoHint backends that queries should be logged
queue-limit1500Maximum number of milliseconds to queue a query
receiver-threads1Default number of receiver threads to start
recursive-cache-ttl10Seconds to store packets for recursive queries in the PacketCache
recursornoIf recursion is desired, IP address of a recursing nameserver
retrieval-threads2Number of AXFR-retrieval threads for slave operation
reuseportnoEnable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
security-poll-suffixsecpoll.powerdns.com.Domain name from which to query security update notifications
server-idaoeuReturned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
setgidpdnsIf set, change group id to this gid for more security
setuidpdnsIf set, change user id to this uid for more security
signing-threads3Default number of signer threads to start
slaveyesAct as a slave
slave-cycle-interval60Schedule slave freshness checks once every .. seconds
slave-renotifynoIf we should send out notifications for slaved updates
soa-expire-default604800Default SOA expire
soa-minimum-ttl3600Default SOA minimum ttl
soa-refresh-default10800Default SOA refresh
soa-retry-default3600Default SOA retry
socket-dir/var/runWhere the controlsocket will live, /var/run when unset and not chrooted
tcp-control-addressIf set, PowerDNS can be controlled over TCP on this address
tcp-control-port53000If set, PowerDNS can be controlled over TCP on this address
tcp-control-range127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10If set, remote control of PowerDNS is possible over these networks only
tcp-control-secretIf set, PowerDNS can be controlled over TCP after passing this secret
traceback-handleryesEnable the traceback handler (Linux only)
trusted-notification-proxyIP address of incoming notification proxy
udp-truncation-threshold1680Maximum UDP response size before we truncate
versionnoOutput version and compilation date
version-stringpowerdnsPowerDNS version in packets - full, anonymous, powerdns or custom
webserveryesStart a webserver for monitoring
webserver-address0.0.0.0IP Address of webserver to listen on
webserver-allow-from0.0.0.0/0,::/0Webserver access is only allowed from these subnets
webserver-passwordPassword required for accessing the webserver
webserver-port8081Port of webserver to listen on
webserver-print-argumentsyesIf the webserver should print arguments
write-pidnoWrite a PID file
xfr-max-received-mbytes100Maximum number of megabytes received from an incoming XFR