A set of configurations for DNSdist PowerDNS

This post aims to provide you with a diverse set of configuration examples that you can use to enhance your DNSdist software. Each example can be tested using the following docker guide. Before you begin, consider taking a look at the default configuration provided by PowerDNS.

Administration

• Enabling Web Admin and Console Interfaces

Routing DNS traffic

• Matching qname with regular expressions
• Tagging traffic and applying specified rules:

DNS Security

• Blocking Ads/Malwares with external CDB database
• Blocking DNS tunneling
• Blackholing and Spoofing domains with external files
• Blacklist IP addresses with DNS UPDATE control and dynamic blocking duration
• Blacklist IP during XX seconds, the list of IPs is managed with DNS notify and TTL for duration
• List of temporarily blocked domains, the list is managed with DNS notify
• Spoofing DNS Responses for various Qtypes

Logging DNS traffic

• Set up remote DNS logging using the DNSTAP protocol
• Add metadata in DNSTAP messages
• Configure remote DNS logging using the Protobuf protocol

Miscs

• Full configuration with load balancing on public DNS resolvers
• Flush cache for domain with DNS NOTIFY
• Echo capability of ip address from domain name for development
• Resolve hostname from config