[Pdns-users] PowerDNS in an ISP environment
Hi All, Quick question - is anyone on the list using PDNS in an ISP environment, especially for auth services ? Have prepped PDNS to replace our Bind instances however management have raised concerns over moving away from the industry standard, so have asked for more justification on the change in software. Already have some ideas but some real world use cases would really be the clincher. Have spotted a new names on a couple of things published by Bert, and those of PlusNET but fpdns (yes, a little out of date signatures I acknowledge) seem to suggest no match (could be pdns 3) but mostly Bind. ie: [root@ns1 ~]# fpdns -D plus.net fingerprint (plus.net, 195.166.128.16): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (plus.net, 195.166.128.17): ISC BIND 9.2.3rc1 -- 9.4.0a4 [root@ns1 ~]# fpdns -D register.com fingerprint (register.com, 216.21.227.12): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (register.com, 216.21.227.11): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (register.com, 216.21.230.12): ISC BIND 9.2.3rc1 -- 9.4.0a4 [root@ns1 ~]# fpdns -D .tk fingerprint (.tk, 202.125.44.173): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (.tk, 207.36.228.217): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (.tk, 217.199.176.121): ISC BIND 9.2.3rc1 -- 9.4.0a4 [root@ns1 ~]# fpdns -D .mn fingerprint (.mn, 199.254.62.1): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (.mn, 199.249.116.1): No match found fingerprint (.mn, 202.72.241.5): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (.mn, 202.131.0.10): ISC BIND 9.2.3rc1 -- 9.4.0a4 Have also done a few scans on some of the top hosts in the UK ISPA, some PDNS but mostly myDNS and/or bind. This isn't to get into one server is better than another or individual choices, I like PDNS, more just looking for some use cases so I can get this over the line :) Cheers Chris Knowledge I.T. 'Unifying Business Technology' www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 08:38:07AM +0100, Chris Russell wrote: Hi All, Quick question - is anyone on the list using PDNS in an ISP environment, especially for auth services ? The best I can do is refer to this thread, which lists some data points: http://mailman.powerdns.com/pipermail/pdns-users/2011-May/007719.html DENIC and SIDN (the .de and .nl registries) still measure PowerDNS at around 40%-50% of all their domains. You might also want to consider that SIDN and NIC.AT underwrote part of PowerDNS 3.0 development, please see the 3.0 release notes for more details. Have prepped PDNS to replace our Bind instances however management have raised concerns over moving away from the industry standard, so have asked for more justification on the change in software. Already have some ideas but some real world use cases would really be the clincher. If your management wants assurance on PowerDNS performance reliability, they might want to consider joining the other serious users that have taken out a support agreement with a 2 or 4 hour SLA which is available. I'm not sure if a lot of major users will chime in on the list - the larger the company, the less likely they are to share their details on the list. The largest PowerDNS deployments are around 8 million domains, and loads of deployments are million+. Measuring the 'company domain name' with fpdns is of limited utility - the company domain name itself is often not on the ISP production platform. fpdns also does not identify recent PowerDNS versions. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
Hi Bert, The best I can do is refer to this thread, which lists some data points: http://mailman.powerdns.com/pipermail/pdns-users/2011-May/007719.html Cheers, that's a good start :) Measuring the 'company domain name' with fpdns is of limited utility - the company domain name itself is often not on the ISP production platform. Yes I know, it more was I was expecting pdns or no match, but it came back with bind. It's not so much the question of is this supported 24x7 etc, I`m already impressed with the level of support provided on these lists which your response is a fine example of which says how good the commercial support would be. We may go down that route but I think their feedback is really more just about a name. My direct manager knows Bind, so I have to justify not bind, if you see what I mean. Thanks Chris Knowledge I.T. 'Unifying Business Technology' www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] pdnssec secure-zone failing
Greetings, I searched around, but I was unable to find an resolution to my problem. I have a very vanilla install of PowerDNS 3.0 installed with a PostgreSQL 8.4 backend configured. Everything works as expected. Now I want to sign my zone, so I extended my schema as outlined here: http://doc.powerdns.com/generic-mypgsql-backends.html#id444731 When I try to setup my key, I get the following error: aws# pdnssec secure-zone domain.tld No backend was able to secure 'ifyd.com', most likely because no DNSSEC capable backends are loaded, or because the backends have DNSSEC disabled. For the Generic SQL backends, set 'gsqlite3-dnssec' or 'gmysql-dnssec' or 'gpgsql-dnssec' etc. Also make sure the schema has been updated for DNSSEC! (I'm not literally put in domain.tld, but this isn't a public DNS server so I redacted it. ) I've verified that my schema imported to the best of my ability (I'm fairly new to postgres). Here is a dump: -- -- PostgreSQL database dump -- SET statement_timeout = 0; SET client_encoding = 'UTF8'; SET standard_conforming_strings = off; SET check_function_bodies = false; SET client_min_messages = warning; SET escape_string_warning = off; SET search_path = public, pg_catalog; SET default_tablespace = ''; SET default_with_oids = false; -- -- Name: records; Type: TABLE; Schema: public; Owner: pgsql; Tablespace: -- CREATE TABLE records ( id integer NOT NULL, domain_id integer, name character varying(255) DEFAULT NULL::character varying, type character varying(10) DEFAULT NULL::character varying, content character varying(255) DEFAULT NULL::character varying, ttl integer, prio integer, change_date integer, ordername character varying(255), auth boolean ); ALTER TABLE public.records OWNER TO pgsql; -- -- Name: records_id_seq; Type: SEQUENCE; Schema: public; Owner: pgsql -- CREATE SEQUENCE records_id_seq START WITH 1 INCREMENT BY 1 NO MAXVALUE NO MINVALUE CACHE 1; ALTER TABLE public.records_id_seq OWNER TO pgsql; -- -- Name: records_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: pgsql -- ALTER SEQUENCE records_id_seq OWNED BY records.id; -- -- Name: id; Type: DEFAULT; Schema: public; Owner: pgsql -- ALTER TABLE records ALTER COLUMN id SET DEFAULT nextval('records_id_seq'::regclass); -- -- Name: records_pkey; Type: CONSTRAINT; Schema: public; Owner: pgsql; Tablespace: -- ALTER TABLE ONLY records ADD CONSTRAINT records_pkey PRIMARY KEY (id); -- -- Name: domain_id; Type: INDEX; Schema: public; Owner: pgsql; Tablespace: -- CREATE INDEX domain_id ON records USING btree (domain_id); -- -- Name: nametype_index; Type: INDEX; Schema: public; Owner: pgsql; Tablespace: -- CREATE INDEX nametype_index ON records USING btree (name, type); -- -- Name: orderindex; Type: INDEX; Schema: public; Owner: pgsql; Tablespace: -- CREATE INDEX orderindex ON records USING btree (ordername); -- -- Name: rec_name_index; Type: INDEX; Schema: public; Owner: pgsql; Tablespace: -- CREATE INDEX rec_name_index ON records USING btree (name); -- -- Name: domain_exists; Type: FK CONSTRAINT; Schema: public; Owner: pgsql -- ALTER TABLE ONLY records ADD CONSTRAINT domain_exists FOREIGN KEY (domain_id) REFERENCES domains(id) ON DELETE CASCADE; -- -- Name: records; Type: ACL; Schema: public; Owner: pgsql -- REVOKE ALL ON TABLE records FROM PUBLIC; REVOKE ALL ON TABLE records FROM pgsql; GRANT ALL ON TABLE records TO pgsql; GRANT ALL ON TABLE records TO powerdns; -- -- Name: records_id_seq; Type: ACL; Schema: public; Owner: pgsql -- REVOKE ALL ON SEQUENCE records_id_seq FROM PUBLIC; REVOKE ALL ON SEQUENCE records_id_seq FROM pgsql; GRANT ALL ON SEQUENCE records_id_seq TO pgsql; GRANT ALL ON SEQUENCE records_id_seq TO powerdns; -- -- PostgreSQL database dump complete -- Can anyone shed any light on what I'm doing wrong? -- Eric ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 10:05 AM, Chris Russell chris.russ...@knowledgeit.co.uk wrote: Hi Bert, The best I can do is refer to this thread, which lists some data points: http://mailman.powerdns.com/pipermail/pdns-users/2011-May/007719.html Cheers, that's a good start :) We're an ISP utilizing PowerDNS, although small scale if you compare us to others/other countries (~2000 domains). Measuring the 'company domain name' with fpdns is of limited utility - the company domain name itself is often not on the ISP production platform. Yes I know, it more was I was expecting pdns or no match, but it came back with bind. It's not so much the question of is this supported 24x7 etc, I`m already impressed with the level of support provided on these lists which your response is a fine example of which says how good the commercial support would be. We may go down that route but I think their feedback is really more just about a name. My direct manager knows Bind, so I have to justify not bind, if you see what I mean. Our selling point was the MySQL backend, which to be true, is the mainly reason we use PowerDNS. When we started it was the only DNS software with a stable MySQL backend, and since it has worked well we haven't looked for alternatives. The MySQL backend makes it a whole lot easier for us to write management software, as we don't have to fuddle with file permissions, zone reloading and what not. I don't know if that's something you would work towards/use. -- Erik ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdnssec secure-zone failing
Hi Eric, Might seem like a few silly question, but do you have 'gpgsql-dnssec' set in pdns.conf ? Cheers Chris From: pdns-users-boun...@mailman.powerdns.com [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Eric Sent: 16 August 2011 09:10 To: pdns-users@mailman.powerdns.com Subject: [Pdns-users] pdnssec secure-zone failing Greetings, I searched around, but I was unable to find an resolution to my problem. I have a very vanilla install of PowerDNS 3.0 installed with a PostgreSQL 8.4 backend configured. Everything works as expected. Now I want to sign my zone, so I extended my schema as outlined here: http://doc.powerdns.com/generic-mypgsql-backends.html#id444731 Knowledge I.T. 'Unifying Business Technology' www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 08:38:07AM +0100, Chris Russell wrote: [root@ns1 ~]# fpdns -D plus.net fingerprint (plus.net, 195.166.128.16): ISC BIND 9.2.3rc1 -- 9.4.0a4 fingerprint (plus.net, 195.166.128.17): ISC BIND 9.2.3rc1 -- 9.4.0a4 We do intend to move to PowerDNS for our authoritative servers, however other work has taken priority for a while now. We do use (and are very happy with) PowerDNS on our recursive DNS servers for our customers. Ben -- | Ben Brown Broadband Solutions for | Infrastructure Engineer Home Business@ | Plusnet Plc www.plus.net | Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY | Registered in England no: 3279013 + --- Plusnet - ISPA Best Consumer ISP 2008 --- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Master / Slave
Hi all, Il 05/08/2011 20:03, Ian Mordey ha scritto: I have powerdns running perfectly using a MySQL cluster to store the data. The way I do it is have the pdns servers run a local copy of MySQL and replicate from the cluster. This eliminates downtime if the link between the geographically separate DNS servers and the master cluster is down. I don't have AXFR master/slave setup anywhere as any updates are made to the cluster table and this is replicated out to the local mysql instance. Cheers Ian I have the same implementation as described by Ian. Now, I have to handle even the SLAVE zones, for our customers who prefer to manage domains on their servers (AXFR master/slave setup). So I have to manage NATIVE domains for those customers that use our DNS tool panel and SLAVE domains for customers who have a their own server that acts as a master. In this scenario, the local 'records' table on two DNS servers would be written: - by native replication from MySQL cluster for records of NATIVE zone - by pdns daemon for records of SLAVE zone ... having as a result a misalignment of the 'records' tables on the local and cluster MySQL instance. Can I configure pdns to cache the AXFR records without saving them on local DB? Or more generally, what is the best way to implement my scenario? Kind regards, Cristian ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On 08/16/2011 10:05 AM, Chris Russell wrote: Hi Bert, The best I can do is refer to this thread, which lists some data points: http://mailman.powerdns.com/pipermail/pdns-users/2011-May/007719.html [cut] Hello, i work in an isp and we're using pdns as auth server, we have about 4000 domains (we switched from bind for the mysql backend ) bye M. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On 8/16/11 1:50 AM, bert hubert wrote: On Tue, Aug 16, 2011 at 08:38:07AM +0100, Chris Russell wrote: Hi All, Quick question - is anyone on the list using PDNS in an ISP environment, especially for auth services ? The best I can do is refer to this thread, which lists some data points: http://mailman.powerdns.com/pipermail/pdns-users/2011-May/007719.html DENIC and SIDN (the .de and .nl registries) still measure PowerDNS at around 40%-50% of all their domains. You might also want to consider that SIDN and NIC.AT underwrote part of PowerDNS 3.0 development, please see the 3.0 release notes for more details. We use powerdns almost exclusively with the mysql backend. Our ns1 hosts around 300 domains on it, with quite a few of them being high traffic - ahbl.org for example, which is one of the master name servers for all the dnsbl queries. Several other large DNSbl's also use our ns1 as a slave for redundancy. Between the 6 auth name servers in the US, I think we do around 3mbits of DNS traffic, and another 2mbits out of Canada. No problems really, most of our issues were caused by lax config on our end that we promptly fixed. When we did find a pretty major bug during the testing of ipv6 records in 3.0, Bert had the problem fixed within about 5 mins, and a new build pushed out. And that's all just by hopping on IRC and catching him when he's around. Is the SLA worth it? Hell yes, even if you never need to use it, your supporting the development. We're too small and not-for-profit based, so the contract is not feasible, but I always try to test and share my results if needed or asked (feedback is never a bad thing). Some other things to consider why running PDNS is better: 1) BIND is agonizingly slow when loading lots of zones. Only recently have they bothered to work on that so it doesn't take 6 hours to load a ton of domains. 2) Auth and caching services can be run separately, helping keep one potential issue from affecting another. 3) Config options are a heck of alot more easy to use/understand 4) Its trivially easy to run multiple backends, including the bind backend, and even run multiple server instances isolating types of customers, etc. 5) LUA and pipe backends -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
Hi Bert, The best I can do is refer to this thread, which lists some data points: http://mailman.powerdns.com/pipermail/pdns-users/2011- May/007719.html Cheers, that's a good start :) Measuring the 'company domain name' with fpdns is of limited utility - the company domain name itself is often not on the ISP production platform. Yes I know, it more was I was expecting pdns or no match, but it came back with bind. It's not so much the question of is this supported 24x7 etc, I`m already impressed with the level of support provided on these lists which your response is a fine example of which says how good the commercial support would be. We may go down that route but I think their feedback is really more just about a name. My direct manager knows Bind, so I have to justify not bind, if you see what I mean. Thanks Chris We are one of these large ISP's. We use it for auth and recursive. Why not to use BIND isn't hard to justify. Break out the exploit lists for BIND vs PowerDNS. Then break out the performance metrics. PowerDNS is hands down the winner. So much so that I have talked several other companies into converting to it. Brad This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 7:00 PM, Brielle Bruns br...@2mbit.com wrote: Some other things to consider why running PDNS is better: 1) BIND is agonizingly slow when loading lots of zones. Only recently have they bothered to work on that so it doesn't take 6 hours to load a ton of domains. 2) Auth and caching services can be run separately, helping keep one potential issue from affecting another. 3) Config options are a heck of alot more easy to use/understand 4) Its trivially easy to run multiple backends, including the bind backend, and even run multiple server instances isolating types of customers, etc. 5) LUA and pipe backends Just shooting in with a feature that I just came to remember. 6) Fancy records. I haven't researched BIND for years, so I'm not sure if that's easily supported there now. But with PowerDNS it's easy to set up web forwarding, it has literally saved me from creating hundreds of empty web config files just to redirect somewhere else. You do have to implement the whole forwarding thingy yourself (unless it's in contrib or something by now?), but it's a few lines of code in e.g. PHP or your favorite web language. -- Erik ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
Erik Weber wrote: Some other things to consider why running PDNS is better: [...] Just shooting in with a feature that I just came to remember. 6) Fancy records. 3.0 doesn't support fancy records any more. http://doc.powerdns.com/fancy-records.html Mit freundlichen Grüßen, Sebastian -- Sebastian Posner Unix-Systemspezialist AM Data Center Services, Shared Infrastructure Deutsche Telekom AG, Products Innovation ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 8:23 PM, Posner, Sebastian s.pos...@telekom.dewrote: Erik Weber wrote: Some other things to consider why running PDNS is better: [...] Just shooting in with a feature that I just came to remember. 6) Fancy records. 3.0 doesn't support fancy records any more. I, for one, am sad about this. Sincerely, Anthony Eden -- http://anthonyeden.com | twitter: @aeden | skype: anthonyeden ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 1:38 AM, Chris Russell chris.russ...@knowledgeit.co.uk wrote: Hi All, Quick question – is anyone on the list using PDNS in an ISP environment, especially for auth services ? Up until a couple years ago I worked as Sr. SA/Ops Manager at Modwest, we used PowerDNS then, and they still do today. Something like 10k or 15k domains at the time, no idea how many today honestly. As with many the draw was a database backend. There wasn't much else out there at the time, and certainly nothing stable like PowerDNS. With 10k+ domains BIND would take a very LONG time to start/restart or even check for updates. There was also the headaches involved in maintaining slave and master zone configs too. Authoritative DNS only. There's a cluster of BIND servers for resolver functionality. The actual NS records point at load balanced clusters of DNS servers. To the outside it looks like there are only a handful of geographically diverse nameservers, in reality there's multiple PowerDNS servers behind each IP. Makes doing upgrades REALLY easy, you just pull one out of the load balancer, upgrade it. Then you can do all the testing you want (one thing I did was to play back DNS queries and observe/systematically check the responses, without letting any actual traffic out) -- if it doesn't work out you can then use whatever process you have to roll that machine back and put it back into the cluster, or, more deeply investigate the failure. This was a situation though where there was a very well proven and trusted load balancer infrastructure in place already so it absolutely made sense to deploy externally facing DNS services behind this same setup. It definitely requires thought to do it that way (chicken-and-egg scenarios come to mind, you can not have your load balancers depend on DNS if you're going to run DNS behind them!!!) but it is reliable when done right. There have definitely been a few pains here and there. Some of them were caused by the fact that wildcard records are used. Some of the issues I had were caused by MySQL's sometimes flaky replication, monitoring them was an absolute must, making sure that they were all in sync and up to date was also absolutely required. The benefits far outweighed the costs at that scale for certain. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS in an ISP environment
On Tue, Aug 16, 2011 at 8:29 PM, Anthony Eden anthonye...@gmail.com wrote: On Tue, Aug 16, 2011 at 8:23 PM, Posner, Sebastian s.pos...@telekom.de wrote: Erik Weber wrote: Some other things to consider why running PDNS is better: [...] Just shooting in with a feature that I just came to remember. 6) Fancy records. 3.0 doesn't support fancy records any more. I, for one, am sad about this. We're still running PowerDNS 2.x and haven't faced this change yet. Shouldn't it be a matter of extending the records table with a column with the URL information, and just insert the record as a normal A record? Your management software and the forwarding software would have to confront the URL field, but to PowerDNS it should look like a normal record. -- Erik ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users