PowerDNS - Mind Palace

**PowerDNS** is a high-performance, open source authoritative DNS server with a powerful backend API that makes it ideal for cloud and hosting environments where DNS records need to be created and updated programmatically — not manually. It is the standard authoritative DNS choice for self-operated clouds. --- ### First Principle: In a cloud environment, DNS records should be created by automation, not humans. When a tenant provisions a VM or service, DNS records should be created automatically. When resources are destroyed, records should be cleaned up. PowerDNS's REST API (pdns-api) makes DNS management a first-class programmatic operation — [[OpenTofu]] modules, [[Ansible]] playbooks, and custom automation can all manage DNS without editing zone files. --- ### Key Considerations - **Backends**: PowerDNS supports multiple backends — MySQL, PostgreSQL, SQLite, LDAP. The database backends allow DNS zone data to be managed via SQL queries or ORM — making DNS zone management a data management problem. - **REST API**: The pdns-api allows CRUD operations on zones and records over HTTP. Any automation framework can create DNS records programmatically — no zone file editing, no `rndc reload`. - **Recursion vs Authority**: PowerDNS Authoritative Server handles authority for zones you own. PowerDNS Recursor is a separate product for recursive resolving (external DNS for your network). Both are often deployed together. - **[[Kubernetes]] ExternalDNS**: The ExternalDNS operator reads Kubernetes Services and Ingresses and automatically creates/deletes DNS records in PowerDNS — implementing automated DNS for cloud-native workloads. - **DNSSEC**: PowerDNS has first-class DNSSEC support — signing zones, managing keys, and automating key rollover. - **Zones as Code**: Combining PowerDNS's API with [[OpenTofu]] allows DNS zones to be declared as code, reviewed in pull requests, and applied automatically. --- ### How It Fits ``` [[OpenTofu]] / ExternalDNS / tenant provisioning → PowerDNS REST API (create/update/delete records) → PostgreSQL/MySQL (zone data store) → [[CoreDNS]] (internal cluster DNS, delegates external to PowerDNS) ``` [[CoreDNS]] | [[OpenTofu]] | [[Kubernetes]] | [[HAProxy]] | [[Open Source Hyperscaler MoC]]