pdnsutil man page

pdnsutil — PowerDNS dnssec command and control


pdnsutil [OPTION]... COMMAND


pdnsutil (formerly pdnssec) is a powerful command that is the operator-friendly gateway into DNSSEC and zone management for PowerDNS. Behind the scenes, pdnsutil manipulates a PowerDNS backend database, which also means that for many databases, pdnsutil can be run remotely, and can configure key material on different servers.


-h | -help
Show summary of options
-v | --verbose
Be more verbose.
force an action
--config-name NAME
Virtual configuration name
--config-dir DIR
Location of pdns.conf. Default is /etc/powerdns.


There are many available commands, this section splits them up into their respective uses

Zone Manipulation Commands

create-zone ZONE
Create an empty zone named ZONE.
Check all zones for correctness.
check-zone ZONE
Check zone ZONE for correctness.
clear-zone ZONE
Clear the records in zone ZONE, but leave actual domain and settings unchanged
delete-zone ZONE:
Delete the zone named ZONE.
edit-zone ZONE
Opens ZONE in zonefile format (regardless of backend it was loaded from) in the editor set in the environment variable EDITOR. if EDITOR is empty, pdnsutil falls back to using editor.
get-meta ZONE [ATTRIBUTE]...
Get zone metadata. If no ATTRIBUTE given, lists all known.
hash-zone-record ZONE RNAME
This convenience command hashes the name RNAME according to the NSEC3 settings of ZONE. Refuses to hash for zones with no NSEC3 settings.
list-keys [ZONE]
List DNSSEC information for all keys or for ZONE.
List all zone names.
list-zone ZONE
Show all records for ZONE.
load-zone ZONE FILE
Load records for ZONE from FILE. If ZONE already exists, all records are overwritten, this operation is atomic. If ZONE doesn't exist, it is created.
rectify-zone ZONE
Calculates the 'ordername' and 'auth' fields for a zone called ZONE so they comply with DNSSEC settings. Can be used to fix up migrated data. Can always safely be run, it does no harm.
secure-zone ZONE
Configures a zone called ZONE with reasonable DNSSEC settings. You should manually run 'pdnsutil rectify-zone' afterwards.
Set domainmetadata ATTRIBUTE for ZONE to VALUE. An empty value clears it.
set-presigned ZONE
Switches ZONE to presigned operation, utilizing in-zone RRSIGs.
show-zone ZONE
Shows all DNSSEC related settings of a zone called ZONE.
test-schema ZONE
Test database schema, this creates the zone ZONE
unset-presigned ZONE
Disables presigned operation for ZONE.

Debugging Tools

backend-cmd BACKEND CMD [CMD..]
Send a text command to a backend for execution. GSQL backends will take SQL commands, other backends may take different things. Be careful!

See Also

pdns_server (1), pdns_control (1)


Matthijs Möhlmann <matthijs@cacholong.nl>.

Referenced By


Explore man page connections for pdnsutil(1).

PowerDNS DNSSEC command and control November 2011