One of the most requested features from customers in recent years has been the ability for PowerDNS Authoritative Server to support the concept of Views, and we’re pleased to announce that Views are the headline feature of PowerDNS Authoritative Server 5.0.
Views are a concept originally introduced by ISC Bind, and the idea is to be able to represent a zone (say “example.com”) in different ways to different clients, for example for client IP address. This is also known as Split-Horizon DNS. Before version 5.0, customers could configure split horizon DNS, but only by providing separate DNS authoritative servers for each of the different types of clients.
The Views feature in Authoritative Server 5.0 is unique in a few different ways:
Zones can be created with or without a variant name. A zone with a variant name identifies a specific version of that zone, which will not be returned to clients unless mapped to a view.
Views are a mapping between a set of network masks and a view name.
Zone variants are mapped to view names. A view is empty if not mapped to any variants, and will not affect any returned results.
Views, variants and their mappings are created and managed dynamically, using the PowerDNS REST API, or the pdnsutil command. This gives a huge amount of flexibility, without the need to restart servers to change view configuration.
Variants can be reused between different views.
This is shown in the following diagram:
There are several solutions that benefit from the ability of the authoritative server to return different zone content to different clients, including:
Enterprise DNS – Many enterprises use split horizon DNS to provide different answers to employees who are on the company Intranet, vs external clients. An example might be mail.example.com, which would send internal users to the internal mail server, but send external users (i.e. Mail Transfer Agents) to the external-facing mail server. This also has security benefits, as internal domain names are not “leaked” to external clients.
Mobile Networks – When using DNS on the Gn/Gp interfaces for PGW selection, operators often need to be able to return different results depending on the client, particularly for roaming scenarios. Similarly views enable a single DNS server to be deployed to provide different results for local domains to local subscribers on the Gi interface vs queries for those domains from the Internet.
We look forward to our customers and partners making full use of the new support for Views in PowerDNS Authoritative Server 5.0, and already have plans for enhancing the feature to make it even more useful in the future, for example selecting views based on TSIG transaction signatures.
Get in touch with us to learn more about Views in the PowerDNS Authoritative Server and discover how they can help you address your specific challenges.