The PowerDNS team has announced the release of Authoritative Server 5.0, marking a major update to this open-source DNS server software that provides both authoritative DNS and recursive DNS resolver functionality, widely used by ISPs, hosting providers, enterprises, and DNS operators.
The most notable new feature is views, which allow administrators to return different DNS responses depending on the source of the query. Long available in BIND, views are now part of PowerDNS, giving operators more control in split-horizon or multi-tenant DNS setups.
This release also adds RFC9615 authenticated DNSSEC bootstrapping, which simplifies the initial setup of DNSSEC-secured zones, and RFC2136 dynamic update support for the LMDB backend, extending compatibility with dynamic DNS workflows.
The API has been enhanced with record timestamps and the ability to fetch disabled RRsets, giving administrators more detailed visibility and control over record states. These features are especially useful for auditing and automation scenarios.
PowerDNS 5.0 also expands Lua integration with several new functions and options. These include:
- A new setting to enforce
failOnIncompleteCheckinif*upfunctions - Support for assigning HTTP status codes in the
ifurlupfunction - A global include feature for Lua scripts
- A self-weighted Lua function for advanced balancing
- Finer control over Lua “up checks”
- The ability to return empty sets in
filterForward()
Another long-requested feature, namely webserver Unix socket support, is also in place as a practical addition for environments where TCP sockets are less desirable, such as containerized deployments or restricted systems.
The pdnsutil management tool has undergone significant restructuring. Command syntax has been standardized for consistency, and operations such as add-record and delete-rrset now require absolute names. New subcommands, better error reporting, and stricter safeguards make zone and record management more predictable and less error-prone.
Other refinements include automatic SOA serial number increments after key operations, safer defaults when creating zones, improved provenance tracking for default TTL values, and better warnings during file creation.
The LMDB backend received multiple fixes and enhancements, too. These include honoring map-size limits across all files, improving reliability during recursive lookups, and cleaning up NSEC3 record handling. Predictable IDs are now generated more consistently, and several edge-case bugs were resolved.
Lastly, packet cache handling has been corrected to work properly with views, and zone import behavior was fixed to avoid mismatches. Additional bug fixes address issues in zone2sql imports, TSIG key handling, and cross-module crashes in containerized builds.
For more information, see the announcement. A detailed list of changes can be found in the changelog.
