PowerDNS Recursor is a high-performance recursive DNS resolver designed to handle large query volumes while providing features like DNSSEC validation and scripting. It is commonly deployed alongside PowerDNS Authoritative, but it can also run independently.
- Current stable: PowerDNS Recursor 5.3.5 (2026-02-09).
- Security Advisory: 2026-01 (craft zones resource exhaustion) - fixed in 5.3.5.
- High-performance recursive DNS with scripting.
- Deployments that want DNSSEC validation.
- Environments that pair a dedicated recursor with an authoritative server.
- High-performance recursive resolution with multi-threading
- DNSSEC validation with automatic trust anchor updates
- Lua scripting for query customization and RPZ (Response Policy Zones)
- Query logging and statistics via web server/API
- Cache tuning and prefetch capabilities
- Support for modern protocols (DoT, DoH via dnsdist)
- Rate limiting and abuse prevention
- Recursive-only: Dedicated recursive resolver, not authoritative
- Lua scripting: Extensive Lua scripting for query handling
- RPZ support: Response Policy Zones for threat blocking
- Common pairing: Often paired with PowerDNS Authoritative
- dnsdist frontend: Can use dnsdist for load balancing and DoT/DoH
- octoDNS compatible: Works with octoDNS for DNS-as-code workflows
¶ Setup and References
¶ History and References