ZoneWatcher
Features Integrations Compliance Pricing FAQ Blog
Sign In Register

Monitoring PowerDNS

Monitoring your PowerDNS records automatically is made easy with ZoneWatcher. After you've added your PowerDNS server credentials, we will automatically import all of your authoritative zones and begin monitoring them for changes.

Generating your PowerDNS API Key

To get started adding your PowerDNS server, you'll need to configure the API in your PowerDNS configuration file. The API must be enabled and an API key must be set.

# In your pdns.conf or pdns.d/*.conf file:
api=yes
api-key=your-secure-api-key-here
webserver=yes
webserver-address=0.0.0.0
webserver-port=8081

After updating your configuration, restart PowerDNS to apply the changes. For more information, see the PowerDNS HTTP API documentation.

Permissions for Change Management & Rollback

PowerDNS does not have per-token permissions — the API is either read-write or read-only at the server level via the api-readonly setting.

For monitoring-only use, set api-readonly=yes in pdns.conf and restart the authoritative server. ZoneWatcher (and any other client of the API) will be able to read zones and records but cannot modify anything.

If you plan to use ZoneWatcher's Change Management or rollback features, set api-readonly=no (or remove the line entirely — it defaults to no). Those features write back to PowerDNS via PATCH requests on the /api/v1/servers/{server}/zones/{zone} endpoint to apply approved changesets and revert unauthorized changes. Note that this affects every API client — isolate the API behind a firewall or reverse proxy and use a dedicated, strong API key.

Creating your PowerDNS Provider

Once you've configured your PowerDNS API, you can create your new PowerDNS provider on ZoneWatcher by providing the following information:

  • Provider Name: A descriptive name for your PowerDNS server
  • API Key: The API key you configured in your PowerDNS settings
  • Base URL: The base URL of your PowerDNS API (e.g., http://localhost:8081 or https://dns.example.com)
  • Server ID: The server ID (typically "localhost" for single-server setups)

ZoneWatcher will automatically discover all authoritative zones (Native and Master) from your PowerDNS server and begin monitoring them for changes.

Security Considerations

When exposing your PowerDNS API to ZoneWatcher, consider the following security best practices:

  • Use HTTPS with a valid SSL certificate for your PowerDNS API
  • Generate a strong, random API key
  • Consider restricting API access to specific IP addresses using firewall rules
  • Regularly rotate your API keys
  • Monitor API access logs for suspicious activity

Supported Record Types

Our PowerDNS integration currently monitors the following record types:

Never miss a DNS change again.
Start monitoring in minutes.

Start Trial Learn more