Lightning Stream with PowerDNS Authoritative server

This section explains how to install and run Lightning Stream with the PowerDNS Authoritative server the old fashioned way.

Todo

Explain how to handle schema migrations in this setup.

Building Lightning Stream

At the moment of writing, this project requires Go 1.19. Please check the go.mod file for the current Go version expected.

To install the binary in a given location, simply run:

GOBIN=$HOME/bin go install ./cmd/lightningstream/

Or run ./build.sh to install it in a bin/ subdirectory of this repo.

Easy cross compiling is unfortunately not supported, because the LMDB bindings require CGo.

Configuring PowerDNS Authoritative server 4.8+

To install PowerDNS Authoritative server, please read its installation instructions. Make sure to install version 4.8 or higher for Lightning Stream. Also install the lmdb backend for PowerDNS Authoritative server, if packaged separately.

Warning

This section assumes the use of PowerDNS Authoritative version 4.8 and higher, which uses native Lightning Stream value headers. As of March 2023, an alpha release of 4.8 is available for testing.

These instructions will NOT work with earlier versions, but scroll down if you insist on trying it out with 4.7.

Lightning Stream requires the following PowerDNS Authoritative server settings:

# Lightning Stream uses the LMDB backend 
launch=lmdb

# Path to the directory where the LMDB databases for this instance will be stored.
# This MUST be unique per instance, if you are running more than one on the same server.
lmdb-filename=/path/to/lmdb

# Run it with a single shard, to simplify management and configuration.
# Note that this cannot safely be changed later!
lmdb-shards=1

# This MUST be enabled to safely handle multiple writers
lmdb-random-ids=yes

# This MUST be enabled to track and propagate deletes
lmdb-flag-deleted=yes

# You may want a lower number than 16000 MB, which is the default on 64 bit systems.
lmdb-map-size=1000

# You may want to reduce the cache interval to 1 second, or disable it
# altogether with 0, to quickly see your changes. The default is 300 seconds.
# An interval of 1 second will likely provide you with most of the benefits of caching,
# with a barely noticeable delay.
zone-cache-refresh-interval=0
zone-metadata-cache-ttl=0

Configuring Lightning Stream

A basic Lightning Stream configuration for PowerDNS Authoritative looks like this:

instance: unique-instance-name  # IMPORTANT: change this
lmdbs:
  main:
    # Auth 'lmdb-filename'
    path: /path/to/lmdb
    schema_tracks_changes: true
    options:
      no_subdir: true
      create: true      # optional for 'main', as auth will create it on startup, if needed
      map_size: 1000MB  # for create=true, make sure to match auth's lmdb-map-size
  shard:
    # Auth 'lmdb-filename' plus '-0' for the first shard
    path: /path/to/lmdb-0
    schema_tracks_changes: true
    options:
      no_subdir: true
      create: true      # strongly recommended for shards
      map_size: 1000MB  # for create=true, make sure to match auth's lmdb-map-size

storage:
  #type: fs
  type: s3
  options:
    #root_path: /tmp/snapshots
    access_key: minioadmin
    secret_key: minioadmin
    region: us-east-1
    bucket: lightningstream-auth48 # use a different bucket or prefix for each auth version
    create_bucket: true
    endpoint_url: http://localhost:9000

http:
  address: ":8500"  # for status and metrics

Please check the configuration section for details and other options.

Lightning Stream can be run in the foreground as follows:

$ lightningstream --config=/path/to/config.yaml sync

Ensure that both PowerDNS Authoritative and Lightning Stream have write access to the LMDBs, for example by running them under the same system user.

Running it with an older Authoritative server

While it is possible to run Lightning Stream with PowerDNS Authoritative 4.7 in non-native mode, this is NOT recommended due to the many downsides of running it in non-native mode.

Warning

This is NOT recommended, other than for testing and experimenting with non-native shadow mode. Please use PowerDNS Authoritative 4.8+ instead.

To run it with PowerDNS Authoritative 4.7 in non-native mode, change the above Lightning Stream configuration as follows:

# WARNING: NOT RECOMMENDED, non-native mode for PowerDNS Authoritative server 4.7
lmdbs:
  main:
    ...
    schema_tracks_changes: false
    dupsort_hack: true
  shard:
    ...
    schema_tracks_changes: false

storage:
  type: s3
  options:
    ...
    bucket: lightningstream-auth47 # use a different bucket or prefix for each auth version

And remove the lmdb-flag-deletes option from the Auth config. The Lightning Stream shadow DBIs will be tracking these deletes instead.