Monitoring Plugin to check for stale domains on PowerDNS secondary servers


Monitoring Plugin to check for stale domains on PowerDNS secondary servers.

The plugin should be run on the PowerDNS secondary server or at least connect to the MySQL database of the secondary.


An introduction of this plugin was published on this article.


When running PowerDNS in a Primary-Secondary (old names: Master-Slave) setup, the DNS replication happens over the DNS protocol.

Note: Check out this blog post for an overview and the difference between "Native" and "DNS" replication in PowerDNS.

This works fine for zone changes and for newly created domains in the Primary; new domains are automatically created on the Secondary server(s) when autosecondary=yes is configured.

There is one downside though: Zones (domains) deleted on the Primary are not replicated to the Secondary server(s). The Secondary server(s) still have the deleted domains and serves the (should be deleted) domains as authoritative server. This is what we call a "stale domain": The domain was deleted on the Primary but the Secondary server(s) don't know about it.

This monitoring plugin helps to identify these stale zones/domains.


Python3 modules

Requires the following Python3 modules:

  • mysql.connector
  • dnspython

These can be installed either using pip3:

pip3 install mysql.connector dnspython

Or by using prepared Python3 packages in your OS. Example for Ubuntu:

apt-get install python3-mysql.connector python3-dnspython

MySQL privileges

The MySQL user you use for the script needs SELECT privileges on the table "domains" in the "powerdns" database. Assuming your PowerDNS MySQL database is named "powerdns", you would use the following GRANT query:

mysql> GRANT SELECT ON TO 'monitoring'@'localhost' IDENTIFIED BY 'secret';


-H / --dbhost => MySQL Host

-u / --dbuser => MySQL Username

-p / --dbpass => MySQL Password

-d / --dbname => MySQL Database of PowerDNS (default: powerdns)

-P / --primary => PowerDNS Primary (IP address or FQDN address)

--debug => Shows each domain in the output

Example usage:

# python3 -H localhost -u monitoring -p secret -P
PDNS SECONDARY WARNING: Stale domains: ['', '', '']