Bert Hubert's blog entries on PowerDNS' history

✍️ → Written on 2021-05-11 in 1431 words. Part of reflection cs software-development


bert hubert is an entrepreneur & software developer.

I sometimes contribute to science, I care a lot about innovation, biology & health. I’m a proud shareholder of Open-Xchange, the parent company of PowerDNS which I founded in 1999. Recently, I joined a government oversight board. You can also hire me to write semi-popular science articles for you.

In his role as founder of PowerDNS, he experienced the ups & downs of this project. Recently, he wrote a series of blog posts about its history. And I enjoyed them a lot. So I want to share them with you.


  • First of all, PowerDNS (on Wikipedia, github) is a GPL-licensed DNS server implementation in C++. Bert Hubert is the main author of this piece of FOSS.

  • In the context of the company PowerDNS, he assigns version numbers 1.0, 2.0, and 3.0. Bert seems to be overly positive, constructive, and honest about his time there.

  • PowerDNS 1.0, 1999 – 2003

    • Bert’s journey in the field of DNS started, because they wanted to provide geographical load balancing DNS software as a company.

    • BIND was the only viable implementation of DNS at that time. “These days BIND is excellent software”, as Bert notes. djbdns was an emerging alternative.

      In hindsight, I can only say that Dan Bernstein’s DNS products are works of sheer brilliance. Many times over the subsequent 20 years of software development, I would think I had found some kind of vulnerability in DNS and found that Dan had already thought about that. DJB’s unique style of communications and somewhat unusual software operational practices led to his software not being widely adopted.

      — Quote on djbdns
    • He continues the first steps as a company including the building and business opportunities. There was even a legal question regarding DNS: Do zone files have to be text files (and thus not be stored in databases)?

      Our pitch briefly went like this: “getting BIND to work with large amounts of zonefiles sucks, so you need to spend a lot of effort on that. PowerDNS is much more efficient, and allows you to do your work with far fewer employees”. As pitches go, this one is not the worst.

    • Hiring Stefan Arentz to professionalize software development practices to move from PowerDNS 1.0 to PowerDNS 2.0. “So at least in my mind, PowerDNS 1.0 failed because 1) we did not have the strategic vision and 2) even we had, we would not have been able to deliver on it.”

  • PowerDNS 2.0, 2003 – 2013

    • “I had given myself some room to learn new things in the interim. I had never been very fond of HTML and ‘web software’, but I forced myself to learn that. This would later prove to be extremely useful.”

    • The default latest time to check for zone file updates was set to a ‘date very far in the future’, namely “Saturday, 10th of January 2004, 13:37:04 UTC” (230 seconds past UNIX epoch). So at this timestamp, many installations broke.

    • Bert does not seem to be aware of it, but what he calls linear programming actually has a different meaning already.

    • To handle the asynchronous nature of the DNS resolver implementation, Bert wrote a userspace cooperative multitasking system.

    • “One in a million problems will on average happen several times if your user is a country-sized ISP”

    • Bert wrote an article about the increasing complexity of the DNS standard

    • On the company side, Bert remarks: “There is a harsh lesson in there - if you want to be successful, there are no shortcuts to becoming an ‘established’ company. Just existing for a number of years adds a lot of credibility. But by definition, it takes years.”

    • Bert even talks about Ursula von der Leyen’s initiative to DNS-block child pornography sites. This was back in my days listening to Chaosradio podcasts regularly after school.

    • DNSSEC adds a certain complexity, but they made it work. In particular,

      when you enter a market, think real hard about what everyone else is doing, but don’t join in and start doing the same thing. Up to that point, DNSSEC really had been a glorious playground for people who like their cryptography strong and difficult. But that’s not where the market is. End-users did care about DNSSEC, but only a bit. And definitely not enough to invest in learning cryptography. This is reasonably classic Innovator’s Dilemma stuff.

    • Bert talks about the FOSS aspect: “How do you make money as an open source company?”. For PowerDNS the answer seemed to be “give them software - make them pay for support”

    • Be sure to recognize people struggling with your software. “don’t try to contradict someone who feels they are experiencing a bug”. And Bert calls it ‘total support’:

      Over at PowerDNS at the time, what we provided was “total support”. Often we found the root cause of issues not in PowerDNS, but in firewalls, switches, storage platforms, operating systems or a long forgotten F5 load balancer somewhere over at Microsoft or eBay. And sometimes in PowerDNS too of course. But we’d make sure it would get fixed in either case.

    • But the old model of selling “really good support only” was becoming unviable and ended PowerDNS 2.0

  • PowerDNS 3.0, 2013 – 2020

    • Bert on the order defined in DNS:

      DNS is in some ways a rather odd protocol. ‘’ looks surprisingly like an ASCII string, but the semantics are way different. For example, if we want to sort ‘’ and ‘’ in DNS order, it turns out that ‘’ sorts before ‘’: DNS sorts based on ‘labels’, starting at the last one.

    • “By making dnsdist configurable and commandable from Lua, we very quickly gained a lot of functionality ‘out of thin air’.”

    • Lua records (with actual Lua code) can be added in PowerDNS Authoritative Server 4.2 or later. I suggest to take a look at examples.

    • Company-wise, they started to merge with Open-Xchange.

  • Business-wise summary (quote from the article follows)

    • A sales organization that can truly listen to customers & find out what they need - even beyond what they write down formally.

    • Folks that provide steel to your pricing negotiations

    • A legal team that does not just say “no” but can actively weigh risks

    • A management team willing to sign off on those risks

    • People that can radiate experience to customers in terms of delivering projects

    • Credible security staff that can similarly convey confidence & work with and around (!) requirements

    • Have rock solid project management that can calm often erratic large corporations

    • Staff that knows about the strategic environment a customer is in

    • A great administrative and support organization for all the people mentioned above!


My personal take aways:

  • Think about your business model and the implications of licensing

  • FOSS context: take vague bug reports serious and try to identify the root cause even if it is out of scope of your software

  • A good code base can be so important for your business

  • Be open to collaborate also with experienced entrepreneurs if it comes to business-related issues

  • Know your competitors