[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
From: "Torsten Schlabach (Tascel eG)" <tschlabach@tascel.net>
Date: Tue, 03 May 2011 09:57:36 +0000
Cc: Nick Milas <nick@eurobjects.com>, openldap-technical@openldap.org
In-reply-to: <187200840.506115.1304404082602.JavaMail.root@zimbra8-vm1.telkomsa.net>
Organization: Tascel eG
References: <187200840.506115.1304404082602.JavaMail.root@zimbra8-vm1.telkomsa.net>
User-agent: Roundcube Webmail/RCMAIL_VERSION

On Tue, 3 May 2011 08:28:02 +0200 (SAST), Buchan Milne
<bgmilne@staff.telkomsa.net> wrote:
>> I just wanted to add that according many testimonies, like:
>>
https://lists.isc.org/mailman/htdig/bind-users/2011-February/082814.html,
>> BIND9
>> with LDAP over DLZ has a very low performance, making it unsuitable
>> for
>> production systems,
> 
> No, making it unsuitable for directly serving DNS clients. The
recommended
> architecture with bind sdb_ldap for use with a high query load is that a
> named running sdb_ldap be set up as a "hidden" master, with the slaves
> running traditional file-backed zones to serve DNS clients.
> 
> Regards,
> Buchan

Honestly, I am not sure how much sense this extra layer makes. I mean,
yes, it solves to the problem but to me this is as logical as writing a
script which converts the LDAP database content into zone files and run
that script via cron. What I like about BIND with DLZ and LDAP is: I edit
something and it's there.

How often would one recommend the slaves to initiate a zone transfer from
the master in Buchan's recommended scenario? Daily? Hourly?

If PowerDNS really is so much faster and so much more lightweight (i.e. I
have to install only what I need; something which always concerned be a bit
when it comes to BIND) then it may indeed be worthwhile to look at. Just me
personally our our organization, I cannot promise any real time budget for
that right now.

Also - while asking myself how much this is becoming off-topic on an
OpenLDAP list, but the guys at ISC are also undertaking some serious
efforts about BIND 10, which I understand will be a full re-write; see

http://www.isc.org/bind10 and
http://bind10.isc.org/wiki

One question which I guess *does* belong here is what the plans for BIND
10 with regards to LDAP storage are. Maybe some active contribution may be
even useful. I think they are also heavily preparing for the long awaited
future called IPv6. I am not sure how well BIND 9 with DLZ and / or
PowerDNS perform for IPv6 right now, especially thinking about the schema.

Regards,
Torsten

Follow-Ups:
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Nick Milas <nick@eurobjects.com>
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Nick Milas <nick@eurobjects.com>

References:
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
Next by Date: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
Index(es):
- Chronological
- Thread