[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status

To: openldap-technical@openldap.org
Subject: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
From: Jorgen Lundman <lundman@lundman.net>
Date: Thu, 05 May 2011 10:09:04 +0900
In-reply-to: <4DC1920D.40303@eurobjects.com>
References: <4DB933D6.1060609@eurobjects.com> <44a35f67e5ec4416eafc3f183f10d78c@imap.tascel.net> <4DB970D1.8070102@eurobjects.com> <4DC0E323.4010906@lundman.net> <4DC1920D.40303@eurobjects.com>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.18) Gecko/20110320 SeaMonkey/2.0.13

I would find it interesting if you could also provide info on:
1. How do you administer your DNS zones/RRs ?


Sure, not sure how much you want to know, might get boring.

We wrote a Provisioning Engine, in perl, which empties a "provisioning table" ina MySQL database, of commands to perform. Once performed updates the records status.


For example:

+email, -email, *email (add, delete and modify email)

With the case of DNS, the provisioning commands of +-domain, +-*dns modifythose. For example:


+domain|domain=example.com
+dns|domain=example.com|type=A|lhs=www|rhs=192.168.1.1

This way anything (Navi-apache servers, or internal staff tools, etc) can justissue setup commands as needed, and the PROV.pl will execute them when able,usually within a second. They are run in sequence of course. To create an actualnew domain with email, you would see something like "+domain, +email, quota,+virus, +spam, enable, welcome".(quota sets disk quota, enable enables smtpauth/pop/imap and welcome sendswelcome email)

2. Which OS are you using on your servers?


Solaris 10u9, on Supermicro x64 servers (3012s).

3. Which ldap / BIND9 packages are you using? (Or you compile from source?)


Compiled from source. On the schedule to be upgraded too, but

db-4.2.52
openldap-2.3.41
bind-9.5.2

4. Do you use DNSSEC with this setup?


Not yet.

By the way, I find it a bit strange that you are having problems with
syncrepl. We haven't got such problems (when we configure consumers to
regularly attempt to reconnect to the provider in case they lose
connection).

Definitely a problem with bulk deletions, affecting all of LDAP, not just DNSspecific. Without deletions, we rarely have troubles.




--
Jorgen Lundman       | <lundman@lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)

Follow-Ups:
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Nick Milas <nick@eurobjects.com>

References:
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Jorgen Lundman <lundman@lundman.net>
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: Re: conditional bind authentication against external ldap server
Next by Date: functions using postfix +ldap
Index(es):
- Chronological
- Thread