[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP and DNS
I would think that a nice compromise in a product would be something
like the following:
DNS entries are maintained in LDAP - you could keep ip and hostname
info in a record, and expand it to include all kinds of other info
for record keeping (i.e. person responsible for the machine, machine
type, location, etc).
Have a "primary" DNS server that backends to LDAP - this would have to
be a custom hack to something like bind.
Have 2 or more secondaries that do their zone transfers from this
"primary" server. These could be unmodified versions of bind.
Register only these secondary DNS servers for users, Internic, etc.
i.e. the _only_ purpose of the "primary" server would be to read
LDAP and do zone transfers to your other DNS servers, so you manage
it in LDAP, but for performance, you use standard tuned bind DNS servers.
As a side note, I would make the ip/dns record just have ip/hostname info
in it, have a separate record for the machine (for inventory purposes,
recording what it is, SN, inv. #, etc), and a separate record for the
user responsible. The IP/hostname record would hold the DN of the
machine it is used on, and the machine record would hold the
dn of the responsible person (maybe even the location would be a dn
to an office/location record) - building these relations can avoid
duplicate/bad data, though it will require more lookups to gather all
the data related to the ip (i.e. 4 lookups to find the ip, machine,
user responsible, and location of the machine). The DNS server
is only worried about the ip to name mapping, so only needs the first
record. These additional lookups only happen when managing a dns address.
Allows you to create a nice user management console where deleting a user
automagically tells you what equiment they have signed out so you can
collect it. If it's a server tied to a users record that also has
email info, you can do things like monitor the a server and know who
to email via a script if it goes down by finding the IP # and tracing
it to the machine, then the user(s).
Nice managed enterprise :)
Long way to get to my final point, which is that I don't know of
any software that actually does this... Just some ideas in case someone
wants to build it - this would take care of the performance question, though.
Jon Sellers wrote:
> Don't know. That is the kind of thing I was hoping to find out with my original
> message. I would expect that there isn't right now, but if LDAP becomes as
> ubiquitous as DNS won't it need to come close?
>
> Another question might be "Is there an LDAP server that can handle the number
> of queries per second that my DNS handles?
>
> Jon
>
> >On Tue, 22 Jun 1999, you wrote:
> > Jon,
> >
> > Is there an LDAP server that can handle the number of queries
> > per second that DNS can handle?
> >
> > --Pete
> >
> > Jon Sellers wrote:
> > >
> > > Has anyone done any work on integrating OpenLDAP and DNS? I suppose the right
> > > way to approach it would be to patch bind to query an LDAP server instead of
> > > it's standard configuration files (though I know zip about bind's internals).
> > > Or maybe someone knows of a DNS implementation that already does this?
> > >
> > > Jon
> >
> > --
> > ====================================================================
> > Peter E. Stoddard, Consultant Pete.Stoddard@compaq.com
> > ISP Solutions Business Unit Tel. (603) 884-5128
> > Compaq Computer Corporation Fax. (603) 884-0627
> > 110 Spit Brook Road, ZKO2-2/N87
> > Nashua, New Hampshire 03062-2698
> > USA
> > ====================================================================
--
Jeff Clowser
mailto:jclowser@aerotek.com Hanover MD 21076 USA
Phone: (410)-579-4328 7312 Parkway Drive