[Date Prev][Date Next]
Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
I would find it interesting if you could also provide info on:
1. How do you administer your DNS zones/RRs ?
Sure, not sure how much you want to know, might get boring.
We wrote a Provisioning Engine, in perl, which empties a "provisioning table" in
a MySQL database, of commands to perform. Once performed updates the records status.
+email, -email, *email (add, delete and modify email)
With the case of DNS, the provisioning commands of +-domain, +-*dns modify
those. For example:
This way anything (Navi-apache servers, or internal staff tools, etc) can just
issue setup commands as needed, and the PROV.pl will execute them when able,
usually within a second. They are run in sequence of course. To create an actual
new domain with email, you would see something like "+domain, +email, quota,
+virus, +spam, enable, welcome".
(quota sets disk quota, enable enables smtpauth/pop/imap and welcome sends
2. Which OS are you using on your servers?
Solaris 10u9, on Supermicro x64 servers (3012s).
3. Which ldap / BIND9 packages are you using? (Or you compile from source?)
Compiled from source. On the schedule to be upgraded too, but
4. Do you use DNSSEC with this setup?
By the way, I find it a bit strange that you are having problems with
syncrepl. We haven't got such problems (when we configure consumers to
regularly attempt to reconnect to the provider in case they lose
Definitely a problem with bulk deletions, affecting all of LDAP, not just DNS
specific. Without deletions, we rarely have troubles.
Jorgen Lundman | <firstname.lastname@example.org>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)