[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status

I would find it interesting if you could also provide info on:
1. How do you administer your DNS zones/RRs ?

Sure, not sure how much you want to know, might get boring.

We wrote a Provisioning Engine, in perl, which empties a "provisioning table" in a MySQL database, of commands to perform. Once performed updates the records status.

For example:

+email, -email, *email (add, delete and modify email)

With the case of DNS, the provisioning commands of +-domain, +-*dns modify those. For example:


This way anything (Navi-apache servers, or internal staff tools, etc) can just issue setup commands as needed, and the PROV.pl will execute them when able, usually within a second. They are run in sequence of course. To create an actual new domain with email, you would see something like "+domain, +email, quota, +virus, +spam, enable, welcome". (quota sets disk quota, enable enables smtpauth/pop/imap and welcome sends welcome email)

2. Which OS are you using on your servers?

Solaris 10u9, on Supermicro x64 servers (3012s).

3. Which ldap / BIND9 packages are you using? (Or you compile from source?)

Compiled from source. On the schedule to be upgraded too, but


4. Do you use DNSSEC with this setup?

Not yet.

By the way, I find it a bit strange that you are having problems with
syncrepl. We haven't got such problems (when we configure consumers to
regularly attempt to reconnect to the provider in case they lose

Definitely a problem with bulk deletions, affecting all of LDAP, not just DNS specific. Without deletions, we rarely have troubles.

Jorgen Lundman       | <lundman@lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)