[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status

To: openldap-technical@openldap.org
Subject: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
From: Jorgen Lundman <lundman@lundman.net>
Date: Thu, 12 May 2011 16:58:24 +0900
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lundman.net; s=dkim; t=1305187126; bh=n4oAMRB0ZB6Iax3gpu0nXsWLEgKpsp54dRqERlz322s=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=AjZowTy9OYhVAPrzhX0mJ8osr27l/MqxIUtnFFhqLKu02MzKxJHdmBbFWCNK1oh/c 8EvR2tSt32H8aqTF0Z95bpVizDc/arz7+UFLjNCKDUdVdtbiAxnmNRpon4WSbklg88 ZJKuwmgbvUP7bwmOWGyywahSLoXrF+D+D+YU+G2c=
In-reply-to: <4DCB8C27.40309@eurobjects.com>
References: <4DB933D6.1060609@eurobjects.com> <44a35f67e5ec4416eafc3f183f10d78c@imap.tascel.net> <4DB970D1.8070102@eurobjects.com> <4DC0E323.4010906@lundman.net> <4DCB8C27.40309@eurobjects.com>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14



Nick Milas wrote:


NOTE: I haven't been able to test with BIND9/DLZ. If someone can provide
DLZ zone configuration settings (in named.conf) for use with the (sdb)
dNSzone schema, or a migration script of ldap entries from dnszone to
dlz ldap schema please do!


I might be able to help here. We use:

include         /usr/local/etc/openldap/schema/dlz.schema

named.conf has:

dlz "ldap zone" {

database "ldap 20 v3 simple {cn=admin,dc=company,dc=com} {ldappasswd}{127.0.0.1}

ldap:///DNSZoneName=$zone$,ou=dns,dc=company,dc=com???objectclass=DNSZone
ldap:///DNSHostName=$record$,DNSZoneName=$zone$,ou=dns,dc=company,dc=com?DNSTTL,DNSTy
pe,DNSPreference,DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefre
sh,DNSRetry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord
{}
ldap:///DNSZoneName=$zone$,ou=dns,dc=company,dc=com?DNSTTL,DNSType,DNSHostName,DNSPre
ference,DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefresh,DNSRet
ry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord
ldap:///DNSZoneName=$zone$,ou=dns,dc=company,dc=com??sub?(&(objectclass=DNSXFR)(DNSIPAddr=$client$))";
};

Might be broken up by my email client.. 127.0.0.1 is IP of slapd, we run onlocalhost for speed and redundancy.


20 is num threads to LDAP, and we start bind with "/usr/local/sbin/named -n 10"

A typical DNS record would look like:



# jorgen.jp, dns, company.com
dn: DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com
objectClass: DNSZone
DNSZoneName: jorgen.jp

# @, jorgen.jp, dns, company.com
dn: DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com
objectClass: DNSHost
DNSHostName: @

# SOA, @, jorgen.jp, dns, company.com
dn: DNSRecord=SOA,DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com
objectClass: DNSSOARecord
DNSHostName: @
DNSRecord: SOA
DNSType: soa
DNSSerial: 2007071201
DNSRefresh: 28800
DNSRetry: 7200
DNSExpire: 604800
DNSMinimum: 86400
DNSAdminEmail: hostmaster.new-style.company.com.
DNSPrimaryNS: dns02.new-style.company.com.
DNSTTL: 86400

# MX0, @, jorgen.jp, dns, company.com
dn: DNSRecord=MX0,DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com
objectClass: DNSMXRecord
DNSRecord: MX0
DNSHostName: @
DNSType: MX
DNSData: mx.new-style.company.com.
DNSPreference: 10
DNSTTL: 86400

# TXT0, @, jorgen.jp, dns, company.com
dn: DNSRecord=TXT0,DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com
objectClass: DNSTEXTRecord
DNSRecord: TXT0
DNSHostName: @
DNSType: TXT
DNSData: "v=spf1 +ip4:1.2.3.4/24 ~all"
DNSTTL: 86400

# www.jorgen.jp, jorgen.jp, dns, company.com
dn: DNSHostName=www.jorgen.jp,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com
objectClass: DNSHost
DNSHostName: www.jorgen.jp

# A1, www.jorgen.jp, jorgen.jp, dns, company.com

dn:DNSRecord=A1,DNSHostName=www.jorgen.jp,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com

objectClass: DNSARecord
DNSRecord: A1
DNSHostName: www.jorgen.jp
DNSType: A
DNSIPAddr: 4.3.2.1
DNSTTL: 600



--
Jorgen Lundman       | <lundman@lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)

Follow-Ups:
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Nick Milas <nick@eurobjects.com>

References:
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Jorgen Lundman <lundman@lundman.net>
- Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
Next by Date: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
Index(es):
- Chronological
- Thread