Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status

Nick Milas wrote:
On 4/5/2011 8:24 ÏÎ, Jorgen Lundman wrote:

I too, read that before we rolled out our DNS cluster, but when we
came to trying it ourselves, we got completely different results, or
perhaps, acceptable results. Sure LDAP+DLZ was not quite as fast as
BDB+DLZ, but the latter had so many troubles it was not worth it. We
migrated from BDB+DLZ to LDAP+DLZ.


you can find some new performance tests for BIND9 (SDB) and PowerDNS DNS
Servers with LDAP backend (and other backends).

(Using BIND9 9.3.6 (13615 qps) as reference)
BIND9 9.3.6            : 13615  qps        -
BIND9 9.7.3            : 12731  qps ===>   -6.5%
BIND9 9.7.3 / SDB-LDAP :   370  qps ===>  -97.3%
PDNS 2.9.22 / BIND     : 17683  qps ===>  +29.9%
PDNS 2.9.22 / MYSQL    : 16879  qps ===>  +24.0%
PDNS 2.9.22 / LDAP     : 17339  qps ===>  +27.4%

These results show how important PowerDNS LDAP backend can be, and might
provide motivation to organizations to support the project.
(3500 EUR have been requested by the PowerDNS project leaders to support
the LDAP backend for the next years.)

Well, these results just confirm that the BIND9 SDB-LDAP sucks. We knew that already; their LDAP schema treats LDAP as a flat DB and doesn't leverage any of the power of LDAP or hierarchical databases at all.

NOTE: I haven't been able to test with BIND9/DLZ. If someone can provide
DLZ zone configuration settings (in named.conf) for use with the (sdb)
dNSzone schema, or a migration script of ldap entries from dnszone to
dlz ldap schema please do!

I have tried to post a more extended version of this email, but my
message is not reaching the list, so I am trying with this short
version. Check the link at the top for test details.


