Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status

Nick Milas wrote:

NOTE: I haven't been able to test with BIND9/DLZ. If someone can provide DLZ zone configuration settings (in named.conf) for use with the (sdb) dNSzone schema, or a migration script of ldap entries from dnszone to dlz ldap schema please do!

I might be able to help here. We use:

include /usr/local/etc/openldap/schema/dlz.schema

named.conf has:

dlz "ldap zone" { database "ldap 20 v3 simple {cn=admin,dc=company,dc=com} {ldappasswd} {127.0.0.1} ldap:///DNSZoneName=$zone$,ou=dns,dc=company,dc=com???objectclass=DNSZone ldap:///DNSHostName=$record$,DNSZoneName=$zone$,ou=dns,dc=company,dc=com?DNSTTL,DNSTy pe,DNSPreference,DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefre sh,DNSRetry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord {} ldap:///DNSZoneName=$zone$,ou=dns,dc=company,dc=com?DNSTTL,DNSType,DNSHostName,DNSPre ference,DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefresh,DNSRet ry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord ldap:///DNSZoneName=$zone$,ou=dns,dc=company,dc=com??sub?(&(objectclass=DNSXFR)(DNSIPAddr=$client$))"; };

Might be broken up by my email client.. 127.0.0.1 is IP of slapd, we run on localhost for speed and redundancy.

20 is num threads to LDAP, and we start bind with "/usr/local/sbin/named -n 10"

A typical DNS record would look like:

# jorgen.jp, dns, company.com dn: DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSZone DNSZoneName: jorgen.jp

# @, jorgen.jp, dns, company.com dn: DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSHost DNSHostName: @

# SOA, @, jorgen.jp, dns, company.com dn: DNSRecord=SOA,DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSSOARecord DNSHostName: @ DNSRecord: SOA DNSType: soa DNSSerial: 2007071201 DNSRefresh: 28800 DNSRetry: 7200 DNSExpire: 604800 DNSMinimum: 86400 DNSAdminEmail: hostmaster.new-style.company.com. DNSPrimaryNS: dns02.new-style.company.com. DNSTTL: 86400

# MX0, @, jorgen.jp, dns, company.com dn: DNSRecord=MX0,DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSMXRecord DNSRecord: MX0 DNSHostName: @ DNSType: MX DNSData: mx.new-style.company.com. DNSPreference: 10 DNSTTL: 86400

# TXT0, @, jorgen.jp, dns, company.com dn: DNSRecord=TXT0,DNSHostName=@,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSTEXTRecord DNSRecord: TXT0 DNSHostName: @ DNSType: TXT DNSData: "v=spf1 +ip4:1.2.3.4/24 ~all" DNSTTL: 86400

# www.jorgen.jp, jorgen.jp, dns, company.com dn: DNSHostName=www.jorgen.jp,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSHost DNSHostName: www.jorgen.jp

# A1, www.jorgen.jp, jorgen.jp, dns, company.com dn: DNSRecord=A1,DNSHostName=www.jorgen.jp,DNSZoneName=jorgen.jp,ou=dns,dc=company,dc=com objectClass: DNSARecord DNSRecord: A1 DNSHostName: www.jorgen.jp DNSType: A DNSIPAddr: 4.3.2.1 DNSTTL: 600