Alternative LDAP schema for DNS database (bind9 used by freeipa)
I asked on #freeipa on freenode, where I hang because I maintain sssd
in Debian, about their LDAP schema for storing DNS information in the
LDAP database.
This is their schema, and Stephen Gallagher said they are hoping to
get it integrated into the upstream bind release.
I mentioned the PowerDNS LDAP schema and the need for a common LDAP
schema for both PowerDNS and Bind, and was adviced to talk to Martin
Nagy who is the freeipa DNS guy. Perhaps a IETF work group should be
formed to come up with a good schema for this?
I have no idea if powerdns can use this schema, but assume it is too
different to work without any changes.
Just mentioning it here to make the rest of you aware of this.
attributetype ( 1.3.6.1.4.1.2428.20.0.0
NAME 'dNSTTL'
DESC 'An integer denoting time to live'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
attributetype ( 1.3.6.1.4.1.2428.20.0.1
NAME 'dNSClass'
DESC 'The class of a resource record'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.12
NAME 'pTRRecord'
DESC 'domain name pointer, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.13
NAME 'hInfoRecord'
DESC 'host information, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.14
NAME 'mInfoRecord'
DESC 'mailbox or mail list information, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.16
NAME 'tXTRecord'
DESC 'text string, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.18
NAME 'aFSDBRecord'
DESC 'for AFS Data Base location, RFC 1183'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.24
NAME 'SigRecord'
DESC 'Signature, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.25
NAME 'KeyRecord'
DESC 'Key, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.28
NAME 'aAAARecord'
DESC 'IPv6 address, RFC 1886'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.29
NAME 'LocRecord'
DESC 'Location, RFC 1876'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.30
NAME 'nXTRecord'
DESC 'non-existant, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.33
NAME 'sRVRecord'
DESC 'service location, RFC 2782'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.35
NAME 'nAPTRRecord'
DESC 'Naming Authority Pointer, RFC 2915'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.36
NAME 'kXRecord'
DESC 'Key Exchange Delegation, RFC 2230'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.37
NAME 'certRecord'
DESC 'certificate, RFC 2538'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.38
NAME 'a6Record'
DESC 'A6 Record Type, RFC 2874'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.39
NAME 'dNameRecord'
DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.43
NAME 'dSRecord'
DESC 'Delegation Signer, RFC 3658'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.44
NAME 'sSHFPRecord'
DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.46
NAME 'rRSIGRecord'
DESC 'RRSIG, RFC 3755'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 1.3.6.1.4.1.2428.20.1.47
NAME 'nSECRecord'
DESC 'NSEC, RFC 3755'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
attributetype ( 2.16.840.1.113730.3.8.5.0
NAME 'idnsName'
DESC 'DNS FQDN'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.1
NAME 'idnsAllowDynUpdate'
DESC 'permit dynamic updates on this zone'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.2
NAME 'idnsZoneActive'
DESC 'define if the zone is considered in use'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.3
NAME 'idnsSOAmName'
DESC 'SOA Name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.4
NAME 'idnsSOArName'
DESC 'SOA root Name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.5
NAME 'idnsSOAserial'
DESC 'SOA serial number'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.6
NAME 'idnsSOArefresh'
DESC 'SOA refresh value'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.7
NAME 'idnsSOAretry'
DESC 'SOA retry value'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.8
NAME 'idnsSOAexpire'
DESC 'SOA expire value'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.9
NAME 'idnsSOAminimum'
DESC 'SOA minimum value'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)
attributetype ( 2.16.840.1.113730.3.8.5.10
NAME 'idnsUpdatePolicy'
DESC 'DNS dynamic updates policy'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
objectclass ( 2.16.840.1.113730.3.8.6.0
NAME 'idnsRecord'
DESC 'dns Record, usually a host'
SUP top
STRUCTURAL
MUST idnsName
MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $
AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $
SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $
MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $
NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $
DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord
)
)
objectclass ( 2.16.840.1.113730.3.8.6.1
NAME 'idnsZone'
DESC 'Zone class'
SUP idnsRecord
STRUCTURAL
MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $
idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $
idnsSOAminimum
)
MAY idnsUpdatePolicy
)
Happy hacking,
--
Petter Reinholdtsen
Reply to: