Re: Alternative LDAP schema for DNS database (bind9 used by freeipa)

To: debian-edu@lists.debian.org
Subject: Re: Alternative LDAP schema for DNS database (bind9 used by freeipa)
From: Petter Reinholdtsen <pere@hungry.com>
Date: Fri, 9 Jul 2010 19:12:41 +0200
Message-id: <[🔎] 20100709171241.GG23533@login1.uio.no>
In-reply-to: <20100624135717.GA8869@flashgordon>
References: <2fly6e4u0lk.fsf@login1.uio.no> <20100624135717.GA8869@flashgordon>

[Andreas B. Mundt]
> As I have already all this working here it should not be too much
> work to have it in our installation. Let me know if you think this
> is a good idea for now. Without dns we cannot move on with kerberos.

In my view, it is best to have a DNS server that dynamically look up
entries in LDAP when queries come in, instead of using periodic
updates of the DNS configuration from LDAP.  Because of this, I am
skeptical to a solution involving ldap2zone.

There seem to be several DNS related LDAP schemas, and several
different patches for bind to get it to use LDAP.  I suspect we can
find a solution that work with the LDAP schema used by powerdns, which
is cosine.schema and dnsdomain2.schema.

I found <URL:http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt>,
is this the schema you had in mind?

I'm in the process of investigating how PowerDNS uses LDAP, and the
initial look at the slapd log make me believe it only look for the
attributes in need, and not for any specific object classes.  This
allow us to use any schema as long as attributes with names like
associateddomain, soarecord and arecord are used.

The DHCP server on the other hand is different, it look for specific
objectclass names.

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Prev by Date: Re: Drafting a new LDAP structure for Squeeze
Next by Date: debian-edu-config_1.443~svn66126_i386.changes ACCEPTED
Previous by thread: debian-edu_0.848~svn66101_i386.changes ACCEPTED
Next by thread: debian-edu-config_1.443~svn66126_i386.changes ACCEPTED
Index(es):
- Date
- Thread