2 http://drift.uninett.no/nett/ip-nett/oids.html
3 http://drift.uninett.no/nett/ip-nett/dnsattributes.schema
5 It would be great if there were some common standard for storing DNS
6 information in LDAP. Then there could be several tools available to
7 maintain the DNS information in LDAP, and one could pick any of the
8 DNS server solutions that supported this standard. We are not there
9 yet, but I suspect not much need to be done to get there.
11 I am aware of five different implementations fetching DNS zones from
12 LDAP. There is the bind family, powerdns, ldapdns, freeipa and active
15 The ldapdns package have the simplest LDAP setup of them all. It uses
16 the dnsdomain object class defined in
17 <ahref="http://www.ietf.org/rfc/rfc1274.txt">RFC 1274</a>, and add
18 support for any DNS record by reusing the photo attribute as a binary
19 blob. Reverse entries are defined using seeAlso or cnamerecord
20 attributes, and txt records are fetched from the description
23 The dnsdomain object look like this:
25 objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
27 MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
28 SOARecord $ CNAMERecord ))
30 I have no experience with ldapdns, so I am unsure what a forward and
31 reverse LDAP objects would look like.
33 The bind family have two different approaches, one generating static
34 zone files from LDAP and passing it on to the bind server, and one
35 patch for bind to get it to look up DNS information directly in LDAP
36 when a request come in. Static files are generated using ldap2zone,
37 while the dynamic version is called
38 <ahref="http://bind9-ldap.bayour.com/">bind-sdb</a>. Both use the
39 dnszone object class from the
40 <ahref="http://bind9-ldap.bayour.com/dnszone-schema.txt">dnszone
41 schema</a> created by Stig VenĂ¥s</a>. The object class definition
42 have changed over time, but kept the name and OID, and currently look
43 like this (the dnsdomain object class is defined in cosine.schema):
45 objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
47 MUST ( zoneName $ relativeDomainName )
48 MAY ( DNSTTL $ DNSClass $
49 ARecord $ MDRecord $ MXRecord $ NSRecord $
50 SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
51 MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
52 KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
53 SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
54 A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
55 RRSIGRecord $ NSECRecord ))
57 For a DNS entry like www.skolelinux.org, the attributes will be
58 zoneName=skolelinux.org and relativeDomainName=www.
60 The forward and reverse DNS entries in LDAP would look something like
63 dn: relativeDomainName=maintainer,zoneName=skolelinux.org,ou=somebase
65 relativeDomainName: maintainer
66 zoneName: skolelinux.org
69 aRecord: 158.36.191.137
71 dn: relativeDomainName=www,zoneName=skolelinux.org,ou=somebase
73 relativeDomainName: www
74 zoneName: skolelinux.org
77 cNAMERecord: maintainer.skolelinux.org.
79 dn: relativeDomainName=137, zoneName=191.36.158.in-addr.arpa,ou=somebase
81 relativeDomainName: 137
82 zoneName: 137.191.36.158.in-addr.arpa
83 pTRRecord: maintainer.skolelinux.org.
87 objectclass ( 1.3.6.1.4.1.2428.20.2 NAME 'dNSDomain2'
88 SUP 'dNSDomain' STRUCTURAL
89 MAY ( DNSTTL $ DNSClass $ WKSRecord $ PTRRecord $
90 HINFORecord $ MINFORecord $ TXTRecord $ RPRecord $
91 AFSDBRecord $ SIGRecord $ KEYRecord $ GPOSRecord $
92 AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
93 NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
94 DNAMERecord $ APLRecord $ DSRecord $ SSHFPRecord $
95 IPSECKEYRecord $ RRSIGRecord $ NSECRecord $
96 DNSKEYRecord $ DHCIDRecord $ SPFRecord
projects / homepage.git / blob