http://drift.uninett.no/nett/ip-nett/oids.html
http://drift.uninett.no/nett/ip-nett/dnsattributes.schema
It would be great if there were some common standard for storing DNS
information in LDAP. Then there could be several tools available to
maintain the DNS information in LDAP, and one could pick any of the
DNS server solutions that supported this standard. We are not there
yet, but I suspect not much need to be done to get there.
I am aware of five different implementations fetching DNS zones from
LDAP. There is the bind family, powerdns, ldapdns, freeipa and active
directory.
The ldapdns package have the simplest LDAP setup of them all. It uses
the dnsdomain object class defined in
RFC 1274, and add
support for any DNS record by reusing the photo attribute as a binary
blob. Reverse entries are defined using seeAlso or cnamerecord
attributes, and txt records are fetched from the description
attribute.
The dnsdomain object look like this:
objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord ))
I have no experience with ldapdns, so I am unsure what a forward and
reverse LDAP objects would look like.
The bind family have two different approaches, one generating static
zone files from LDAP and passing it on to the bind server, and one
patch for bind to get it to look up DNS information directly in LDAP
when a request come in. Static files are generated using ldap2zone,
while the dynamic version is called
bind-sdb. Both use the
dnszone object class from the
dnszone
schema created by Stig VenĂ¥s. The object class definition
have changed over time, but kept the name and OID, and currently look
like this (the dnsdomain object class is defined in cosine.schema):
objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
SUP top STRUCTURAL
MUST ( zoneName $ relativeDomainName )
MAY ( DNSTTL $ DNSClass $
ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
RRSIGRecord $ NSECRecord ))
For a DNS entry like www.skolelinux.org, the attributes will be
zoneName=skolelinux.org and relativeDomainName=www.
The forward and reverse DNS entries in LDAP would look something like
this:
dn: relativeDomainName=maintainer,zoneName=skolelinux.org,ou=somebase
objectClass: dNSZone
relativeDomainName: maintainer
zoneName: skolelinux.org
dNSTTL: 3192
dNSClass: IN
aRecord: 158.36.191.137
dn: relativeDomainName=www,zoneName=skolelinux.org,ou=somebase
objectClass: dNSZone
relativeDomainName: www
zoneName: skolelinux.org
dNSTTL: 3600
dNSClass: IN
cNAMERecord: maintainer.skolelinux.org.
dn: relativeDomainName=137, zoneName=191.36.158.in-addr.arpa,ou=somebase
objectClass: dNSZone
relativeDomainName: 137
zoneName: 137.191.36.158.in-addr.arpa
pTRRecord: maintainer.skolelinux.org.
powerdns
objectclass ( 1.3.6.1.4.1.2428.20.2 NAME 'dNSDomain2'
SUP 'dNSDomain' STRUCTURAL
MAY ( DNSTTL $ DNSClass $ WKSRecord $ PTRRecord $
HINFORecord $ MINFORecord $ TXTRecord $ RPRecord $
AFSDBRecord $ SIGRecord $ KEYRecord $ GPOSRecord $
AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
DNAMERecord $ APLRecord $ DSRecord $ SSHFPRecord $
IPSECKEYRecord $ RRSIGRecord $ NSECRecord $
DNSKEYRecord $ DHCIDRecord $ SPFRecord
) )
freeipa
active directory