Difference between revisions of "PowerDNS LDAP Backend/Example"

From Linuxnetworks
Jump to: navigation, search
(Revert vandalism + spam from mail.colortil.com.br [67.205.85.246])
 
(40 intermediate revisions by 24 users not shown)
Line 1: Line 1:
 
__TOC__
 
__TOC__
 
= Examples =
 
  
 
== Tree design ==
 
== Tree design ==
  
The LDAP tree should be designed carefully to prevent mistakes, which are hard to correct afterwards. The best solution is to create a subtree for all host entries which will contain the DNS records. You can do this the simple way or in a tree style.
+
The DNS LDAP tree should be designed carefully to prevent mistakes, which are hard to correct afterwards. The best solution is to create a subtree for all host entries which will contain the DNS records. You can do this the simple way or in a tree style.
  
 
DN of a simple style example record (e.g. myhost.linuxnetworks.de):
 
DN of a simple style example record (e.g. myhost.linuxnetworks.de):
Line 15: Line 13:
 
== Basic objects ==
 
== Basic objects ==
  
Each domain (or zone for BIND users) must include one object containing a SOA (Start Of Authority) record. This object can also contain the attribute for a MX (Mail eXchanger) and a NS (Name Server) record. These attributes allow one or more values, e.g. for a backup mail or name server:
+
Each domain (or zone for BIND users) must include one object containing a SOA (Start Of Authority) record. This object can also contain the attribute for a MX (Mail eXchange) and a NS (Name Server) record. These attributes allow one or more values, e.g. for a backup mail or name server:
  
 
  dn: dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
 
  dn: dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
Line 23: Line 21:
 
  objectclass: domainrelatedobject
 
  objectclass: domainrelatedobject
 
  dc: linuxnetworks
 
  dc: linuxnetworks
  soarecord: ns.linuxnetworks.de me@linuxnetworks.de 2002010401 1800 3600 604800 84600
+
  soarecord: ns.linuxnetworks.de me@linuxnetworks.de 1 1800 3600 86400 7200
 
  nsrecord: ns.linuxnetworks.de
 
  nsrecord: ns.linuxnetworks.de
 
  mxrecord: 10 mail.linuxnetworks.de
 
  mxrecord: 10 mail.linuxnetworks.de
Line 29: Line 27:
 
  associateddomain: linuxnetworks.de  
 
  associateddomain: linuxnetworks.de  
  
A simple mapping between name and ip address can be specified by an object containing an arecord and an associateddomain. You don't have to bother about a reverse mapping (ip address to name) if you don't want to, because this can be done automagically by the PowerDNS LDAP backend if you set ldap-method=strict in pdns.conf.
+
A simple mapping between name and IP address can be specified by an object containing an arecord and an associateddomain. You don't have to bother about a reverse mapping (ip address to name) if you don't want to, because this can be done automagically by the LDAP DNS backend if you set ldap-method=strict in pdns.conf.
  
 
  dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
 
  dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
Line 38: Line 36:
 
  arecord: 10.1.0.1
 
  arecord: 10.1.0.1
 
  arecord: 192.168.0.1
 
  arecord: 192.168.0.1
  associateddomain: server.linuxnetworks.de  
+
  associateddomain: server.linuxnetworks.de
 +
 
 +
Be aware of the fact that these examples work if ldap-method is simple or strict. For tree mode you have to modify all DNs according to the algorithm described in the section above.
 +
 
 +
== Wildcards ==
 +
 
 +
Wild-card domains are possible by using the asterisk in the associatedDomain value like it is used in the bind zone files. The "dc" attribute can be set to any value in simple or strict mode - this doesn't matter.
 +
 
 +
dn: dc=any,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
 +
objectclass: top
 +
objectclass: dnsdomain
 +
objectclass: domainrelatedobject
 +
dc: any
 +
arecord: 192.168.0.1
 +
associateddomain: *.linuxnetworks.de
 +
 
 +
In tree mode wild-card entries has to look like this instead:
 +
 
 +
dn: dc=*,dc=linuxnetworks,dc=de,ou=hosts,o=linuxnetworks,c=de
 +
objectclass: top
 +
objectclass: dnsdomain
 +
objectclass: domainrelatedobject
 +
dc: *
 +
arecord: 192.168.0.1
 +
associateddomain: *.linuxnetworks.de
  
 
== Aliases ==
 
== Aliases ==
  
Aliases for an existing DNS object have to be defined in a seperate LDAP object. You can create one object per alias or add all aliases (as values of associateddomain) to one object. The only thing which is not allowed is to create loops by using the same name in associateddomain and in cnamerecord
+
Aliases for an existing DNS object have to be defined in a separate LDAP object. You can create one object per alias (this is a must in tree mode) or add all aliases (as values of associateddomain) to one object. The only thing which is not allowed is to create loops by using the same name in associateddomain and in cnamerecord
  
 
  dn: dc=server-aliases,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
 
  dn: dc=server-aliases,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
Line 54: Line 76:
 
  associateddomain: ns.linuxnetworks.de  
 
  associateddomain: ns.linuxnetworks.de  
  
Aliases are optional. You can also add all alias domains to the associateddomain attriubute. The only difference is that these additional domains aren't recognized as aliases anymore, but instead as a normal arecord:
+
Aliases are optional. You can also add all alias domains to the associateddomain attribute. The only difference is that these additional domains aren't recognized as aliases anymore, but instead as a normal arecord:
  
 
  dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
 
  dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
Line 65: Line 87:
 
  associateddomain: proxy.linuxnetworks.de
 
  associateddomain: proxy.linuxnetworks.de
 
  associateddomain: mail2.linuxnetworks.de
 
  associateddomain: mail2.linuxnetworks.de
  associateddomain: ns.linuxnetworks.de  
+
  associateddomain: ns.linuxnetworks.de
  
 
== Reverse lookups ==
 
== Reverse lookups ==
Line 76: Line 98:
 
  objectclass: domainrelatedobject
 
  objectclass: domainrelatedobject
 
  dc: 1.10.in-addr.arpa
 
  dc: 1.10.in-addr.arpa
  soarecord: ns.linuxnetworks.de me@linuxnetworks.de 2002010401 1800 3600 604800 84600
+
  soarecord: ns.linuxnetworks.de me@linuxnetworks.de 1 1800 3600 86400 7200
 
  nsrecord: ns.linuxnetworks.de
 
  nsrecord: ns.linuxnetworks.de
 
  associateddomain: 1.10.in-addr.arpa  
 
  associateddomain: 1.10.in-addr.arpa  
Line 88: Line 110:
 
  associateddomain: 1.0.1.10.in-addr.arpa  
 
  associateddomain: 1.0.1.10.in-addr.arpa  
  
To use this kind of record, you also have to add the dnsdomain2 schema to the configuration of your LDAP server.
+
Tree mode requires each component to be a dc element of its own:
 
+
 
+
'''CAUTION:'''
+
 
+
You can't use "ldap-method=strict" if you need zone transfers (AXFR) to other name servers. Distributing zones can only be done directly via ldap replication in this case, because for a full zone transfer the reverse records are missing
+
 
+
 
+
----
+
Back to [[PowerDNS ldapbackend|Overview]]
+
 
+
 
+
 
+
 
+
 
+
 
+
  
 +
dn: dc=1,dc=0,dc=1,dc=10,dc=in-addr,dc=arpa,ou=hosts,o=linuxnetworks,c=de
 +
objectclass: top
 +
objectclass: dnsdomain2
 +
objectclass: domainrelatedobject
 +
dc: 1
 +
ptrrecord: server.linuxnetworks.de
 +
associateddomain: 1.0.1.10.in-addr.arpa
  
 +
To use this kind of record, you also have to add the dnsdomain2 schema to the configuration of your LDAP server.
  
  
 +
'''CAUTION:'''
  
<div id="kbektt12139" style="overflow:auto;height:1px;">
+
You can't use "ldap-method=strict" if you need zone transfers (AXFR) to other name servers. Distributing zones can only be done directly via LDAP replication in this case, because for a full zone transfer the reverse records are missing
[http://viagra1.blog.hr/ viagra]
+
[http://phentermine11.blog.hr/ phentermine]
+
[http://ambien1.blog.hr/ ambien]
+
[http://adipex1.blog.hr/ adipex]
+
[http://xanax1.blog.hr/ xanax]
+
[http://u-blog.net/ambien1/ ambien]
+
[http://u-blog.net/adipex1/ adipex]
+
[http://u-blog.net/xanax1/ xanax]
+
[http://u-blog.net/xenical1/ xenical]
+
[http://u-blog.net/cialis1/ cialis]
+
[http://u-blog.net/valium1/ valium]
+
[http://u-blog.net/fioricet2/ fioricet]
+
[http://u-blog.net/tramadol1/ tramadol]
+
[http://u-blog.net/carisoprodol2/ carisoprodol]
+
[http://u-blog.net/hydrocodone2/ hydrocodone]
+
[http://u-blog.net/ultram1/ ultram]
+
[http://u-blog.net/vicodin1/ vicodin]
+
[http://xenical.blog.hr/ xenical]
+
[http://adipex1.ugly.as/ adipex]
+
[http://ambien.konto.pl/ ambien]
+
[http://xanax.ugly.as/ xanax]
+
[http://phentermine.konto.pl/ phentermine]
+
[http://adipex.konto.pl/ adipex]
+
[http://ambien.ugly.as/ ambien]
+
[http://phentermine.ugly.as/ phentermine]
+
[http://xenical.ugly.as/ xenical]
+
[http://buyxanax.konto.pl/ buy xanax]
+
[http://buyxenical.konto.pl/ buy xenical]
+
[http://buycialis.konto.pl/ buy cialis]
+
[http://buyvalium.konto.pl/ buy valium]
+
[http://buyfioricet.konto.pl/ buy fioricet]
+
[http://buytramadol.konto.pl/ buy tramadol]
+
[http://cialis.ugly.as/ cialis]
+
[http://valium.ugly.as/ valium]
+
[http://fioricet.ugly.as/ fioricet]
+
[http://tramadol.ugly.as/ tramadol]
+
[http://carisoprodol.ugly.as/ carisoprodol]
+
[http://buy-soma.ugly.as/ buy soma]
+
[http://hydrocodone1.ugly.as/ hydrocodone]
+
[http://ultram.ugly.as/ ultram]
+
[http://vicodin.ugly.as/ vicodin]
+
[http://meridia.ugly.as/ meridia]
+
[http://alprazolam.ugly.as/ alprazolam]
+
[http://levitra.ugly.as/ levitra]
+
[http://didrex.ugly.as/ didrex]
+
[http://diazepam.ugly.as/ diazepam]
+
[http://propecia.ugly.as/ propecia]
+
[http://zol.ugly.as/ zoloft]
+
[http://lip.ugly.as/ lipitor]
+
[http://health.net4free.org/viagra1/ buy viagra]
+
[http://health.net4free.org/ambien/ ambien]
+
[http://health.net4free.org/adipex/ adipex]
+
[http://health.net4free.org/tramadol1/ tramadol]
+
[http://bviag.athersite.com/ buy viagra]
+
[http://bphen.athersite.com/ buy phentermine]
+
[http://bamb.athersite.com/ buy ambien]
+
[http://badip.athersite.com/ buy adipex]
+
[http://bxan.athersite.com/ buy xanax]
+
[http://bxen.athersite.com/ buy xenical]
+
[http://bcial.athersite.com/ buy cialis]
+
[http://bval.athersite.com/ buy valium]
+
[http://bfior.athersite.com/ buy fioricet]
+
[http://btram.athersite.com/ buy tramadol]
+
[http://bcar.athersite.com/ buy carisoprodol]
+
[http://buyviagra.jak.pl/ buy viagra]
+
[http://buyphent.jak.pl/ buy phentermine]
+
[http://bamb.jak.pl/ buy ambien]
+
[http://badip.jak.pl/ buy adipex]
+
[http://bxan.jak.pl/ buy xanax]
+
[http://bxen.jak.pl/ buy xenical]
+
[http://bval.jak.pl/ buy valium]
+
[http://bcial.jak.pl/ buy cialis]
+
[http://bfior.jak.pl/ buy fioricet]
+
[http://btram.jak.pl/ buy tramadol]
+
[http://bsom.jak.pl/ buy soma]
+
[http://bcar.jak.pl/ buy carisoprodol]
+
[http://bhyd.jak.pl/ hydrocodone]
+
[http://bult.jak.pl/ ultram]
+
[http://bvic.jak.pl/ vicodin]
+
[http://bmer.jak.pl/ meridia]
+
[http://alp.jak.pl/ alprazolam]
+
[http://levi.jak.pl/ levitra]
+
[http://did.jak.pl/ didrex]
+
[http://bvia.konto.pl/ buy viagra]
+
[http://bcaris.konto.pl/ buy carisoprodol]
+
[http://bsom.konto.pl/ buy soma]
+
[http://bhyd.konto.pl/ buy hydrocodone]
+
[http://ult.konto.pl/ ultram]
+
[http://vic.konto.pl/ vicodin]
+
[http://meri.konto.pl/ meridia]
+
[http://bphen.konto.pl/ buy phentermine]
+
[http://bamb.konto.pl/ buy ambien]
+
[http://alpra.konto.pl/ alprazolam]
+
[http://badi.konto.pl/ buy adipex]
+
[http://xana.konto.pl/ xanax]
+
[http://xen.konto.pl/ xenical]
+
[http://cial.konto.pl/ cialis]
+
[http://val.konto.pl/ valium]
+
[http://fior.konto.pl/ fioricet]
+
[http://tram.konto.pl/ tramadol]
+
[http://cari.konto.pl/ carisoprodol]
+
[http://hyd.konto.pl/ hydrocodone]
+
[http://pro.jak.pl/ propecia]
+
[http://diaz.jak.pl/ diazepam]
+
[http://zolo.jak.pl/ zoloft]
+
[http://lip.jak.pl/ lipitor]
+
[http://phen.jak.pl/ phentermine]
+
[http://amb.jak.pl/ ambien]
+
[http://adi.jak.pl/ adipex]
+
[http://xana.jak.pl/ xanax]
+
[http://xen.jak.pl/ xenical]
+
[http://www.20six.nl/bamb/ buy ambien]
+
[http://www.20six.nl/badi/ buy adipex]
+
[http://www.20six.nl/bxan/ buy xanax]
+
[http://www.20six.nl/bphen/ buy phentermine]
+
[http://www.20six.nl/bvia/ buy viagra]
+
[http://www.20six.nl/bxen/ buy xenical]
+
[http://cial.jak.pl/ cialis]
+
[http://fior.jak.pl/ fioricet]
+
[http://bamb.vstore.ca/ buy ambien]
+
[http://bvia.vstore.ca/ buy viagra]
+
[http://bphen.vstore.ca/ buy phentermine]
+
[http://badip.vstore.ca/ buy adipex]
+
[http://bxan.vstore.ca/ buy xanax]
+
[http://bxen.vstore.ca/ buy xenical]
+
[http://bcia.vstore.ca/ buy cialis]
+
[http://bval.vstore.ca/ buy valium]
+
[http://bfio.vstore.ca/ buy fioricet]
+
[http://btra.vstore.ca/ buy tramadol]
+
[http://bsom.vstore.ca/ buy soma]
+
[http://bhyd.vstore.ca/ buy hydrocodone]
+
[http://vico.vstore.ca/ vicodin]
+
[http://ultr.vstore.ca/ ultram]
+
[http://meri.vstore.ca/ meridia]
+
[http://alp.vstore.ca/ alprazolam]
+
[http://lev.vstore.ca/ levitra]
+
[http://did.vstore.ca/ didrex]
+
[http://prop.vstore.ca/ propecia]
+
[http://prop.konto.pl/ propecia]
+
[http://ring.konto.pl/free-ringtones.html free ringtones]
+
[http://ring.konto.pl/download-free-ringtones.html download free ringtones]
+
[http://ring.konto.pl/free-nokia-ringtones.html free nokia ringtones]
+
[http://ring.konto.pl/free-sprint-ringtones.html free sprint ringtones]
+
[http://ring.konto.pl/free-nextel-ringtones.html free nextel ringtones]
+
[http://ring.konto.pl/free-verizon-ringtones.html free verizon ringtones]
+
[http://ring.konto.pl/free-cingular-ringtones.html free cingular ringtones]
+
[http://ring.konto.pl/free-motorola-ringtones.html free motorola ringtones]
+
[http://ring.konto.pl/free-t-mobile-ringtones.html free t mobile ringtones]
+
[http://ring.konto.pl/free-cell-phone-ringtones.html free cell phone ringtones]
+
[http://ring.konto.pl/free-polyphonic-ringtones.html free polyphonic ringtones]
+
[http://ring.konto.pl/free-kyocera-ringtones.html free kyocera ringtones]
+
[http://ring.konto.pl/free-samsung-ringtones.html free samsung ringtones]
+
[http://ring.konto.pl/free-virgin-mobile-ringtones.html free virgin mobile ringtones]
+
[http://ring.konto.pl/ free ringtones]
+
[http://diaz.vstore.ca/ diazepam]
+
[http://bcar.vstore.ca/ carisoprodol]
+
[http://www.20six.nl/cia/ cialis]
+
[http://www.20six.nl/val/ valium]
+
[http://www.20six.nl/fior/ fioricet]
+
[http://www.20six.nl/tra/ tramadol]
+
[http://www.20six.nl/car/ carisoprodol]
+
[http://www.20six.nl/bsom/ buy soma]
+
[http://www.20six.nl/hyd1/ hydrocodone]
+
[http://www.20six.nl/ultra/ ultram]
+
[http://www.20six.nl/vic/ vicodin]
+
[http://www.20six.nl/meri/ meridia]
+
[http://www.20six.nl/alp/ alprazolam]
+
[http://www.20six.nl/lev/ levitra]
+
[http://www.20six.nl/did/ didrex]
+
[http://www.20six.nl/diaz/ diazepam]
+
[http://www.20six.nl/prop/ propecia]
+
[http://www.20six.nl/zolo/ zoloft]
+
[http://www.20six.nl/lipi/ lipitor]
+
[http://tra.jak.pl/ tramadol]
+
[http://car.jak.pl/ carisoprodol]
+
[http://hydro.jak.pl/ hydrocodone]
+
[http://ultra.jak.pl/ ultram]
+
[http://vic.jak.pl/ vicodin]
+
[http://meri.jak.pl/ meridia]
+
[http://via.jak.pl/ viagra]
+
[http://www.toolia2.de/user/buy-viagra/buy-viagra1.htm buy viagra]
+
[http://www.toolia2.de/user/buy-phentermine/buy-phentermine1.htm buy phentermine]
+
[http://www.toolia2.de/user/buy-ambien/buy-ambien1.htm buy ambien]
+
[http://www.toolia2.de/user/buy-adipex/buy-adipex1.htm buy adipex]
+
[http://www.toolia2.de/user/buy-xenical/buy-xenical1.htm buy xenical]
+
[http://www.toolia2.de/user/buy-xanax/buy-xanax1.htm buy xanax]
+
[http://www.toolia2.de/user/buy-cialis/buy-cialis1.htm buy cialis]
+
[http://www.toolia2.de/user/buy-valium/buy-valium1.htm buy valium]
+
[http://www.toolia2.de/user/buy-fioricet/buy-fioricet1.htm buy fioricet]
+
[http://www.toolia2.de/user/buy-tramadol/buy-tramadol1.htm buy tramadol]
+
[http://www.toolia2.de/user/buy-carisoprodol/buy-carisoprodol1.htm buy carisoprodol]
+
[http://www.toolia2.de/user/buy-soma/buy-soma1.htm buy soma]
+
[http://www.toolia2.de/user/buy-hydrocodone/buy-hydrocodone1.htm buy hydrocodone]
+
[http://www.toolia2.de/user/ultram/ultram1.htm ultram]
+
[http://www.toolia2.de/user/vicodin/vicodin1.htm vicodin]
+
[http://www.toolia2.de/user/meridia/meridia1.htm meridia]
+
[http://www.toolia2.de/user/alprazolam/alprazolam1.htm alprazolam]
+
[http://www.toolia2.de/user/levitra/levitra1.htm levitra]
+
[http://www.toolia2.de/user/didrex/didrex1.htm didrex]
+
[http://www.toolia2.de/user/diazepam/diazepam1.htm diazepam]
+
[http://www.toolia2.de/user/propecia/propecia1.htm propecia]
+
[http://www.toolia2.de/user/zoloft/zoloft1.htm zoloft]
+
[http://www.toolia2.de/user/lipitor/lipitor1.htm lipitor]
+
[http://www.toolia2.de/user/phentermine/phentermine1.htm phentermine]
+
[http://www.toolia2.de/user/ambien/ambien1.htm ambien]
+
[http://www.toolia2.de/user/xanax/xanax1.htm xanax]
+
[http://www.20six.nl/phen/ phentermine]
+
[http://www.20six.nl/via/ viagra]
+
[http://www.20six.nl/amb/ ambien]
+
[http://www.20six.nl/adi/ adipex]
+
[http://www.20six.nl/xana/ xanax]
+
[http://www.20six.nl/xen/ xenical]
+
[http://www.20six.nl/bcia/ buy cialis]
+
[http://www.20six.nl/bval/ buy valium]
+
[http://www.20six.nl/bfio/ buy fioricet]
+
[http://www.20six.nl/btra/ buy tramadol]
+
[http://www.20six.nl/bca/ buy carisoprodol]
+
[http://www.20six.nl/bhy/ buy hydrocodone]
+
[http://cial.blog.hr/ cialis]
+
[http://vali1.blog.hr/ valium]
+
[http://fior.blog.hr/ fioricet]
+
[http://trama.blog.hr/ tramadol]
+
[http://cari.blog.hr/ carisoprodol]
+
[http://bsom.blog.hr/ buy soma]
+
[http://hyd.blog.hr/ hydrocodone]
+
[http://ultr.blog.hr/ ultram]
+
[http://vico.blog.hr/ vicodin]
+
[http://mer.blog.hr/ meridia]
+
[http://alp.blog.hr/ alprazolam]
+
[http://lev.blog.hr/ levitra]
+
[http://didr.blog.hr/ didrex]
+
[http://diaz.blog.hr/ diazepam]
+
[http://prop1.blog.hr/ propecia]
+
[http://zol.blog.hr/ zoloft]
+
[http://via.vstore.ca/ viagra]
+
[http://fen.vstore.ca/ phentermine]
+
[http://amb.vstore.ca/ ambien]
+
[http://adi.vstore.ca/ adipex]
+
[http://xana.vstore.ca/ xanax]
+
[http://xen.vstore.ca/ xenical]
+
[http://cia.vstore.ca/ cialis]
+
[http://val1.vstore.ca/ valium]
+
[http://fio.vstore.ca/ fioricet]
+
[http://tra.vstore.ca/ tramadol]
+
[http://caris.vstore.ca/ carisoprodol]
+
[http://hydr.vstore.ca/ hydrocodone]
+
[http://bxana.mywebhome.ca/ buy xanax]
+
[http://bxeni.mywebhome.ca/ buy xenical]
+
[http://bambi.weblodge.net/ buy ambien]
+
[http://badi.weblodge.net/ buy adipex]
+
[http://www.toolia2.de/user/xenical/xenical1.htm xenical]
+
[http://www.toolia2.de/user/cialis/cialis1.htm cialis]
+
[http://www.toolia2.de/user/valium/valium1.htm valium]
+
[http://www.toolia2.de/user/fioricet/fioricet1.htm fioricet]
+
[http://www.toolia2.de/user/tramadol/tramadol1.htm tramadol]
+
[http://www.toolia2.de/user/carisoprodol/carisoprodol1.htm carisoprodol]
+
[http://www.toolia2.de/user/hydrocodone/hydrocodone1.htm hydrocodone]
+
[http://www.toolia2.de/user/buy-propecia/buy-propecia1.htm buy propecia]
+
[http://www.toolia2.de/user/free-ringtones/free-ringtones1.htm free ringtones]
+
[http://www.toolia2.de/user/nextel-ringtones/nextel-ringtones1.htm nextel ringtones]
+
[http://www.toolia2.de/user/viagra/viagra1.htm viagra]
+
[http://www.multiweb.cz/via/ viagra]
+
[http://www.multiweb.cz/bphe/ buy phentermine]
+
[http://www.multiweb.cz/amb/ ambien]
+
[http://www.multiweb.cz/adip/ adipex]
+
[http://www.multiweb.cz/xan/ xanax]
+
[http://www.multiweb.cz/xeni/ xenical]
+
[http://www.multiweb.cz/cia/ cialis]
+
[http://www.multiweb.cz/val1/ valium]
+
[http://www.multiweb.cz/fior/ fioricet]
+
[http://www.multiweb.cz/tra/ tramadol]
+
[http://www.multiweb.cz/cari/ carisoprodol]
+
[http://www.multiweb.cz/bso/ buy soma]
+
[http://www.multiweb.cz/hyd/ hydrocodone]
+
[http://www.multiweb.cz/ult/ ultram]
+
[http://www.multiweb.cz/lev1/ levitra]
+
[http://www.multiweb.cz/did/ didrex]
+
[http://www.multiweb.cz/meri/ meridia]
+
[http://www.multiweb.cz/alp/ alprazolam]
+
[http://www.multiweb.cz/vico/ vicodin]
+
[http://www.multiweb.cz/dia/ diazepam]
+
[http://www.multiweb.cz/zol/ zoloft]
+
[http://www.multiweb.cz/lip/ lipitor]
+
[http://www.multiweb.cz/bvia/ buy viagra]
+
[http://www.multiweb.cz/bamb/ buy ambien]
+
[http://www.multiweb.cz/badi/ buy adipex]
+
[http://www.multiweb.cz/bxa/ buy xanax]
+
[http://www.multiweb.cz/bxe/ buy xenical]
+
[http://www.multiweb.cz/bci/ buy cialis]
+
[http://www.multiweb.cz/bval/ buy valium]
+
[http://www.multiweb.cz/bfio/ buy fioricet]
+
[http://www.multiweb.cz/btra/ buy tramadol]
+
[http://www.multiweb.cz/bcar/ buy carisoprodol]
+
[http://www.multiweb.cz/bhyd/ buy hydrocodone]
+
[http://tady.cz/bam1/ buy ambien]
+
[http://tady.cz/bad1/ buy adipex]
+
</div>
+

Latest revision as of 12:44, 2 December 2009

Tree design

The DNS LDAP tree should be designed carefully to prevent mistakes, which are hard to correct afterwards. The best solution is to create a subtree for all host entries which will contain the DNS records. You can do this the simple way or in a tree style.

DN of a simple style example record (e.g. myhost.linuxnetworks.de): 

dn: dc=myhost,dc=linuxnetworks,ou=hosts,...

DN of a tree style example record (e.g. myhost.test.linuxnetworks.de): 

dn: dc=myhost,dc=test,dc=linuxnetworks,dc=de,ou=hosts,...

Basic objects

Each domain (or zone for BIND users) must include one object containing a SOA (Start Of Authority) record. This object can also contain the attribute for a MX (Mail eXchange) and a NS (Name Server) record. These attributes allow one or more values, e.g. for a backup mail or name server: 

dn: dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dcobject
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: linuxnetworks
soarecord: ns.linuxnetworks.de me@linuxnetworks.de 1 1800 3600 86400 7200
nsrecord: ns.linuxnetworks.de
mxrecord: 10 mail.linuxnetworks.de
mxrecord: 20 mail2.linuxnetworks.de
associateddomain: linuxnetworks.de

A simple mapping between name and IP address can be specified by an object containing an arecord and an associateddomain. You don't have to bother about a reverse mapping (ip address to name) if you don't want to, because this can be done automagically by the LDAP DNS backend if you set ldap-method=strict in pdns.conf. 

dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server
arecord: 10.1.0.1
arecord: 192.168.0.1
associateddomain: server.linuxnetworks.de

Be aware of the fact that these examples work if ldap-method is simple or strict. For tree mode you have to modify all DNs according to the algorithm described in the section above.

Wildcards

Wild-card domains are possible by using the asterisk in the associatedDomain value like it is used in the bind zone files. The "dc" attribute can be set to any value in simple or strict mode - this doesn't matter. 

dn: dc=any,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: any
arecord: 192.168.0.1
associateddomain: *.linuxnetworks.de

In tree mode wild-card entries has to look like this instead: 

dn: dc=*,dc=linuxnetworks,dc=de,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: *
arecord: 192.168.0.1
associateddomain: *.linuxnetworks.de

Aliases

Aliases for an existing DNS object have to be defined in a separate LDAP object. You can create one object per alias (this is a must in tree mode) or add all aliases (as values of associateddomain) to one object. The only thing which is not allowed is to create loops by using the same name in associateddomain and in cnamerecord 

dn: dc=server-aliases,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server-aliases
cnamerecord: server.linuxnetworks.de
associateddomain: proxy.linuxnetworks.de
associateddomain: mail2.linuxnetworks.de
associateddomain: ns.linuxnetworks.de

Aliases are optional. You can also add all alias domains to the associateddomain attribute. The only difference is that these additional domains aren't recognized as aliases anymore, but instead as a normal arecord: 

dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server
arecord: 10.1.0.1
associateddomain: server.linuxnetworks.de
associateddomain: proxy.linuxnetworks.de
associateddomain: mail2.linuxnetworks.de
associateddomain: ns.linuxnetworks.de

Reverse lookups

Currently you have two options: Either reverse lookups handled by the code automagically or you have to add PTR records to your LDAP directory. If you want to derive PTR records from A records, you have set "ldap-method" to "strict". Otherwise add objects like below to your directory: 

dn: dc=1.10.in-addr.arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1.10.in-addr.arpa
soarecord: ns.linuxnetworks.de me@linuxnetworks.de 1 1800 3600 86400 7200
nsrecord: ns.linuxnetworks.de
associateddomain: 1.10.in-addr.arpa 

dn: dc=1.0,dc=1.10.in-addr.arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1.0
ptrrecord: server.linuxnetworks.de
associateddomain: 1.0.1.10.in-addr.arpa

Tree mode requires each component to be a dc element of its own: 

dn: dc=1,dc=0,dc=1,dc=10,dc=in-addr,dc=arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1
ptrrecord: server.linuxnetworks.de
associateddomain: 1.0.1.10.in-addr.arpa

To use this kind of record, you also have to add the dnsdomain2 schema to the configuration of your LDAP server.


CAUTION:

You can't use "ldap-method=strict" if you need zone transfers (AXFR) to other name servers. Distributing zones can only be done directly via LDAP replication in this case, because for a full zone transfer the reverse records are missing

Retrieved from "https://linuxnetworks.de/doc/index.php?title=PowerDNS_LDAP_Backend/Example&oldid=3734"