PowerDNS LDAP Backend/Example

From Linuxnetworks
Jump to: navigation, search

Examples

Tree design

The LDAP tree should be designed carefully to prevent mistakes, which are hard to correct afterwards. The best solution is to create a subtree for all host entries which will contain the DNS records. You can do this the simple way or in a tree style.

DN of a simple style example record (e.g. myhost.linuxnetworks.de):

dn: dc=myhost,dc=linuxnetworks,ou=hosts,...

DN of a tree style example record (e.g. myhost.test.linuxnetworks.de):

dn: dc=myhost,dc=test,dc=linuxnetworks,dc=de,ou=hosts,...

Basic objects

Each domain (or zone for BIND users) must include one object containing a SOA (Start Of Authority) record. This object can also contain the attribute for a MX (Mail eXchanger) and a NS (Name Server) record. These attributes allow one or more values, e.g. for a backup mail or name server:

dn: dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dcobject
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: linuxnetworks
soarecord: ns.linuxnetworks.de me@linuxnetworks.de 2002010401 1800 3600 604800 84600
nsrecord: ns.linuxnetworks.de
mxrecord: 10 mail.linuxnetworks.de
mxrecord: 20 mail2.linuxnetworks.de
associateddomain: linuxnetworks.de 

A simple mapping between name and ip address can be specified by an object containing an arecord and an associateddomain. You don't have to bother about a reverse mapping (ip address to name) if you don't want to, because this can be done automagically by the PowerDNS LDAP backend if you set ldap-method=strict in pdns.conf.

dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server
arecord: 10.1.0.1
arecord: 192.168.0.1
associateddomain: server.linuxnetworks.de 

Aliases

Aliases for an existing DNS object have to be defined in a seperate LDAP object. You can create one object per alias or add all aliases (as values of associateddomain) to one object. The only thing which is not allowed is to create loops by using the same name in associateddomain and in cnamerecord

dn: dc=server-aliases,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server-aliases
cnamerecord: server.linuxnetworks.de
associateddomain: proxy.linuxnetworks.de
associateddomain: mail2.linuxnetworks.de
associateddomain: ns.linuxnetworks.de 

Aliases are optional. You can also add all alias domains to the associateddomain attriubute. The only difference is that these additional domains aren't recognized as aliases anymore, but instead as a normal arecord:

dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server
arecord: 10.1.0.1
associateddomain: server.linuxnetworks.de
associateddomain: proxy.linuxnetworks.de
associateddomain: mail2.linuxnetworks.de
associateddomain: ns.linuxnetworks.de 

Reverse lookups

Currently you have two options: Either reverse lookups handled by the code automagically or you have to add PTR records to your LDAP directory. If you want to derive PTR records from A records, you have set "ldap-method" to "strict". Otherwise add objects like below to your directory:

dn: dc=1.10.in-addr.arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1.10.in-addr.arpa
soarecord: ns.linuxnetworks.de me@linuxnetworks.de 2002010401 1800 3600 604800 84600
nsrecord: ns.linuxnetworks.de
associateddomain: 1.10.in-addr.arpa 
dn: dc=1.0,dc=1.10.in-addr.arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1.0
ptrrecord: server.linuxnetworks.de
associateddomain: 1.0.1.10.in-addr.arpa 

To use this kind of record, you also have to add the dnsdomain2 schema to the configuration of your LDAP server.


CAUTION:

You can't use "ldap-method=strict" if you need zone transfers (AXFR) to other name servers. Distributing zones can only be done directly via ldap replication in this case, because for a full zone transfer the reverse records are missing



Back to Overview

buy ultram buy vicodin buy carisoprodol buy xenical buy fioricet buy ambien buy cialis buy soma buy viagra buy phentermine buy adipex buy xanax buy tramadol buy hydrocodone buy meridia buy alprazolam buy soma adipex nextel ringtones xanax viagra phentermine ambien adipex xanax ambien adipex xanax xenical cialis xenical cialis valium fioricet tramadol carisoprodol hydrocodone ultram vicodin xenical adipex ambien xanax phentermine adipex ambien phentermine xenical buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol cialis valium fioricet tramadol carisoprodol buy soma hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam propecia zoloft lipitor buy viagra ambien adipex tramadol buy viagra buy phentermine buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy viagra buy phentermine buy ambien buy adipex buy xanax buy xenical buy valium buy cialis buy fioricet buy tramadol buy soma buy carisoprodol hydrocodone ultram vicodin meridia alprazolam levitra didrex buy viagra buy carisoprodol buy soma buy hydrocodone ultram vicodin meridia buy phentermine buy ambien alprazolam buy adipex xanax xenical cialis valium fioricet tramadol carisoprodol hydrocodone propecia diazepam zoloft lipitor phentermine ambien adipex xanax xenical buy ambien buy adipex buy xanax buy phentermine buy viagra buy xenical cialis fioricet buy ambien buy viagra buy phentermine buy adipex buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol buy soma buy hydrocodone vicodin ultram meridia alprazolam levitra didrex propecia propecia free ringtones download free ringtones free nokia ringtones free sprint ringtones free nextel ringtones free verizon ringtones free cingular ringtones free motorola ringtones free t mobile ringtones free cell phone ringtones free polyphonic ringtones free kyocera ringtones free samsung ringtones free virgin mobile ringtones free ringtones diazepam carisoprodol cialis valium fioricet tramadol carisoprodol buy soma hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam propecia zoloft lipitor tramadol carisoprodol hydrocodone ultram vicodin meridia viagra buy viagra buy phentermine buy ambien buy adipex buy xenical buy xanax buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy soma buy hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam propecia zoloft lipitor phentermine ambien xanax phentermine viagra ambien adipex xanax xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy hydrocodone cialis valium fioricet tramadol carisoprodol buy soma hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam propecia zoloft