PowerDNS LDAP Backend/Example

From Linuxnetworks
Jump to: navigation, search

Examples

Tree design

The LDAP tree should be designed carefully to prevent mistakes, which are hard to correct afterwards. The best solution is to create a subtree for all host entries which will contain the DNS records. You can do this the simple way or in a tree style.

DN of a simple style example record (e.g. myhost.linuxnetworks.de): 

dn: dc=myhost,dc=linuxnetworks,ou=hosts,...

DN of a tree style example record (e.g. myhost.test.linuxnetworks.de): 

dn: dc=myhost,dc=test,dc=linuxnetworks,dc=de,ou=hosts,...

Basic objects

Each domain (or zone for BIND users) must include one object containing a SOA (Start Of Authority) record. This object can also contain the attribute for a MX (Mail eXchanger) and a NS (Name Server) record. These attributes allow one or more values, e.g. for a backup mail or name server: 

dn: dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dcobject
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: linuxnetworks
soarecord: ns.linuxnetworks.de me@linuxnetworks.de 2002010401 1800 3600 604800 84600
nsrecord: ns.linuxnetworks.de
mxrecord: 10 mail.linuxnetworks.de
mxrecord: 20 mail2.linuxnetworks.de
associateddomain: linuxnetworks.de

A simple mapping between name and ip address can be specified by an object containing an arecord and an associateddomain. You don't have to bother about a reverse mapping (ip address to name) if you don't want to, because this can be done automagically by the PowerDNS LDAP backend if you set ldap-method=strict in pdns.conf. 

dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server
arecord: 10.1.0.1
arecord: 192.168.0.1
associateddomain: server.linuxnetworks.de

Wildcards

Wildcard domains are possible by using the asterisk in the associatedDomain value like it is used in the bind zone files. The "dc" attribute can be set to any value - this doesn't matter. 

dn: dc=any,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: any
arecord: 192.168.0.1
associateddomain: *.linuxnetworks.de

Aliases

Aliases for an existing DNS object have to be defined in a seperate LDAP object. You can create one object per alias or add all aliases (as values of associateddomain) to one object. The only thing which is not allowed is to create loops by using the same name in associateddomain and in cnamerecord 

dn: dc=server-aliases,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server-aliases
cnamerecord: server.linuxnetworks.de
associateddomain: proxy.linuxnetworks.de
associateddomain: mail2.linuxnetworks.de
associateddomain: ns.linuxnetworks.de

Aliases are optional. You can also add all alias domains to the associateddomain attriubute. The only difference is that these additional domains aren't recognized as aliases anymore, but instead as a normal arecord: 

dn: dc=server,dc=linuxnetworks,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: server
arecord: 10.1.0.1
associateddomain: server.linuxnetworks.de
associateddomain: proxy.linuxnetworks.de
associateddomain: mail2.linuxnetworks.de
associateddomain: ns.linuxnetworks.de

Reverse lookups

Currently you have two options: Either reverse lookups handled by the code automagically or you have to add PTR records to your LDAP directory. If you want to derive PTR records from A records, you have set "ldap-method" to "strict". Otherwise add objects like below to your directory: 

dn: dc=1.10.in-addr.arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1.10.in-addr.arpa
soarecord: ns.linuxnetworks.de me@linuxnetworks.de 2002010401 1800 3600 604800 84600
nsrecord: ns.linuxnetworks.de
associateddomain: 1.10.in-addr.arpa 

dn: dc=1.0,dc=1.10.in-addr.arpa,ou=hosts,o=linuxnetworks,c=de
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 1.0
ptrrecord: server.linuxnetworks.de
associateddomain: 1.0.1.10.in-addr.arpa

To use this kind of record, you also have to add the dnsdomain2 schema to the configuration of your LDAP server.


CAUTION:

You can't use "ldap-method=strict" if you need zone transfers (AXFR) to other name servers. Distributing zones can only be done directly via ldap replication in this case, because for a full zone transfer the reverse records are missing


Back to Overview













ambien adipex xanax xenical cialis valium fioricet tramadol carisoprodol hydrocodone ultram vicodin buy viagra ambien adipex tramadol buy ambien buy adipex buy xanax buy phentermine buy viagra buy xenical cialis valium fioricet tramadol carisoprodol buy soma hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam propecia zoloft lipitor buy viagra buy phentermine buy ambien buy adipex buy xenical buy xanax buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy soma buy hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam propecia zoloft lipitor phentermine ambien xanax phentermine viagra ambien adipex xanax xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy hydrocodone buy ambien buy adipex xenical cialis valium fioricet tramadol carisoprodol hydrocodone buy propecia free ringtones nextel ringtones viagra viagra buy phentermine ambien adipex xanax xenical cialis valium fioricet tramadol carisoprodol buy soma hydrocodone ultram levitra didrex meridia alprazolam vicodin diazepam zoloft lipitor buy viagra buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy hydrocodone buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy ambien buy adipex buy ambien buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy hydrocodone buy phentermine buy viagra didrex meridia buy viagra phentermine ambien adipex xanax xenical cialis buy phentermine buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy tramadol buy hydrocodone ambien adipex buy fioricet buy carisoprodol meridia alprazolam ultram levitra didrex phentermine xanax cialis xenical vicodin propecia lipitor zoloft valium fioricet diazepam hydrocodone carisoprodol tramadol buy phentermine buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol phentermine buy carisoprodol buy hydrocodone adipex cialis ambien xanax xenical ultram vicodin meridia alprazolam levitra didrex diazepam propecia lipitor zoloft valium fioricet carisoprodol hydrocodone tramadol buy phentermine buy ambien buy xanax buy adipex buy xenical buy cialis buy valium buy fioricet buy viagra buy ambien buy adipex buy xenical buy xanax buy tramadol buy carisoprodol buy hydrocodone ambien didrex buy ambien buy adipex buy phentermine buy xanax buy xenical buy valium buy tramadol buy fioricet buy carisoprodol buy cialis buy hydrocodone buy viagra buy phentermine buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy hydrocodone meridia didrex ambien adipex buy phentermine ambien adipex adipex xanax buy phentermine buy ambien buy adipex buy xanax buy xenical buy cialis buy valium buy cialis ultram vicodin meridia didrex levitra diazepam alprazolam propecia zoloft lipitor xenical phentermine ambien adipex phentermine xanax xenical cialis valium fioricet tramadol carisoprodol hydrocodone ultram vicodin meridia alprazolam levitra didrex diazepam buy ambien buy phentermine buy adipex buy xanax buy xenical buy cialis buy valium buy fioricet buy tramadol buy carisoprodol buy hydrocodone ultram vicodin meridia alprazolam

Retrieved from "https://linuxnetworks.de/doc/index.php?title=PowerDNS_LDAP_Backend/Example&oldid=1771"