1 2To configure LDAPDNS, you will need some kind of LDAP browser, or my 3administration scripts. See README.admin for details on those. This 4document describes the real deal :) 5 6ldapdns supports _THREE_ different schemas. If you're using Microsoft 7Active Directory, or BIND+LDAP, then this document will not help you. 8I'm afraid I haven't written much documentation on these things yet, but 9by poking around the FAQ, you may be able to get them working. 10 11ldapdns DOES SUPPORT AXFR: see INSTALL or README for details about it. 12 13ldapdns looks up DNS records in an LDAP directory. domains and zones are 14split onto a string of domainComponent (dc) objects, and use attributes 15to resource records on a dnsDomain object. 16 17ldapdns walks the tree up and down, first up to find SOA/NS records (it 18won't serve a request unless it has found an SOA/NS record somewhere in 19a domain's rootsor in the domain itself; e.g. www.nimh.org doesn't 20require an SOA/NS if nimh.org has one) 21 22the second pass is to find wildcards: 23 dc=www, dc=nimh, dc=org, [suffix] 24 dc=*, dc=nimh, dc=org, [suffix] 25 dc=*, dc=org, [suffix] 26 27note that ldapdns NEVER recursively resolves; it ONLY operates as a root 28server. this will likely never change. 29 30resource records (RR) are mapped to LDAP attributes: 31 SOA -- sOARecord 32 NS -- nSRecord 33 A -- aRecord 34 MX -- mXRecord 35 CNAME -- cNAMERecord 36 TXT -- description 37 PTR -- cNAMERecord or seeAlso 38 * -- photo 39 40all "domain names" in fields must be fully qualified: you may leave off 41the trailing dot. If you don't like this, search the FAQ for 42RELATIVE_NAMES 43 44aRecord 45 this can be in one of the following forms: 46 a.b.c.d 47 a.b.c.d%ID 48 A.B.C.D/CIDR=a.b.c.d 49 A.B.C.D/E.F.G.H=a.b.c.d 50 the last three forms are for implementing "split-horizon" DNS, and 51 can be useful if you want to serve a different address based on the 52 connecting client. 53 54 "split-horizon" has not yet been well documented. see the FAQ for 55 more details. 56 57sOARecord 58 this is 5 numbers seperated by whitespace. 59 serial refresh retry expire minimum 60 61 the defaults are: 62 nnn 3600 900 36000000 3600 63 64 where 'nnn' is the last-modified time of the DN. 65 66 this attribute has side-effects: If you start this with an asterisk, 67 this field will disable the entire zone. 68 69 note that under LDAPDNS you DO NOT NEED sOAReocrds! they can be 70 emulated- but note you WILL need nSRecords.... 71 72nSRecord 73 this is a domain name. 74 it can also be a single @ which allows you to use the domains 75 specified in the environment variables $NS and $NSx (NS1, NS2, etc) 76 77 this specifies where a zone is. 78 79 if you create an nSRecord without ANY OTHER RECORDS, LDAPDNS will 80 treat this as a referral, and refer caching DNS proxies to the real 81 server. (clearing the AD bit) 82 83mXRecord 84 this is a preference, followed by whitespace, followed by a name. 85 this works exactly like "real MX records" 86 87 LDAPDNS will attempt to resolve these names if they are local, 88 placing the results in the ADDITIONAL section. This is useful for 89 caches. 90 91cNAMERecord 92 this is a domain name. 93 94 in the in-addr.arpa. tree, these return PTR records _unless_ the 95 target is outside of the directory OR retargets the in-addr.arpa. 96 tree, in which case it returns CNAME records. 97 98 otherwise, it returns CNAME records. 99 100 LDAPDNS will attempt to resolve these names if they are local, 101 placing the results in the ADDITIONAL section. This is useful for 102 caches. 103 104description 105 this is a free-form text string. 106 a hack splits this on the pipe(|) character. this is useful for 107 returning multiple TXT names. 108 109photo 110 this is a "catch all" record. 111 112 it is always in binary. the exact format lends itself to being 113 compressed in DNS packets: 114 115 0x00-0xFE literal octet 116 0xFF 0xFF literal 0xFF octet 117 0xFF DNS-compressed name (will be recompressed 118 to safe space) follows 119 120 this helps save space and reduce the need for TCP connections. 121 122 this allows LDAPDNS to support _all_ RR's as efficiently as any 123 other nameserver -- better still than some. 124