Using bind in cooperation with LDAP

Mosemann, Russell Russell.Mosemann at cune.edu
Thu Mar 29 19:16:17 UTC 2007 

> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of mjn
> Sent: Thursday, March 29, 2007 12:34 PM
> To: bind-users at isc.org
> Subject: Using bind in cooperation with LDAP
> 
> I am wondering if there is an API or hook of any kind (other method?)
> that one might employ to get DNS information from LDAP.
> 
> I've looked at packages like bind-DLZ and bind-sdb that allow one to
> store DNS in ldap but I don't think that's quite what I am after; I
> don't want to put large amounts of the DNS info into LDAP.
> 
> Our environment right now has a modified (modified by someone other
> than me) version of bind 8 that allows us to send queries to a
> special zone off to x500 and returns one value from the directory
> that is basically the A-record to the CNAME that was asked for. Each
> user on the directory has their own alias for their mailhost so that
> when it is necessary to move user from host1 to host2, they do no
> have to change their configuration. For example:
> 
> 1. Our x500 zone is "special.umn.edu"
> 2. Because it is *.special.umn.edu, when a request comes through for
> smit1234.special.umn.edu Bind8 it is directed at x500 via a directive
> in named.conf
> 3. A search is performed for the username 'smit1234' which returns
> the value from the 'umnEmailHost' attribute for that username--which
> is something like 'mailhost1.tc.umn.edu' and the user is sent along
> to the proper host.
> 
> We are in the process of upgrading our system to Bind9 and the small
> number of systems that handle the above transactions are the only
> holdouts. Is there a simple way to produce the same behavior with
bind9?
> 
> Does the list have advice on doing something similar with bind9 or
> comments on what might be the best replacement set up? Seems to me we
> could accomplish the same thing using bind-sdb or similar but it
> would involve some more information in the directory...
> 
> Thanks!
> --
> _______________________________________________
> Mike Neuharth, BA, LPIC-1
> Email/UNIX System Administrator
> Internet Services, University of Minnesota
> ===============================================
> "What is important, it seems to me, is not so much to defend a culture
> whose existence has never kept a man from going hungry, as to extract,
> from what is called culture, ideas whose compelling force is identical
> with that of hunger."  -Antonin Artaud
> 
> 

Since it appears that the x500 zone is separate from all other zones,
then bind-sdb seems like a great way to go. The problem is that it
relies on a specific schema (dNSZone). If you have a little C knowledge,
it shouldn't be a lot of effort to modify ldapdb.c to use the field
names you want.

--
Russell Mosemann, Ph.D.
Associate Professor of Computer Science

More information about the bind-users mailing list