dlz_dlopen driver for bind9

tridge at samba.org tridge at samba.org
Mon Dec 6 03:53:17 UTC 2010

Hi Michael,

I've written a "dlopen" dlz driver for bind9. This allows the creation
of external dlz drivers that can be loaded into bind9 like this:

   dlz "test zone" {
        database "dlopen /usr/lib/samba/bind9/dlz_bind9.so";
The external drivers can be written without having bind9 sources,
which means we will be able to include a Samba dlz driver in the
Samba4 distribution.

I've also written a Samba dlz driver designed to take advantage of the
above dlopen mechanism. In the testing I've done so far it works
nicely with a full AD DNS zone replicated from a w2k8r2 server using
DRS. You can see the source for the Samba4 dlz driver here:


The bind9 dlz_dlopen driver itself is enabled using the
--with-dlz-dopen configure switch.

The patches for the bind9 dlz_dlopen driver are in my bind9_patches


or you can see the patch via gitweb here:


The driver is basically a thin wrapper around the existing dlz
functionality. The main change from existing dlz is that the
dlz_create() function in the external implementation is passed a list
of named helper functions. Currently a logging function, plus
dns_sdlz_putrr and dns_sdlz_putnamedrr are passed. 

By passing the helper functions in this way the external module does
not need to link to bind9, which means other projects (such as Samba)
can develop and distribute bind9 dlz modules without having it tied to
a specific bind9 version, or requiring that bind9 sources be available
when builing the module.

To cope with possible API changes, a dlz_version() function has been
added. The dlz_dlopen driver checks that the version matches before
calling any other functions in the loaded driver.

The next step will be to see if I can add update support to dlz. I'm
not sure how tricky that will be, however even without updates the
above dlz_dlopen would be extremely useful for Samba, especially when
Samba is configured as a read-only domain controller.

Cheers, Tridge

More information about the bind-workers mailing list