1. Docs
  2. LDAP schema and DIT structure

LDAP schema and DIT structure

Quick start

Commented walk-through

Unlike traditional bind-sdb LDAP plugin, bind-dyndb-ldap requires data in DIT to be organized in three-level hierarchy:

cn=dns
├── idnsname=zone.tld.
│   ├── idnsname=name1
│   ├── idnsname=name2
│   └── idnsname=*
└── idnsname=fwd.zone.tld.

cn=dns

  • Root of DNS sub-tree in this example.
  • idnsConfig object class
  • Contains global configuration for DNS server.
  • Does not contain any DNS data (not even for DNS root zone .).
  • Name cn=dns is not mandatory as base-DN can be freely configured in named.conf.

idnsname=zone.tld., cn=dns, dc=test

  • master DNS zone zone.tld.
  • idnsZone + idnsRecord object class
  • Contains all DNS records associated with name "zone.tld. + configuration attributes specific for particular zone (e.g. zone transfer ACL as idnsAllowTransfer attribute)
  • This is container for DNS nodes inside this zone (e.g. name1.zone.tld.)

idnsname=fwd.zone.tld., cn=dns, dc=test

  • forward DNS zone fwd.zone.tld.
  • idnsForwardZone object class
  • Contains all configuration attributes specific for particular zone
    • E.g. forwarder’s IP address is represented as idnsForwarders attribute
  • This object should not contain any DNS nodes, it just instructs DNS server to forward all queries to specified forwarder.

idnsname=name1, idnsname=zone.tld., cn=dns

  • DNS name (node) name1.zone.tld.
  • idnsRecord object class
  • All records for node name1.zone.tld. are represented as attributes in this object
    • E.g. A record is represented as aRecord attribute

idnsname=*, idnsname=zone.tld., cn=dns

  • Wildcard DNS name (node) *.zone.tld.
  • idnsRecord object class
  • All records for node *.zone.tld. are represented as attributes in this object
    • E.g. A record is represented as aRecord attribute
  • Usual DNS rules for DNS wildcard records apply.

History

bind-dyndb-ldap‘s schema combines several other schemas together:

  • Most of attribute definitions for DNS RR types is based on Uninett schema
  • Basic record types (A, CNAME etc.) are defined in the COSINE schema. Please note that COSINE schema defines e.g. CNAME records as multi-valued even if they should be in fact single-valued.
  • FreeIPA project invented idns* object classes and attributes which glue everything together.
© Copyright 2017, bind-dyndb-ldap contributors. Created using Sphinx.