bind-dyndb-ldap

This is a new LDAP driver for BIND9.

It allows you to read data and also write data back (DNS Updates) to an LDAP backend.

The new version v11 is compatible with BIND 9.11 and newer. It uses the new API accepted in upstream BIND. Driver versions <= 10 used unofficial “dynamic database” API so you would need patches for official BIND9.

Documentation and support

Lastest documentation is available inside README in Git.

More detailed information is in wiki articles:

• Version numbering and release notes - What features do I have?
• How PTR record synchronization works (aka sync_ptr feature)
• What to do when named with bind-dyndb-ldap cannot start
• LDAP schema we use
• Migration from zone files to LDAP - How to import existing zone (master) files to LDAP

This plugin is used extensively by FreeIPA project. Best place to post your questions is freeipa-users mailing list. You can also look into mailing list archive.

Did you encounter a bug? Please follow bug reporting guideline. Thank you!

Source code

The latest release is available at https://releases.pagure.org/bind-dyndb-ldap/

Web interface to git repository is available at https://pagure.io/bind-dyndb-ldap/

Development

Notes about Fedora package release process

Design documents

(please read General considerations)

• High-level design overview
• Locking overview
• LDAP synchronization overview
• Transition to BIND’s native Red-Black Tree Database
• DNSSEC in-line signing support
• Generic support for unknown DNS RR types (RFC 3597)
• Meta-database for auxiliary data like LDAP UUID<->DNS name mapping
• Per-instance configuration in LDAP
• Per-instance record generation

Debugging

• Examining core dumps
• Debugging DNS forwarding
• BIND 9 bugs developers should know about

Notes about BIND internals

• BIND developer docs from ISC
• /doc directory in BIND 9 source tree
• In-line signing

Design goals and core decisions

• bind-dyndb-ldap was developed for needs of FreeIPA project (but it can be used independently, e.g. with OpenLDAP)
• FreeIPA defines most of bind-dyndb-ldap‘s high-level goals
• Today, some functionality and code overlaps with existing software. The open question is if we should do something about it, and what happens if we do not do anything. For further details see article about Maintainability.
  • Some ideas about alternative approaches are on page SecondGeneration/Ideas.