ldap2dns/doc/README.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta name="generator" content=
    "HTML Tidy for Linux (vers 12 April 2005), see www.w3.org" />
    <title>
      ldap2dns
    </title>
  </head>
  <body>
    <div id="project">
      <script src="/toc.js" type="text/javascript">
</script>
      <h1 align="center">
        LDAP to DNS gateway
      </h1>
      <p style="font-size: 14px">
        <b>ldap2dns</b> is a program to read DNS (Domain Name
        Service) records from an LDAP directory and format them
        into flat files suitable for TinyDNS (or Bind).
      </p>
      <p>
        <b>ldap2dns</b> reduces all kind of administration
        overhead: No more flat file editing, no more zone file
        editing. After having installed <b>ldap2dns</b>, the
        administrator only has to modify the data stored in the
        LDAP directory.<br />
        <br />
        Optionally access control can be configured for each zone,
        GUIs can be more easily implemented, and add all other kind
        of zone and resource record information can be managed
        without interfering with the DNS server.<br />
        <br />
        <b>ldap2dns</b> is designed to write ASCII data files used
        by <a href=
        "http://cr.yp.to/djbdns/tinydns.html"><i>tinydns</i></a>
        from the <a href="http://cr.yp.to/"><i>djbdns</i></a>
        package, but also may be used to write zone db files used
        by <i>named</i> as found in the <i>BIND</i> package.
      </p>
      <p>
        <b>ldap2dns</b> is known to compile and run under Linux and
        Solaris using GCC or Sun Studio C Compiler.
      </p>
      <div id="toc"></div><script language="JavaScript" type=
      "text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Introduction', 'Introduction'));
// -->
//]]>
</script> <noscript>
      <h3>
        Introduction
      </h3></noscript> Often it is desirable to store DNS
      information in a database rather than in flat text files.
      This can greatly help to reduce administration overhead since
      associate information such as billing contact, account
      management, etc. can be stored and processed inside the same
      database. Also due to the nature of DNS, information must be
      stored redundantly on two or more hosts. The classical data
      replication through zone transfer is unreliable, insecure and
      difficult to administer.<br />
      <br />
      To solve this problem some proprietary attempts have been
      proposed to store DNS information in relational databases.
      The nature of DNS, however, is hierarchical and such should
      the database be. Using a relational database to store DNS
      information is undesirable, because it becomes difficult to
      store free form information. Within a hierachical data
      scheme, the administrator might define more than one
      IP-address for each canonical name. To implement such a
      feature in a relational database without breaking the
      normalization rules, one would have to add another
      table.<br />
      <br />
      One of the most widely spread hierarchical database protocols
      is LDAP. <b>ldap2dns</b> retrieves DNS information stored in
      an LDAP directory service and generates a file suitable for
      name-servers.<br />
      <br />
      The two most-widely-used domain name service daemons,
      <a href="http://www.isc.org/products/BIND/">named</a> and
      <a href="http://cr.yp.to/djbdns/tinydns.html">tinydns</a> are
      supported.<br />
      <br />
      <b>ldap2dns</b> specifically has been designed to work with
      tinydns and is the favored name server daemon for the author
      of this program. <b>ldap2dns</b> can also generate files
      suitable for <i>named</i> version 8 (and possibly version 9),
      but this feature is not well supported.<br />
      <br />
      There is a <a href=
      "http://www.alternic.org/drafts/drafts-m-n/draft-miller-dns-ldap-schema-00.txt">
      RFC</a> for a format description how to store DNS information
      in LDAP. This paper a draft RFC which expired in February
      1999, looks as if it has been specially designed to be used
      by <i>named</i>. This scheme does not have strict
      attribute-value-pair mapping, making it difficult to be used
      by user interfaces. It also lacks of an implementation (or I
      have never heard of any).<br />
      Since <i>tinydns</i> is going another descriptive way the
      original author implemented a similar object-scheme more
      suitable for <i>tinydns</i>.<br />
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Quickstart', 'Quickstart'));
// -->
//]]>
</script> <noscript>
      <h3>
        Installation
      </h3></noscript>
      <ul>
        <li>Install an LDAP server such as <a href=
        "www.openldap.org">openldap</a>. Other LDAP implementations
        may work but have not been tested. If you are building from
        source you will need to also install the development
        libraries and include files. On most package based systems
        these would be the -devel packages (example:
        openldap-devel).<br />
        </li>
        <li>Install <a href=
        "http://cr.yp.to/djbdns.html">djbdns</a> or BIND.
        Configuring the nameserver to automatically start and work
        in your environment is beyond the scope of this
        document.<br />
        </li>
        <li>Install <b>ldap2dns</b><br />
          From RPM:<br />
          <pre>
$ sudo rpm -Uhv ldap2dns.rpm
</pre>Replace "ldap2dns.rpm" with the file you have
downloaded.<br />
          Now that you have it installed, skip to <a href=
          "#Configuration">Usage</a> to continue.<br />
          <br />
          To build ldap2dns from source:<br />
          Unpack the package and build it:
          <pre>
$ gzcat ldap2dns.tar.gz | tar x
$ cd ldap2dns-version
$ make
$ sudo make install
</pre>
        </li>
      </ul><br />
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Configuration', 'Configuration'));
// -->
//]]>
</script> <noscript>
      <h3>
        Configuration
      </h3></noscript>
      <ul>
        <li>Copy the file <i>ldap2dns.schema</i> into the directory
        /etc/openldap/schema. Add the following line to Your
        slapd.conf file:<br />
          <pre>
include         /etc/openldap/schema/ldap2dns.schema
</pre>Now restart your LDAP server.<br />
        </li>
      </ul><i>Note: If you are running OpenLDAP 2.0 or earlier look
      for appropriate schema files for your version in the
      <b>deprecated/</b> subdirectory. These files are known to
      work as of ldap2dns 0.3.5 but are no longer supported for
      future feature updates.</i><br />
      <br />
      <ul>
        <li>Start to populate your LDAP server with DNS
        information. As a first test do
          <pre>
$ ldapadd -D "<i>binddn</i>" -w <i>password</i> &lt; example.ldif
</pre>Replace 'myorg' and 'binddn' with whatever is appropriate on
Your system. Start a search and see if something was added
          <pre>
$ ldapsearch -D "<i>binddn</i>" "objectclass=dnsrrset"
</pre>
        </li>
        <li>Test <b>ldap2dns</b>
          <pre>
$ ./ldap2dns -D "<i>binddn</i>" [ -b "<i>searchbase</i>" ] [ -w <i>passwd</i> ] -o data -o db -L
</pre>This should create a 'data' file, a 'corp.local.db' file and
should print the DNS content.<br />
          Note: The <i>data</i> file is text data which can be
          processed with <b>tinydns-data</b>. <i>corp.local.db</i>
          is the file as used by <b>named</b>. If You are using
          bind, You also have to adopt the file
          <i>/etc/named.conf</i> and You have to restart named.
        </li>
      </ul><br />
      <br />
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Schema', 'Schema Documentation'));
// -->
//]]>
</script> <noscript>
      <h3>
        Schema Documentation
      </h3></noscript> Two object-classes have been defined.
      <em>DNSzone</em> stores all the information to define a DNS
      zone, such as the SOA (Start Of Authority), serial numbers
      etc. <em>DNSrrset</em> is used to store the information for a
      single resource record, such as the domain name,
      IP-addresses, class and type.<br />
      Here are the tables:
      <h4>
        DNSzone
      </h4>This object-class represents a DNS zone. It is the
      container for all the resource records within a zone. Zones
      can be primary or secondary. If used in conjunction with
      <i>tinydns</i> zones are always primary. Secondary zones
      don't make sense anyway! In addition to being a container,
      the zone object has attributes related to the management of
      the zone. These include the zone's SOA information. Each
      zone-object can have none to many children of class
      <b>DNSrrset</b>.<br />
      <table bgcolor="#EEEEEE" summary=
      "LDAP attributes used by DNS zones">
        <tr>
          <th>
            ATTRIBUTE
          </th>
          <th>
            VALUE
          </th>
          <th>
            Comment
          </th>
        </tr>
        <tr>
          <td>
            objectclass
          </td>
          <td>
            DNSzone
          </td>
          <td>
            required
          </td>
        </tr>
        <tr>
          <td>
            cn
          </td>
          <td>
            <i>common name</i>
          </td>
          <td>
            required
          </td>
        </tr>
        <tr>
          <td>
            DNSzonename
          </td>
          <td>
            <i>Name of the zone</i>
          </td>
          <td>
            required, multivalued
          </td>
        </tr>
        <tr>
          <td>
            DNSserial
          </td>
          <td>
            <i>Serial number of SOA</i>
          </td>
          <td>
            optional
          </td>
        </tr>
        <tr>
          <td>
            DNSrefresh
          </td>
          <td>
            <i>Refresh time of SOA</i>
          </td>
          <td>
            optional, only used for zone transfers
          </td>
        </tr>
        <tr>
          <td>
            DNSretry
          </td>
          <td>
            <i>Retry time of SOA</i>
          </td>
          <td>
            optional, only used for zone transfers
          </td>
        </tr>
        <tr>
          <td>
            DNSexpire
          </td>
          <td>
            <i>Expire time of SOA</i>
          </td>
          <td>
            optional, only used for zone transfers
          </td>
        </tr>
        <tr>
          <td>
            DNSminimum
          </td>
          <td>
            <i>Minimum time to live</i>
          </td>
          <td>
            optional, only used for zone transfers
          </td>
        </tr>
        <tr>
          <td>
            DNSadminmailbox
          </td>
          <td>
            <i>Hostmaster's contact address</i>
          </td>
          <td>
            optional
          </td>
        </tr>
        <tr>
          <td>
            DNSzonemaster
          </td>
          <td>
            <i>Primary nameserver for this zone</i>
          </td>
          <td>
            optional
          </td>
        </tr>
        <tr>
          <td>
            DNStype
          </td>
          <td>
            SOA
          </td>
          <td>
            must be SOA
          </td>
        </tr>
        <tr>
          <td>
            DNSclass
          </td>
          <td>
            IN
          </td>
          <td>
            must be IN
          </td>
        </tr>
        <tr>
          <td>
            DNSttl
          </td>
          <td>
            <i>time to live</i>
          </td>
          <td>
            optional, only used with tinydns
          </td>
        </tr>
        <tr>
          <td>
            DNStimestamp
          </td>
          <td>
            <i>timestamp</i>
          </td>
          <td>
            optional, only used with tinydns
          </td>
        </tr>
      </table>
      <ul>
        <li>
          <b>DNSzonename:</b> This field is required to describe
          the zone's domain name, for instance myorg.com. More than
          one <b>DNSzonename</b> my be specified for a
          <b>DNSzone</b> so that the same host is accessable with
          different zonenames.
        </li>
        <li>
          <b>DNSserial:</b> This is the serial number as used for
          BIND's zone transfers. Here it is used to inform
          <b>ldap2dns</b> that it has to rebuild its data-file.
          Without increasing the serial number <b>ldap2dns</b> will
          ignore all modifications until it is restarted.
        </li>
        <li>
          <b>DNSrefresh, DNSretry, DNSexpire, DNSminimum:</b> You
          may safly ignore these numbers if You don't do
          zone-transfers. Since Your secondary nameserver will
          connect to the LDAP server the same way Your primary
          does, You don't need zone-transfers anyway.
        </li>
        <li>
          <b>DNSzonemaster:</b> Here you specify the canonical name
          of your primary nameserver.
        </li>
        <li>
          <b>DNSadminmailbox:</b> This is the contact address of
          Your DNS-administrator. The first dot is converted to a
          <i>@</i>.
        </li>
        <li>
          <b>DNStype:</b> Must be <b>SOA</b> (Start Of Authority)
        </li>
        <li>
          <b>DNSclass:</b> Must be <b>IN</b> (Internet, or do still
          use Chaosnet?)
        </li>
        <li>
          <b>DNSttl:</b> This is the time-to-live value as used by
          <b>tinydns</b>. If TTL is nonzero (or omitted), the
          timestamp is a starting time from whereon this zone's
          information is valid. If TTL is zero, the timestamp is an
          ending time (``time to die'').
        </li>
        <li>
          <b>DNStimestamp:</b> This is the timestamp as used by
          <b>tinydns</b>. It represents a string as external TAI64
          timestamp, printed as 16 lowercase hexadecimal characters
        </li>
      </ul>
      <h4>
        DNSrrset
      </h4>The Resource Record Set represents all of the resource
      records for a given host name within a zone. It must be a
      child of a DNSzone object.<br />
      <table bgcolor="#EEEEEE" summary=
      "LDAP attributes for DNS records">
        <tr>
          <th>
            ATTRIBUTE
          </th>
          <th>
            VALUE
          </th>
          <th>
            Comment
          </th>
        </tr>
        <tr>
          <td>
            objectclass
          </td>
          <td>
            DNSrrset
          </td>
          <td>
            required
          </td>
        </tr>
        <tr>
          <td>
            cn
          </td>
          <td>
            <i>common name</i>
          </td>
          <td>
            required
          </td>
        </tr>
        <tr>
          <td>
            DNSdomainname
          </td>
          <td>
            <i>Name of this record</i>
          </td>
          <td>
            optional, relative to zonename
          </td>
        </tr>
        <tr>
          <td>
            DNSipaddr
          </td>
          <td>
            <i>IP address</i>
          </td>
          <td>
            optional, mutivalued
          </td>
        </tr>
        <tr>
          <td>
            DNScname
          </td>
          <td>
            <i>Canonical name</i>
          </td>
          <td>
            optional, without ending dot relative to zonename
          </td>
        </tr>
        <tr>
          <td>
            DNSpreference
          </td>
          <td>
            <i>integer</i>
          </td>
          <td>
            optional, only used for MX records
          </td>
        </tr>
        <tr>
          <td>
            DNStype
          </td>
          <td>
            A, CNAME, NS, MX, PTR or TXT
          </td>
          <td>
            must be any valid record type
          </td>
        </tr>
        <tr>
          <td>
            DNSclass
          </td>
          <td>
            IN
          </td>
          <td>
            must be IN
          </td>
        </tr>
        <tr>
          <td>
            DNSttl
          </td>
          <td>
            <i>time to live</i>
          </td>
          <td>
            optional, only used with tinydns
          </td>
        </tr>
        <tr>
          <td>
            DNStimestamp
          </td>
          <td>
            <i>timestamp</i>
          </td>
          <td>
            optional, only used with tinydns
          </td>
        </tr>
        <tr>
          <td>
            DNSsrvpriority
          </td>
          <td>
            <i>SRV Priority</i>
          </td>
          <td>
            optional, defaults to 0 for <a href=
            "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
            SRV</a> records
          </td>
        </tr>
        <tr>
          <td>
            DNSsrvweight
          </td>
          <td>
            <i>SRV Weight</i>
          </td>
          <td>
            optional, defaults to 0 for <a href=
            "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
            SRV</a> records
          </td>
        </tr>
        <tr>
          <td>
            DNSsrvport
          </td>
          <td>
            <i>SRV Port</i>
          </td>
          <td>
            Required for <a href=
            "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
            SRV</a> records
          </td>
        </tr>
      </table><br />
      <ul>
        <li>
          <b>DNSrrset:</b> This object-class must be a direct child
          of DNSzone. Its <b>dn</b> should be specified as
          <pre>
cn=<i>domainname</i>,cn=<i>zonename</i>,...
</pre>
        </li>
        <li>
          <b>DNSdomainname</b> This is the partial domain-name, ie.
          the part in front of the zone-name.
        </li>
        <li>
          <b>DNSipaddr:</b> This specifies the IP-address in dotted
          format. It can be used for <b>DNSrrset</b>'s of type
          <b>A, NS, MX</b> or <b>PTR</b>. <b>DNSipaddr</b> is
          multivalued to specifiy more than one IP-address for a
          service. If used in <b>DNSrrset</b>'s with <b>DNStype</b>
          = <b>PTR</b> it overrides the old-fashioned form used in
          <b>DNSdomainname</b> such as 13.178.23.in-addr.arpa for
          reverse lookups.
        </li>
        <li>
          <b>DNScname:</b> Whenever there is a mapping of a
          domain-name to a canonical name, use this attribute.
          <b>DNScname</b> may be used for <b>DNSrrset</b>'s with
          <b>DNStype CNAME, NS, MX, PTR or TXT</b>. If the last
          character of a CNAME is a dot its name is considered
          absolute. If it does not contain a dot, its name is
          prepended to the zone-name.
        </li>
        <li>
          <b>DNSpreference:</b> This number is the mail-exchange
          preference as used by BIND.
        </li>
        <li>
          <b>DNStype:</b> This must be <b>A, CNAME, NS, MX, PTR</b>
          or <b>TXT</b>. It specifies the DNSrrset type.
        </li>
        <li>
          <b>DNSclass:</b> Must be <b>IN</b>
        </li>
        <li>
          <b>DNSttl:</b> This is the time-to-live value as used by
          <b>tinydns</b>. If TTL is non-zero (or omitted), the
          time-stamp is a starting time from where-on this zone's
          information is valid. If TTL is zero, the timestamp is an
          ending time (``time to die'').
        </li>
        <li>
          <b>DNStimestamp:</b> This is the timestamp as used by
          <b>tinydns</b>. It represents a string as external TAI64
          time-stamp, printed as 16 lowercase hexadecimal
          characters
        </li>
        <li>
          <b>DNSsrvpriority:</b> Integer representing the relative
          priority of this DNS SRV record. See <a href=
          "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
          menandmice.com</a> for more information about DNS SRV
          records.
        </li>
        <li>
          <b>DNSsrvweight:</b> DNS SRV record weight field. Integer
        </li>
        <li>
          <b>DNSsrvport:</b> DNS SRV record port number. Integer
        </li>
      </ul><br />
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('ldap2dns', 'Usage: Running ldap2dns'));
// -->
//]]>
</script> <noscript>
      <h3>
        Usage: Running ldap2dns
      </h3></noscript> <b>ldap2dns</b> and <b>ldap2dnsd</b>
      recognize the following options:
      <pre>
-D <i>binddn</i> specify the distinguished name to bind to the LDAP directory
-w <i>bindpasswd</i> use bindpasswd as password for simple authentication
-b <i>searchbase</i> use searchbase as starting point for search instead default
-o data generate a "data" file to be processed by tinydns-data
-o db for each zone generate a "&lt;zonename&gt;.db" file to be used by named
-L[<i>filename</i>] print output in LDIF format to [<i>filename</i>] or stdout for reimport
-h <i>host</i> specify the hostname of LDAP directory. Default is localhost
-p <i>port</i> portnumber to connect to LDAP directory. Defaults is 389
-H <i>ldapURI</i> URI for LDAP server (examples: <i>ldap://hostname</i> or <i>ldaps://hostname:636</i>)
-v run in verbose mode
-vv even more verbose
-V print version and exit
-u <i>numsecs</i> update DNS data every numsecs.
-t <i>timeout</i> timeout for LDAP searches, in seconds
-M <i>reclimit</i> Limit LDAP results to <i>reclimit</i> number of records.
</pre><b>ldap2dns</b> and <b>ldap2dnsd</b> recognize the following
environment variables:<br />
      <b>TINYDNSDIR</b>: Specifies the directory where ldap2dns
      writes its data file.<br />
      <b>LDAP2DNS_UPDATE</b>: Specifies the update intervall as the
      -u command line option would.<br />
      <b>LDAP2DNS_OUTPUT</b>: Specifies the default output, as the
      -o command line option would. <b>ldap2dns</b> and
      <b>ldap2dnsd</b> use the following parameters from
      /etc/ldap.conf if not specified on the command line:
      <b>BASE</b>: The LDAP search base.<br />
      <b>HOST</b>: The LDAP server.<br />
      <b>PORT</b>: The LDAP port.<br />
      <br />
      If You are a tinydns user, run <b>ldap2dns</b> in
      /services/tinydns/root.<br />
      If You are an openldap user, the command line switches are
      the same as for ldapsearch or ldapadd.
      <pre>
$ ldap2dns -D "<i>binddn</i>" [ -w <i>passwd</i> ] -b "<i>searchbase</i>" \
-o data -e "cd /var/tinydns/root &amp;&amp; /usr/bin/tinydns-data"
</pre>This generates a data file which is converted into a data.cdb
by tinydns-data as soon as ldap2dns detects a modification in the
LDAP directory. The password is required if You restrict read
queries to authenticated users only. Test with
      <pre>
$ dnsq any corp.local <i>ipaddr</i>
</pre>Replace <i>ipaddr</i> with whatever You configured tinydns to
listen to. If You are a BIND user, run <b>ldap2dns</b> in
/var/named with
      <pre>
$ ldap2dns -D "<i>binddn</i>" -w <i>passwd</i> -b "<i>searchbase</i>" \
-o db -e "kill -HUP `cat /var/run/named-pid`"
</pre>Do not forget to add You primary definition to your
named.conf file. Your named should be restarted automatically as
soon as ldap2dns detects a modification in the LDAP directory. If
bind is not restarted, do so with
      <pre>
# kill -HUP <i>PID</i>
</pre>Now run
      <pre>
$ nslookup - localhost
&gt; ns1.corp.local
</pre>Note that <b>nslookup</b> only works with <b>tinydns</b> if
your nameserver resolves its IP-address backwards.
<script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('ldap2dnsd', 'Usage: Running ldap2dnsd'));
// -->
//]]>
</script> <noscript>
      <h3>
        Usage: Running ldap2dnsd
      </h3></noscript> When <b>ldap2dns</b> is invoked as
      <b>ldap2dnsd</b>, the program starts as backgound-daemon and
      continuously checks for modifications in the LDAP directory.
      If the the daemon sees a modification in the <b>DNSserial</b>
      numbers it updates the data or .db files, depending what kind
      of output was configured. This check is done about once a
      minute and is configurable.<br />
      The command-line options for <b>ldap2dnsd</b> are the same as
      for <b>ldap2dns</b>. Use the -u option to modify the update
      interval. You may also use -u on <b>ldap2dns</b> to start as
      a foreground daemon. This is useful if You want to run
      <b>ldap2dns</b> from <b><a href=
      "http://cr.yp.to/daemontools.html">daemontools</a></b>.<br />
      <br />
      These instructions assume you will be running <b>ldap2dns</b>
      under <b>daemontools</b>b&gt; and that tinydns is also
      running under daemontools. These instructions also assume you
      are using Dan Bernstein's standard directory locations. Make
      sure you change the below examples to match your
      environment.<br />
      <br />
      Start by creating the a non-root user to run your ldap2dns
      and associated logging mechanism:
      <pre>
# groupadd -r ldap2dns
# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Daemon" \
 -g ldap2dns ldap2dns
# groupadd -r l2dnslog
# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Logger" \
 -g l2dnslog l2dnslog
</pre><br />
      Next configure the ldap2dns area to be managed by
      <b>daemontools</b>. Typically this is <i>/etc/ldap2dns</i>
      <pre>
# cd /etc
# ldap2tinydns-conf ldap2dns l2dnslog /etc/ldap2dns /etc/tinydns/root
</pre>The syntax is close to tinydns-conf except that you will also
need to specify the path to the <i>root</i> directory for tinydns.
This is the directory that holds the <i>data</i> file.<br />
      <br />
      Next edit the file <i>/etc/ldap2dns/run</i> and optionally
      the environment variables in <i>/etc/ldap2dns/env</i> as
      necessary for your environment. This may include configuring
      a base DN, a bind DN, a password, and an interval.<br />
      <br />
      When everything is ready configured properly create a symlink
      from <i>/etc/ldap2dns</i> into <i>/service</i>. This action
      will cause <b>daemontools</b> to launch <b>ldap2dns</b>.
      <pre>
# ln -s /etc/ldap2dns /service/ldap2dns
</pre>After a few seconds <b>daemontools</b> starts
<b>ldap2dnsd</b> which itself generates data files whenever a
modification is commited into the LDAP directory. <script language=
"JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('ImportingAXFR',
    'Importing DNS data from an existing AXFR capable (BIND) name server'));
// -->
//]]>
</script> <noscript>
      <h3>
        Importing DNS data from an existing AXFR capable (BIND)
        name server
      </h3></noscript> A perl-script <i>import.pl</i> is contained
      in this package. Edit the first lines of the script to
      conform to Your configuration. If You have installed the Perl
      packages Net::LDAP and Net::DNS skip the following lines,
      otherwise do
      <pre>
# perl -MCPAN -e 'shell'
(...snip...)
&gt; install Net::DNS
&gt; install Net::LDAP
</pre>Now check that Your nameserver allows zone transfers to your
host and run the import script:
      <pre>
$ echo 'primary mydomain.org ' | ./import.pl
</pre>for a single domain or
      <pre>
# cat named.boot | ./import.pl
</pre>to populate Your LDAP directory. <script language=
"JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('ImportingTinyDNS',
    'Importing DNS data from an existing TinyDNS name server'));
// -->
//]]>
</script> <noscript>
      <h3>
        Importing DNS data from an existing TinyDNS name server
      </h3></noscript> Use the supplied <i>data2ldap.pl</i> in the
      <i>scripts/</i> directory
      <pre>
$ data2ldap.pl data data.ldif ou=DNS,dc=example,dc=com
</pre>More to come...<br />
      <br />
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Roadmap', 'Roadmap'));
// -->
//]]>
</script> <noscript>
      <h3>
        Roadmap
      </h3></noscript> A browser-based administration toolkit,
      which connects directly to the LDAP-directory service.
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('ToDo', 'To Do'));
// -->
//]]>
</script> <noscript>
      <h3>
        To Do
      </h3></noscript>
      <ul>
        <li>Write a man page.
        </li>
        <li>named.conf should be created automatically.
        </li>
      </ul><script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Copyright', 'Copyright and Disclaimer'));
// -->
//]]>
</script> <noscript>
      <h3>
        Copyright and Disclaimer
      </h3></noscript> This program is Copyright 1999-2004 Jacob
      Rief and 2005-2006 Ben Klang<br />
      This program is licensed under the GPL version 2<br />
      <br />
      ldap2dns was originally written by Jacob Rief
      (jacob.rief@tiscover.com). It is now maintained by Ben Klang
      (bklang@alkaloid.net). If you run <b>ldap2dns</b> on a
      production nameserver, please send the maintainer an email
      and mention on what OS and with which nameserver you do
      so.<br />
      <br />
      <b><i>Disclaimer:</i> The author and all contributors
      disclaim any kind of warranty or liability or suitability for
      any purpose. By running this software you agree that you are
      a competent systems administrator and will bear the
      responsibility for your actions.</b><br />
      <script language="JavaScript" type="text/javascript">
//<![CDATA[
<!--
document.write(addEntry('Download', 'Download'));
// -->
//]]>
</script> <noscript>
      <h3>
        Download
      </h3></noscript>
      <h4>
        Latest Release: <a href="/download.php?list.10">ldap2dns
        version 0.4.1</a>
      </h4>Released October 19, 2006<br />
      <a href=
      "http://svn.alkaloid.net/browse/chora/co.php?f=ldap2dns/tags/0.4.1/ChangeLog">
      ChangeLog</a><br />
      <br />
      <h4>
        Developer Access:
      </h4>The bleeding edge of ldap2dns is in the Alkaloid
      Networks subversion repository found at <a href=
      "https://svn.alkaloid.net/gpl/ldap2dns/trunk">https://svn.alkaloid.net/gpl/ldap2dns/trunk</a>.<br />

      <br />
      Following the Subversion standard, releases are kept in
      /gpl/ldap2dns/tags and branches are in
      /gpl/ldap2dns/branches.<br />
      <br />
    </div>
  </body>
</html>