Often it is desirable to store DNS information in a database rather
than in flat text files. This can greatly help to reduce
administration overhead since associate information such as billing
contact, account management, etc. can be stored and processed
inside the same database. Also due to the nature of DNS,
information must be stored redundantly on two or more hosts. The
classical data replication through zone transfer is unreliable,
insecure and difficult to administer.<br/>
To solve this problem some proprietary attempts have been proposed
to store DNS information in relational databases. The nature of
DNS, however, is hierarchical and such should the database be.
Using a relational database to store DNS information is
undesirable, because it becomes difficult to store free form
information. Within a hierachical data scheme, the administrator
might define more than one IP-address for each canonical name. To
implement such a feature in a relational database without breaking
the normalization rules, one would have to add another table.<br/>
One of the most widely spread hierarchical database protocols is
LDAP. <b>ldap2dns</b> retrieves DNS information stored in an LDAP
directory service and generates a file suitable for
name-servers.<br/>
Actually the most widely spread name-servers <ahref="http://www.isc.org/products/BIND/">named</a> and <ahref="http://cr.yp.to/djbdns/tinydns.html">tinydns</a> are supported.
<b>ldap2dns</b> specially has been designed to work with tinydns
and is the favored name server daemon for the author of this
program. <b>ldap2dns</b> can also generate files suitable for
<i>named</i> version 8, but this feature is not well supported.
There is a <ahref="http://www.alternic.org/drafts/drafts-m-n/draft-miller-dns-ldap-schema-00.txt">
RFC</a> for a format description how to store DNS information in
LDAP. This paper a draft RFC which expired in February 1999, looks
as if it has been specially designed to be used by <i>named</i>.
This scheme does not have strict attribute-value-pair mapping,
making it difficult to be used by user interfaces. It also lacks of
an implementation (or I have never heard of any).<br/>
Since <i>tinydns</i> is going another descriptive way. Therefore I
implemented a similar object-scheme more suitable for <i>tinydns</i>.
a given host name within a zone. It must be a child of a DNSzone
object.<br/>
<tablebgcolor="#EEEEEE">
<tr>
<th>ATTRIBUTE</th>
<th>VALUE</th>
<th>Comment</th>
</tr>
<tr>
<td>objectclass</td>
<td>DNSrrset</td>
<td>required</td>
</tr>
<tr>
<td>cn</td>
<td><i>common name</i></td>
<td>required</td>
</tr>
<tr>
<td>DNSdomainname</td>
<td><i>Name of this record</i></td>
<td>optional, relative to zonename</td>
</tr>
<tr>
<td>DNSipaddr</td>
<td><i>IP address</i></td>
<td>optional, mutivalued</td>
</tr>
<tr>
<td>DNScname</td>
<td><i>Canonical name</i></td>
<td>optional, without ending dot relative to zonename</td>
</tr>
<tr>
<td>DNSpreference</td>
<td><i>integer</i></td>
<td>optional, only used for MX records</td>
</tr>
<tr>
<td>DNStype</td>
<td>A, CNAME, NS, MX, PTR or TXT</td>
<td>must be any valid record type</td>
</tr>
<tr>
<td>DNSclass</td>
<td>IN</td>
<td>must be IN</td>
</tr>
<tr>
<td>DNSttl</td>
<td><i>time to live</i></td>
<td>optional, only used with tinydns</td>
</tr>
<tr>
<td>DNStimestamp</td>
<td><i>timestamp</i></td>
<td>optional, only used with tinydns</td>
</tr>
<tr>
<td>DNSsrvpriority</td>
<td><i>SRV Priority</i></td>
<td>optional, defaults to 0 for <ahref="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">SRV</a> records</td>
</tr>
<tr>
<td>DNSsrvweight</td>
<td><i>SRV Weight</i></td>
<td>optional, defaults to 0 for <ahref="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">SRV</a> records</td>
</tr>
<tr>
<td>DNSsrvport</td>
<td><i>SRV Port</i></td>
<td>Required for <ahref="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">SRV</a> records</td>
</tr>
</table>
<br/>
<ul>
<li><b>DNSrrset:</b> This object-class must be a direct child of
DNSzone. Its <b>dn</b> should be specified as
<pre>
cn=<i>domainname</i>,cn=<i>zonename</i>,...
</pre></li>
<li><b>DNSdomainname</b> This is the partial domain-name, ie. the
part in front of the zone-name.</li>
<li><b>DNSipaddr:</b> This specifies the IP-address in dotted
format. It can be used for <b>DNSrrset</b>'s of type <b>A, NS,
MX</b> or <b>PTR</b>. <b>DNSipaddr</b> is multivalued to specifiy
more than one IP-address for a service. If used in
<b>DNSrrset</b>'s with <b>DNStype</b> = <b>PTR</b> it overrides the
old-fashioned form used in <b>DNSdomainname</b> such as
13.178.23.in-addr.arpa for reverse lookups.</li>
<li><b>DNScname:</b> Whenever there is a mapping of a domain-name
to a canonical name, use this attribute. <b>DNScname</b> may be
used for <b>DNSrrset</b>'s with <b>DNStype CNAME, NS, MX, PTR or
TXT</b>. If the last character of a CNAME is a dot its name is
considered absolute. If it does not contain a dot, its name is
prepended to the zone-name.</li>
<li><b>DNSpreference:</b> This number is the mail-exchange
preference as used by BIND.</li>
<li><b>DNStype:</b> This must be <b>A, CNAME, NS, MX, PTR</b> or
<b>TXT</b>. It specifies the DNSrrset type.</li>
<li><b>DNSclass:</b> Must be <b>IN</b></li>
<li><b>DNSttl:</b> This is the time-to-live value as used by
<b>tinydns</b>. If TTL is non-zero (or omitted), the time-stamp is
a starting time from where-on this zone's information is valid. If
TTL is zero, the timestamp is an ending time (``time to
die'').</li>
<li><b>DNStimestamp:</b> This is the timestamp as used by
<b>tinydns</b>. It represents a string as external TAI64
time-stamp, printed as 16 lowercase hexadecimal characters</li>
<li><b>DNSsrvpriority:</b> Integer representing the relative priority of this DNS SRV record. See <ahref="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">menandmice.com</a> for more information about DNS SRV records.</li>
<li><b>DNSsrvweight:</b> DNS SRV record weight field. Integer</li>
<li><b>DNSsrvport:</b> DNS SRV record port number. Integer</li>
document.write(addEntry('Copyright', 'Copyright and Disclaimer'));
// -->
</script>
<noscript>
<h3>Copyright and Disclaimer</h3>
</noscript>
This program is Copyright 1999-2004 Jacob Rief and 2005 Ben Klang<br/>
This program is licensed under the GPL version 2<br/>
ldap2dns was originally written by Jacob Rief (jacob.rief@tiscover.com). It is now maintained by Ben Klang (ben@alkaloid.net). If you run <B>ldap2dns</B> on a production nameserver, please send the maintainer an email and mention on what OS and with which nameserver you do so.<br/>
<br/>
<b><i>Disclaimer:</i> The author and all contributors disclaim any kind of warranty or liability or suitability for any purpose. By running this software you agree that you are a competent systems administrator and will bear the responsibility for your actions.</b><br/>
The bleeding edge of ldap2dns is in the Alkaloid Networks subversion repository found at <ahref="https://svn.alkaloid.net/gpl/ldap2dns/trunk">https://svn.alkaloid.net/gpl/ldap2dns/trunk</a>. Following the Subversion standard, releases are kept in /gpl/ldap2dns/tags and branches are in /gpl/ldap2dns/branches.<br/>
