Using PowerDNS (pdns) with an LDAP Backend

Initial Configuration

Install the PowerDNS LDAP Backend

Install the package with:

  # apt-get install pdns-backend-ldap

and answer the prompts as follows:

Edit /etc/powerdns/pdns.conf

Make sure the following entries are set properly (leaving the rest as configured by the install process):

allow-recursion-override=on
launch=ldap
lazy-recursion=yes
local-address=numbered.ip.of.dns-server
recursor=127.0.0.1

Edit /etc/powerdns/pdns.d/pdns.local

It should look like:

ldap-host=numeric.ip.of.ldap-server
ldap-basedn=ou=dns,dc=your,dc=domain
ldap-method=strict

Where ldap-basedn is the BaseDN for DNS entries (most likely a subtree rather than based on the LDAP root).

Edit /etc/powerdns/recursor.conf

It should have the following entries in addition to the defaults:

 local-address=127.0.0.1
 quiet=yes

Add the following entries to slapd.conf

 index aRecord            pres,eq
 index associatedDomain   pres,eq,sub

Update the LDAP indices

Make sure the indexes are updated by doing (as root):

  # /etc/init.d/slapd stop
  # slapindex
  # /etc/init.d/slapd start

Add some dns entries

See also: LDAP/PowerDNSSetup/Format

The following could be added using

  # ldapadd -x -W -D "cn=admin,dc=your,dc=domain" -f filename

The file should contain some data similar to this:

 # create fictive organisational unit dns
 dn: ou=dns,dc=example,dc=com
 objectclass: organizationalUnit
 ou: dns

 dn: dc=example,ou=dns,dc=example,dc=com
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: example
 soarecord: host1.example.com hostmaster@mail.example.com 0 1800 3600 604800 84600
 nsrecord: host1.example.com
 mxrecord: 10 mail.example.com
 associateddomain: example.com

 # Simple record (host1.example.com has address 192.168.1.2)
 dn: dc=host1,dc=example,ou=dns,dc=example,dc=com
 objectclass: top
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: host1
 arecord: 192.168.1.2
 associateddomain: host1.example.com
 # Other names for host1.example.com  

 dn: dc=host1-aliases,dc=example,ou=dns,dc=example,dc=com
 objectclass: top
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: host1-aliases
 cnamerecord: host1.example.com
 associateddomain: mail.example.com
 associateddomain: dns.example.com
 associateddomain: dhcp.example.com
 associateddomain: wins.example.com
 associateddomain: smtp.example.com
 associateddomain: ldap.example.com

 # Simple record: host2.example.com
 dn: dc=host2,dc=example,ou=dns,dc=example,dc=com
 objectclass: top
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: host2
 arecord: 192.168.1.3
 associateddomain: host2.example.com

Restart powerdns

  # /etc/init.d/pdns-recursor restart
  # /etc/init.d/pdns restart