Using PowerDNS (pdns) with an LDAP Backend
Initial Configuration
Install the PowerDNS LDAP Backend
Install the package with:
# apt-get install pdns-backend-ldap
and answer the prompts as follows:
- IP Address where PowerDNS should listen - can be left blank if you only have one network address, but if you have multiple IP addresses (e.g. from two network cards, or PPP + a NIC) you should enter the IP that should be used for responding to DNS queries.
- Subnets allowed to recurse - is the semicolon delimited list of networks for which PowerDNS will query other DNS servers for names it does not recognize (useful if you have a local domain but also want to access internet domain names).
Do you want to start the PowerDNS server automatically - normally will be Yes.
Edit /etc/powerdns/pdns.conf
Make sure the following entries are set properly (leaving the rest as configured by the install process):
allow-recursion-override=on launch=ldap lazy-recursion=yes local-address=numbered.ip.of.dns-server recursor=127.0.0.1
Edit /etc/powerdns/pdns.d/pdns.local
It should look like:
ldap-host=numeric.ip.of.ldap-server ldap-basedn=ou=dns,dc=your,dc=domain ldap-method=strict
Where ldap-basedn is the BaseDN for DNS entries (most likely a subtree rather than based on the LDAP root).
Edit /etc/powerdns/recursor.conf
It should have the following entries in addition to the defaults:
local-address=127.0.0.1 quiet=yes
Add the following entries to slapd.conf
index aRecord pres,eq index associatedDomain pres,eq,sub
Update the LDAP indices
Make sure the indexes are updated by doing (as root):
# /etc/init.d/slapd stop # slapindex # /etc/init.d/slapd start
Add some dns entries
See also: ?LDAP/PowerDNSSetup/Format
The following could be added using
# ldapadd -x -W -D "cn=admin,dc=your,dc=domain" -f filename
The file should contain some data similar to this:
# create fictive organisational unit dns dn: ou=dns,dc=example,dc=com objectclass: organizationalUnit ou: dns dn: dc=example,ou=dns,dc=example,dc=com objectclass: dnsdomain objectclass: domainrelatedobject dc: example soarecord: host1.example.com hostmaster@mail.example.com 0 1800 3600 604800 84600 nsrecord: host1.example.com mxrecord: 10 mail.example.com associateddomain: example.com # Simple record (host1.example.com has address 192.168.1.2) dn: dc=host1,dc=example,ou=dns,dc=example,dc=com objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: host1 arecord: 192.168.1.2 associateddomain: host1.example.com # Other names for host1.example.com dn: dc=host1-aliases,dc=example,ou=dns,dc=example,dc=com objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: host1-aliases cnamerecord: host1.example.com associateddomain: mail.example.com associateddomain: dns.example.com associateddomain: dhcp.example.com associateddomain: wins.example.com associateddomain: smtp.example.com associateddomain: ldap.example.com # Simple record: host2.example.com dn: dc=host2,dc=example,ou=dns,dc=example,dc=com objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: host2 arecord: 192.168.1.3 associateddomain: host2.example.com
Restart powerdns
# /etc/init.d/pdns-recursor restart # /etc/init.d/pdns restart
CategorySoftware | CategoryNetwork | CategorySystemAdministration