Using PowerDNS with an LDAP Backend

Initial Configuration

i. Do 'apt-get install pdns-backend-ldap' answering the prompts as follows:

  1. "IP Address where ["PowerDNS" should listen]" can be left blank if you only have one network address, but if you have multiple IP's (e.g. from two network cards, or PPP + a NIC) you should enter the IP that should be used for responding to DNS queries. This must be the numeric IP address.

  2. "Subnets allowed to recurse" is the semicolon delimited list of networks for which !["PowerDNS"] will query other dns servers for names it does not recognize (useful if you have a local domain but also want to access internet domain names).

  3. "Do you want to start the ["PowerDNS" server automatically]" normally will be "Yes".

ii. Edit /etc/powerdns/pdns.conf

Make sure the following entries are set properly (leaving the rest as configured by the install process):

 allow-recursion-override=on
 launch=ldap
 lazy-recursion=yes
 local-address=numbered.ip.of.dns-server
 recursor=127.0.0.1

iii. Edit /etc/powerdns/pdns.d/pdns.local

It should look like:

 ldap-host=numeric.ip.of.ldap-server
 ldap-basedn=[["DNSBaseDN"]] 
 ldap-method=strict

Where [["DNSBaseDN"]] is the ["BaseDN"] for DNS entries (most likely a subtree rather than based on the LDAP root).

iv. Edit /etc/powerdns/recursor.conf

It should have the following entries in addition to the defaults:

 local-address=127.0.0.1
 quiet=yes

v. Add the following entries to slapd.conf

 index aRecord            pres,eq
 index associatedDomain   pres,eq,sub

vi. Update the LDAP indices

Make sure the indexes are updated by doing (as root):

  # /etc/init.d/slapd stop
  # slapindex
  # /etc/init.d/slapd start

vii. Add some dns entries

The following could be added using 'ldapadd -x -W -D "cn=admin,[["BaseDN"]" -f filename]'

 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: example
 soarecord: host1.example.com hostmaster@mail.example.com 0 1800 3600 604800 84600
 nsrecord: host1.example.com
 mxrecord: 10 mail.example.com
 associateddomain: example.com

 dn: dc=host1,dc=example,ou=dns,dc=example,dc=com
 objectclass: top
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: host1
 arecord: 192.168.1.2
 associateddomain: host1.example.com

 # Other names for host1.example.com  

 dn: dc=host1-aliases,dc=example,ou=dns,dc=example,dc=com
 objectclass: top
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: host1-aliases
 cnamerecord: host1.example.com
 associateddomain: mail.example.com
 associateddomain: dns.example.com
 associateddomain: dhcp.example.com
 associateddomain: wins.example.com
 associateddomain: smtp.example.com
 associateddomain: ldap.example.com

 # Simple record: host2.example.com
 dn: dc=host2,dc=example,ou=dns,dc=example,dc=com
 objectclass: top
 objectclass: dnsdomain
 objectclass: domainrelatedobject
 dc: darien
 arecord: 192.168.1.3
 associateddomain: host2.example.com

viii. Restart powerdns

 /etc/init.d/pdns-recursor restart
 /etc/init.d/pdns restart