Using PowerDNS with an LDAP Backend
Initial Configuration
i. Do 'apt-get install pdns-backend-ldap' answering the prompts as follows:
"IP Address where ["PowerDNS" should listen]" can be left blank if you only have one network address, but if you have multiple IP's (e.g. from two network cards, or PPP + a NIC) you should enter the IP that should be used for responding to DNS queries. This must be the numeric IP address.
"Subnets allowed to recurse" is the semicolon delimited list of networks for which !["PowerDNS"] will query other dns servers for names it does not recognize (useful if you have a local domain but also want to access internet domain names).
"Do you want to start the ["PowerDNS" server automatically]" normally will be "Yes".
ii. Edit /etc/powerdns/pdns.conf
Make sure the following entries are set properly (leaving the rest as configured by the install process):
allow-recursion-override=on launch=ldap lazy-recursion=yes local-address=numbered.ip.of.dns-server recursor=127.0.0.1
iii. Edit /etc/powerdns/pdns.d/pdns.local
It should look like:
ldap-host=numeric.ip.of.ldap-server ldap-basedn=[["DNSBaseDN"]] ldap-method=strict
Where [["DNSBaseDN"]] is the ["BaseDN"] for DNS entries (most likely a subtree rather than based on the LDAP root).
iv. Edit /etc/powerdns/recursor.conf
It should have the following entries in addition to the defaults:
local-address=127.0.0.1 quiet=yes
v. Add the following entries to slapd.conf
index aRecord pres,eq index associatedDomain pres,eq,sub
vi. Update the LDAP indices
Make sure the indexes are updated by doing (as root):
# /etc/init.d/slapd stop # slapindex # /etc/init.d/slapd start
vii. Add some dns entries
The following could be added using 'ldapadd -x -W -D "cn=admin,[["BaseDN"]" -f filename]'
objectclass: dnsdomain objectclass: domainrelatedobject dc: example soarecord: host1.example.com hostmaster@mail.example.com 0 1800 3600 604800 84600 nsrecord: host1.example.com mxrecord: 10 mail.example.com associateddomain: example.com
# Simple record (host1.example.com has address 192.168.1.2)
dn: dc=host1,dc=example,ou=dns,dc=example,dc=com objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: host1 arecord: 192.168.1.2 associateddomain: host1.example.com
# Other names for host1.example.com
dn: dc=host1-aliases,dc=example,ou=dns,dc=example,dc=com objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: host1-aliases cnamerecord: host1.example.com associateddomain: mail.example.com associateddomain: dns.example.com associateddomain: dhcp.example.com associateddomain: wins.example.com associateddomain: smtp.example.com associateddomain: ldap.example.com
# Simple record: host2.example.com dn: dc=host2,dc=example,ou=dns,dc=example,dc=com objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: darien arecord: 192.168.1.3 associateddomain: host2.example.com
viii. Restart powerdns
/etc/init.d/pdns-recursor restart /etc/init.d/pdns restart
- See also: ["LDAP"], ["LDAPTools"], ["OpenLDAPSetup"]