openldap, dlz and dynamic dns updates from isc-dhcpd
Evan Hunt
each at isc.org
Mon Sep 24 22:31:42 UTC 2012
> Here's a possibly wrong assumption: there are BIND deployments that
> use openldap (or an RDBMS, or something else) rather than zone files
> to hold DNS mappings (name to ip address & vice versa), and these
> alternative backends are updated when the DHCP server hands out or
> revokes a lease.
> Is this so? If so, how is the DNS information updated?
There are two sorts of DLZ driver out there -- the older ones that don't
support dynamic update and have to be statically linked into the "named"
binary to work, and then newer ones like Andrew Tridgell's, which are
run-time loadable and can (if desired) be written to accept updates via
dynaamic DNS.
There *is* an LDAP DLZ driver, but it's an old-style driver so it
can't accept DDNS updates. You could probably write some kind of DHCP hook
that updated the LDAP data directly, *not* using dynamic DNS, but I don't
think that's what you were asking about. To use LDAP *and* accept DDNS
updates, you'd need a new-style DLZ driver that supported LDAP, which is
certainly possible, but I don't know whether anyone's done it yet. (I'm
guessing not, though; I think I would've heard.)
> > I'm not sure what you mean by "using encryption".
>
> :-) I'm not sure either. In DHCP config, within a zone { ... }
> block, there are key <keyname> directives. It seems that BIND & DHCP
> can use a key to be sure of each other and the validity of DNS updates
> coming from the DHCP server. Am I on the right track? When I wrote
> 'encryption' this is what I was referring to.
Okay, you're talking about authentication using TSIG keys -- I thought
so, but wasn't quite sure. :)
There shouldn't be any conflict between that and DLZ.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list