I know that ldap backend does not support NOTIFY (so it neither
supports master/slave operation), and that this is due to LDAP
specifications (or so). The same problem exists e.g. in BIND9 with sdb
(ldap backend).
The non-availability of triggers in openldap (the most widespread ldap
server) makes things worse, as external solutions (to trace changes and
force AXFRs) are not easily feasible.
However, also knowing that there is a patch for BIND9/sdb/ldap (see
here: http://www.pramberger.at/peter/software/patches/) that enables
NOTIFY (based on serial number values in SOA record), I was wondering
whether we can hope for such a feature in the next pdns release.
Couldn't it be implemented so the administrator would be able to enable
it using a setting in pdns.conf: e.g. Master=on ? OK, slaving (with
ldap backend) is more complex in implementation, but master operation by
comparing serial numbers and sending NOTIFY, sounds feasible.
So, can we hope for such a feature to be included in the next official
release or, if you deem this is undesirable due to whatever specs, could
it be offered as a patch, as the BIND/sdb one, or even as a Lua script ?
(I wish I could do it myself, but I am not a developer; however, I
believe this should be included in the code). It would solve significant
problems in slave synchronization, when the slave backend cannot be ldap
as well.
If not, can you suggest any other good solution(s) to trace ldap record
changes and force AXFRs to slaves?
Additional Notes:
1. I didn't like the solution to use slapo-accesslog and trace ldap
changes in order to be able to run triggers (suggested e.g. here:
http://www.openldap.org/lists/openldap-software/200703/msg00099.html and
elsewhere)
2. A solution to use triggers in openldap indicated by Jan-Piet Mens
(here:
http://blog.fupps.com/2008/07/11/i-finally-get-openldap-triggers/) is
obviously not mature and published.
3. I don't find it a good idea to write an external script to scan (&
store & compare) SOA serials in ldap and run it periodically as a cron job.
4. I even thought of this (scientific fiction) scenario; Use multiple
instances of pdns on one box: One would be using an ldap slave backend
(with native ldap replication). A second would be a slave (to the first
instance) using BIND zone files: this would use a very short TTL to
allow frequent AXFRs on the same box). Then, a third instance would be
configured as a master (to be able to send Notify) using the zone files
created by the second instance slave! I don't know if this is
technically feasible, but in the end I didn't like this idea either.)
Thanks,
Nick
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
