Re: [Pdns-users] API functionality with ldap backend in 4.1.0
On Tue, 2017-12-05 at 00:24 +0100, Grégory Oestreicher wrote: > Hi Dirk, > > > > So my question is should the api functionality correctly function with ldap > > backend, or is this still a work in process. > > I expect it to at least work read-only, but it's obviously a WIP and the > API is not an area that I've played with much. As it's a "new" feature I > have no idea which version this will land in though. > > > > > Is there something more I need to > > do. > > If you could be so kind as to file a bug report so that I don't forget > about this it'd be much appreciated. Sure can try. Thank you so very kindly for the response. > > Cheers, > Grégory > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] API functionality with ldap backend in 4.1.0
Hi Dirk, Le 04/12/2017 à 17:46, Dirk Bartley a écrit : The ldap data is the output of pdns-zone2ldap. […] curl -v -H 'X-API-Key: abc' http://127.0.0.1:8081/api/v1/servers/localhost/zones returns an empty set of zones. I have watched the slapd logs and noticed that when the above curl command is run, powerdns connects to slapd, but performs no searches. Yup, that's a bug. Well, a missing feature. Digging into this it turns out that the backend does not reimplement getAllDomains(), which is required to list all zones. I'll create a PR to add this to the backend. So my question is should the api functionality correctly function with ldap backend, or is this still a work in process. I expect it to at least work read-only, but it's obviously a WIP and the API is not an area that I've played with much. As it's a "new" feature I have no idea which version this will land in though. Is there something more I need to do. If you could be so kind as to file a bug report so that I don't forget about this it'd be much appreciated. Cheers, Grégory ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] API functionality with ldap backend in 4.1.0
Hello ! If you really need LDAP as backend, I can't advice anything but don't see benefits of using LDAP over GMYSQL. In my case I use Generic-MySQL type of backend with MariaDB SQL 10.2. Authoritative servers (Primary, Secondary) synchronized with SQL "native" replication. Install apache2+php5+PEAR and PowerAdmin from there http://www.poweradmin.org/index.html This will 100% work (tested on ESXi6.0, with Ubuntu 14.04LTS) and you can add/delete/edit zones and records in web interface. It also supports DNSSEC. BR, Alex. -Original Message- From: Pdns-users [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Dirk Bartley Sent: Monday, December 04, 2017 6:47 PM To: pdns-users@mailman.powerdns.com Subject: [Pdns-users] API functionality with ldap backend in 4.1.0 Greetings I have a testing vm installed and functional and answering dns queries. pdns- 4.1.0 I installed PowerDNS-Admin as a possible add on interface and it appears the API calls for stats and configuration are working, but not the other api calls for zones and hosts. The ldap data is the output of pdns-zone2ldap. I did get the schema into openldap with the additional pdns-domaininfo schema. For one zone for testing purpose I added data for PdnsDomain to see if I could get it to work. curl -v -H 'X-API-Key: abc' http://127.0.0.1:8081/api/v1/servers/localhost/zones returns an empty set of zones. I have watched the slapd logs and noticed that when the above curl command is run, powerdns connects to slapd, but performs no searches. So my question is should the api functionality correctly function with ldap backend, or is this still a work in process. Is there something more I need to do. Thank you very kindly in advance for your assistance. Dirk Aside: It took a bit of effort to create the ldif files to load the schemas in the openldap. I could provide the ones I created for inclusion if desired. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] API functionality with ldap backend in 4.1.0
Greetings I have a testing vm installed and functional and answering dns queries. pdns- 4.1.0 I installed PowerDNS-Admin as a possible add on interface and it appears the API calls for stats and configuration are working, but not the other api calls for zones and hosts. The ldap data is the output of pdns-zone2ldap. I did get the schema into openldap with the additional pdns-domaininfo schema. For one zone for testing purpose I added data for PdnsDomain to see if I could get it to work. curl -v -H 'X-API-Key: abc' http://127.0.0.1:8081/api/v1/servers/localhost/zones returns an empty set of zones. I have watched the slapd logs and noticed that when the above curl command is run, powerdns connects to slapd, but performs no searches. So my question is should the api functionality correctly function with ldap backend, or is this still a work in process. Is there something more I need to do. Thank you very kindly in advance for your assistance. Dirk Aside: It took a bit of effort to create the ldif files to load the schemas in the openldap. I could provide the ones I created for inclusion if desired. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Recursor 4.1
This is a major release containing significant speedups (both in throughput and latency), enhanced capabilities and a highly conformant and robust DNSSEC validation implementation that is ready for heavy production use. In addition, our EDNS Client Subnet implementation now scales effortlessly to networks needing very fine grained scopes (as used by some ‘country sized’ service providers). 4.1 reflects over a year of improvements, cleanups and enhancements - both visible and invisible. Some of the smaller improvements have been backported to 4.0 releases, but most are new. We are particularly grateful for the help of XS4ALL and Packet Clearing House (Quad9) for their help maturing this release to production readiness. In addition, various very large RFP requirements documents have also been stimulating. Finally, we’d like to thank Akamai for quickly resolving a single bit issue in their DNS responses which led the stricter 4.1-era resolving logic to not cache certain data which caused user noticeable slowdowns. We have tried to list everyone else in the full changelog[1], and we are very grateful for all the work and testing PowerDNS has received from the community! 4.1 has seen an astounding amount of pre-release testing and even full production use, and from this data we know this release is rock solid and represents a significant speedup not only in benchmarks but also in real life. === DNSSEC === DNSSEC is a complicated protocol, yet operators (rightfully) expect rapid performance that resolves even rare or outlandish signing scenarios, all while not impacting non-DNSSEC enabled domain resolution speed. While Recursor 4.0.7 is suitable for DNSSEC validation, operators have noted that 4.1 delivers superior performance, with no observable errors that are not caused by configuration mistakes by domain owners. In addition, 4.1 works around more issues triggered by non-conforming nameservers and load balancers. Anyone doing DNSSEC validation with 4.0.7 is urged to upgrade. As part of this DNSSEC work, the central DNS resolving logic of PowerDNS was fully cleaned up and made unit-testable. Large volumes of such unit tests have been added, next to similar large amounts of new regression tests. After extensive measurements[5], we are now sure that enabling DNSSEC validation has a negligible impact on user experienced performance. === Improved documentation === Our Pieter Lexis invested a ton of time improving not only the contents but also the appearance and search of our documentation. Take a look at https://doc.powerdns.com/recursor/ and know you can easily edit our documentation via GitHub’s built in editor[6]. === RPZ === RPZ is a standard for retrieving policy through zonefiles, possibly transferred incrementally (IXFR). PowerDNS 4.0 brought support for RPZ, but it was not quite complete and had performance deficiencies on very large RPZ datasets. Some of the 4.1 improvements in this area have already been backported to the 4.0 series. Notable changes in 4.1 are the addition of support for wildcard records, improvements in RPZ reloading & update processing and new debugging facilities (logging of changes and serialization of current RPZ state). === EDNS Client Subnet === EDNS Client Subnet is utilized to transmit (part of) the client IP address to authoritative servers, in the hope that they can provide more relevant answers. ECS is used by large Content Distribution Networks, and can be required to offer good streaming performance for clients within very large operator networks. The 4.0 ECS implementation is running in production in a number of such places, but the 4.1 implementation has been improved to use less CPU cycles and deal better with smaller subnets. In addition, metrics have been added to monitor ECS query loads. === Miscellaneous === SNMP support was added. The built-in authoritative server (which is more important since Authoritative Server 4.1 removed the ‘recursor=’ bypass) gained the ability to serve wildcard CNAMEs. The Lua engine gained a lot of access to relevant data from more places (EDNS Client Subnet details, MAC address, TCP or UDP). CPU affinity can now be specified. Support was added for TCP Fast Open. There are new performance metrics which track the amount of CPU time used per query, which is useful to study performance isolated from network latencies. The full changelog can be read here[1]. The tarball is available on downloads.powerdns.com[2] (signature[3]) and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Artful, Trusty, Xenial and Zesty are available from repo.powerdns.com. Please send us all feedback and issues you might have via the mailinglist, or in case of a bug, via GitHub[4]. 1 - https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.0 2 - https://downloads.powerdns.com/releases/pdns-recursor-4.1.0.tar.bz2 3 -
