Re: [Pdns-users] Can pdns (with ldap backend) be a master of BIND9 slave?
No replies? May I try to answer the question myself?: Quoting from Ch. 10 of pdns doc: "Only the Generic SQL, OpenDBX and BIND backends have the ability to act as master or slave.". This means that pdns is not aware of changes in some zone(s) on the LDAP backend - I reached to the conclusion that serial number in LDAP SOARecord is not supported either - and cannot send NOTIFY to slaves so that they can subsequently request an AXFR. Please confirm. Thanks, N. Milas On 1/9/2010 3:04 μμ, Nikolaos Milas wrote: Hi, I am interested in running pdns (I have already installed latest version, as an rpm on CentOS 5.5) with ldap backend (tree mode). My question is: Is this setup capable of working as a master to a conventional (i.e. with zone files) BIND9 server which will act as a slave? Currently our production servers are BIND (various masters and slaves) and we are looking to migrating to ldap backend using pdns. What I need is to be able to setup my local (authoritative for its name space) pdns/ldap server as Master to (one or more) BIND9 slaves (which are servers not under my control, on an external partner network); the (remote, BIND) slave should mirror the whole namespace managed by the (local) pdns/ldap master server (as it currently does, but from a currently BIND master server). Can this be done and how? The pdns documentation says that ldap backend has no master/slave capabilities. Also the ldap backend documentation refers only to sync on ldap databases, which is not supported (see http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend/Future). But I am not interested on syncing ldap databases (I can do that using openldap syncrepl, to have other pdns/ldap pseudo-slaves). Please advise. N. Milas ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Can pdns (with ldap backend) be a master of BIND9 slave?
Thank you very much Norbert, I assume that such a pdns/ldap master should NOT have a "master=on" setting. Correct? It's just the slave (e.g. slave.example.com) that must have configured itself as a slave to us and we should allow it by having it placed (i.e. the slave.example.com) in our zone's NS records and by adding it to our "allow-axfr-ips" (if needed). Right? Anything else I'm missing? Thank you again for your valuable help, I' m at a critical system design point and must make informed decisions. NM You can use the LDAP backend as master for a BIND slave but it's not possible that the master (with LDAP backend) sends NOTFYs on changes. The slaves will only refresh their data if the TTL timed out. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Can pdns (with ldap backend) be a master of BIND9 slave?
Thanks Norbert, ...both for your replies and for your work with powerdns ldap backend. Is there a plan to include NOTIFY support to pdns/ldap so that it can operate as a true master (regardless of the slave software and back-end) ? [I assume it could make use of the serial number in the sOARecord, as usual.] Such functionality is very useful and widely used. One more issue (because we are using delegated subdomains): I've seen here (http://permalink.gmane.org/gmane.network.dns.powerdns.user/5410 - 2.5 years ago) that there was a bug reported in zone transfers when ldap includes *delegated* subdomains (subzones), and there was not even a workaround when ldap-method=tree. Has this been resolved in current version of pdns (2.9.22), or is it planned to be fixed in a subsequent version? Thanks again, Nick On 2/9/2010 1:56 μμ, Norbert Sendetzky wrote: On 09/02/2010 12:41 PM, Nikolaos Milas wrote: I assume that such a pdns/ldap master should *NOT* have a master=on setting. Correct? Correct. It's just the slave (e.g. slave.example.com) that must have configured itself as a slave to us and we should allow it by having it placed (i.e. the slave.example.com) in our zone's NS records and by adding it to our allow-axfr-ips (if needed). I think so. Norbert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
