HI Nick, The powerdns plugin for GOsa is finished, but the lack of DNSSEC and the chance of drop this feature in future versions of powerdns force the debian-edu project to choose bind in place of powerdns for the next version of debian-edu.<div>
<br></div><div>The plugin use the same design as bind9 and the repository is here: <meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="https://oss.gonicus.de/labs/gosa-contrib/browser/powerdns">https://oss.gonicus.de/labs/gosa-contrib/browser/powerdns</a></div>
<div><br></div><div><a href="https://oss.gonicus.de/labs/gosa-contrib/browser/powerdns"></a>The other real option to use in LDAP is binddlz project but is experimental and very complex to use in any tool, but have all the features :(.</div>
<div><br></div><div>I really like to see a update of the powerdns-ldap plugin because also I think that ldap is a really good backend to manage DNS.</div><div><br></div><div>Thanks</div><div><br><div class="gmail_quote">2011/4/30 Nick Milas <span dir="ltr"><<a href="mailto:nmilas@admin.noa.gr" target="_blank">nmilas@admin.noa.gr</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On 23/3/2011 11:05 ðì, bert hubert wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
To clarify, PowerDNS development happens because one or more of the<br>
following three reasons:<br>
<br></div>
...<div><br>
<br>
We also develop quite some things because, frankly, we find them cool<br>
<br>
For LDAP, right now none if these things is the case. 1) We don't feel that<br>
LDAP is a particularly good or interesting place to store DNS data. It will<br>
for example have big problems with PowerDNSSEC because of lack of ordering.<br>
<br>
</div></blockquote>
Although there has been some time since this thread started, and nothing has changed in essence (we have no news from Udo Rader who offered to work on the issues), I would like to add a couple of points.<br>
<br>
1. I really find storing DNS records in LDAP cool and fun, and I have been wondering why there is so little interest for it.<br>
2. I have discussed the issue in openldap mailing list (see: <a href="http://www.openldap.org/lists/openldap-technical/201104/msg00363.html" target="_blank">http://www.openldap.org/lists/openldap-technical/201104/msg00363.html</a> and the associated thread) and people there think too that:<br>
<br>
* LDAP *IS *the best place to store DNS data<br>
* Maintaining/evolving the PowerDNS LDAP backend is "interesting and<br>
worthwhile" (but noone volunteered to work on it, at least yet)<br>
<br>
As I have said in the past, I agree with the above. It strikes me that, although LDAP seems perhaps the best solution to store DNS records (at least from a potential performance perspective), there seems to be so little use of it! I will attribute this to:<br>
<br>
(a) BIND ldap backend (dlz / sdb) being highly experimental and<br>
practically unsuitable for production<br>
(b) lack of publicity about PowerDNS itself, let alone its LDAP backend.<br>
(c) lack of "critical momentum" for PowerDNS - LDAP, mainly caused<br>
by lack of case studies, performance test results (e.g. LDAP vs<br>
MySQL backends), white papers, studies with focus on large domains,<br>
etc. - to prove beyond doubt it's worth it even for enterprise use.<br>
(d) lack of nice management tools that would allow (LDAP-stored) DNS<br>
Record management using an easy and efficient GUI (which would also<br>
enforce all needed checks when changing records etc.) The reason for<br>
this is (b) and (c) above. But, there is some ongoing activity on<br>
this (see for example the GoSA project:<br>
<a href="http://www.mail-archive.com/debian-edu@lists.debian.org/msg21887.html" target="_blank">http://www.mail-archive.com/debian-edu@lists.debian.org/msg21887.html</a>).<br>
For our organization's needs, we have developed a php application<br>
which is very convenient (but would require a lot of work to become<br>
more generic and programming is rather non-professional).<br>
<br>
So, considering the above, I would like to underline that LDAP should NOT become unmaintained:<br>
<br>
(i) It would not be difficult to include at least the proposed patch<br>
for Ticket #313<br>
(<a href="http://mailman.powerdns.com/pipermail/pdns-users/2010-September/007004.html" target="_blank">http://mailman.powerdns.com/pipermail/pdns-users/2010-September/007004.html</a>)<br>
in one v3.0 build so we can install and test.<br>
(ii) I would encourage PowerDNS developers to only provide a<br>
solution for Ticket #260 (= #323) (this time/effort should be very<br>
low) which is the minimum to keep LDAP backend in production status<br>
in the new versions. So, it will gain time to hopefully build up<br>
(b), (c), (d) above.<br>
<br>
I have no personal reasons to promote this work (it would have been easier for me and would require much less time than what I am doing now to switch to any other backend), but, feeling comfortable in a nice community like this, I have publicly expressed my feelings regarding what I believe is/should be a real power in PowerDNS which we all want to thrive.<br>
<br>
Regards,<br><font color="#888888">
Nick</font><div><div></div><div><br>
<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Alejandro Escanero Blanco<br>Administrador de Sistemas GNU/Linux<br>Desarrollador de GOsa (<a href="http://www.gosa-project.org" target="_blank">http://www.gosa-project.org</a>)<br>
Blog: <a href="http://www.mylifebetweencomputers.com" target="_blank">http://www.mylifebetweencomputers.com</a><br>Jabber: <a href="mailto:blainett@jabberes.com" target="_blank">blainett@jabberes.com</a><br>
</div>