[Pdns-users] NOTIFY by pdns master with ldap backend in next authoritative server releases?

Nikolaos Milas nmilas at admin.noa.gr
Tue Oct 5 11:05:02 UTC 2010 

  Until this issue is resolved and pdns/ldap becomes capable of sending 
Notify messages as Master, I had to find a temporary - I hope - 
solution, and now I have managed to bring it to a working mode.

So, I have installed notify-dns-slaves included in the package 
slapi-dnsnotify-0.2.1.tar.gz (see 
http://memberwebs.com/stef/software/slapi-dnsnotify/).
[I remind you that slapi-dnsnotify plugin could not be loaded by the 
standard Openldap 2.3.43 CentOS package.]
Then, I created this little script (remember I'm in CentOS 5.5):

    #!/bin/bash

    # Find the current zone serial number and store it in newsn variable.
    # Note that "grep sysadmin" is there to isolate the sOARecord line
    from the output of ldapsearch,
    # simply because I'm using sysadmin at example.com as the DNS
    administrator email.
    # awk then isolates the serial number from the SOA line.
    #
    newsn=`ldapsearch -x -D "uid=userxxx,ou=system,dc=example,dc=com" -w
    ************ -s sub -b \
    "ou=dns,dc=example,dc=com"
    "(&(dc:dn:=10.10.10.in-addr.arpa)(soarecord=*))" \
    soarecord | grep sysadmin | awk '{ print $4 }'`

    # This is where the most recent serial number is saved
    File=/etc/pdns/notifyscr/reversesn.txt

    # Read the latest stored serial number from the above file
    {
    read oldsn
    } < $File

    # If serial has been incremented, store the new serial in the place
    of the old one, then send Notify to server 10.10.10.101
    #
    if [ "$newsn" -gt "$oldsn" ]
    then
    echo $newsn > /etc/pdns/notifyscr/reversesn.txt
    /usr/local/bin/notify-dns-slaves 10.10.10.in-addr.arpa 10.10.10.101
    fi

    exit 0

We have to repeat the above for any other (forward or reverse zone). So, 
I have "multiplied" it by 7 (1 forward, 6 reverse zones). The script 
(when *not* sending Notify) for the 7 zones runs in 345 ms (every three 
minutes), which means that it doesn't cause any serious load to my server.

Finally, we schedule the script in cron to run as often as we want (I 
run it every three minutes to achieve slave DNS server sync in three 
minutes max):

    # Run the script every three minutes, and do not send email
    notifications
    */3 * * * * /etc/pdns/notifyscr/scr1 >/dev/null 2>&1

If someone can optimize the script, or make it in a form which would 
deal with many zones without repeating the same piece of source code, it 
would be a welcome addition. I might work on it too, when I have time.

I have not managed to find a solution on implementing triggered Notify 
(I might try openldap accesslog overlay, as indicated in some discussions).

The above is a working solution (at least when few zones are involved). 
Still, - even by its nature - it *underlines the importance of 
supporting Notify natively in powerdns / ldap backend*.

Thanks again to Jean-Piet Mens for notify-dns-slaves tool.

Nick


On 2/10/2010 4:58 ΌΌ, Nikolaos Milas wrote:
> I have now filed a bug ("new enhancement") for this, it's No. 318. 
> (http://wiki.powerdns.com/trac/ticket/318).
>
>

More information about the Pdns-users mailing list