[Pdns-users] NOTIFY by pdns master with ldap backend in next authoritative server releases?

Nikolaos Milas nmilas at admin.noa.gr
Fri Sep 24 21:54:58 UTC 2010 

  I know that ldap backend does not support NOTIFY (so it neither 
supports master/slave operation), and that this is due to LDAP 
specifications (or so). The same problem exists e.g. in BIND9 with sdb 
(ldap backend).

The non-availability of triggers in openldap (the most widespread ldap 
server) makes things worse, as external solutions (to trace changes and 
force AXFRs) are not easily feasible.

However, also knowing that there is a patch for BIND9/sdb/ldap (see 
here: http://www.pramberger.at/peter/software/patches/) that enables 
NOTIFY (based on serial number values in SOA record), I was wondering 
whether we can hope for such a feature in the next pdns release.

Couldn't it be implemented so the administrator would be able to enable 
it using a setting in pdns.conf:  e.g. Master=on ? OK, slaving (with 
ldap backend) is more complex in implementation, but master operation by 
comparing serial numbers and sending NOTIFY, sounds feasible.

So, can we hope for such a feature to be included in the next official 
release or, if you deem this is undesirable due to whatever specs, could 
it be offered as a patch, as the BIND/sdb one, or even as a Lua script ? 
(I wish I could do it myself, but I am not a developer; however, I 
believe this should be included in the code). It would solve significant 
problems in slave synchronization, when the slave backend cannot be ldap 
as well.

If not, can you suggest any other good solution(s) to trace ldap record 
changes and force AXFRs to slaves?

Additional Notes:
1. I didn't like the solution to use slapo-accesslog and trace ldap 
changes in order to be able to run triggers (suggested e.g. here: 
http://www.openldap.org/lists/openldap-software/200703/msg00099.html and 
elsewhere)
2. A solution to use triggers in openldap indicated by Jan-Piet Mens 
(here: 
http://blog.fupps.com/2008/07/11/i-finally-get-openldap-triggers/) is 
obviously not mature and published.
3. I don't find it a good idea to write an external script to scan (& 
store & compare) SOA serials in ldap and run it periodically as a cron job.
4. I even thought of this (scientific fiction) scenario; Use multiple 
instances of pdns on one box: One would be using an ldap slave backend 
(with native ldap replication). A second would be a slave (to the first 
instance) using BIND zone files: this would use a very short TTL to 
allow frequent AXFRs on the same box). Then, a third instance would be 
configured as a master (to be able to send Notify) using the zone files 
created by the second instance slave! I don't know if this is 
technically feasible, but in the end I didn't like this idea either.)

Thanks,
Nick

More information about the Pdns-users mailing list