[Pdns-users] Status of the LDAP backend in 3.0 release
nmilas at admin.noa.gr
Sat Apr 30 08:00:57 UTC 2011
On 23/3/2011 11:05 πμ, bert hubert wrote:
> To clarify, PowerDNS development happens because one or more of the
> following three reasons:
> We also develop quite some things because, frankly, we find them cool
> For LDAP, right now none if these things is the case. 1) We don't feel that
> LDAP is a particularly good or interesting place to store DNS data. It will
> for example have big problems with PowerDNSSEC because of lack of ordering.
Although there has been some time since this thread started, and nothing
has changed in essence (we have no news from Udo Rader who offered to
work on the issues), I would like to add a couple of points.
1. I really find storing DNS records in LDAP cool and fun, and I have
been wondering why there is so little interest for it.
2. I have discussed the issue in openldap mailing list (see:
and the associated thread) and people there think too that:
* LDAP *IS *the best place to store DNS data
* Maintaining/evolving the PowerDNS LDAP backend is "interesting and
worthwhile" (but noone volunteered to work on it, at least yet)
As I have said in the past, I agree with the above. It strikes me that,
although LDAP seems perhaps the best solution to store DNS records (at
least from a potential performance perspective), there seems to be so
little use of it! I will attribute this to:
(a) BIND ldap backend (dlz / sdb) being highly experimental and
practically unsuitable for production
(b) lack of publicity about PowerDNS itself, let alone its LDAP backend.
(c) lack of "critical momentum" for PowerDNS - LDAP, mainly caused
by lack of case studies, performance test results (e.g. LDAP vs
MySQL backends), white papers, studies with focus on large domains,
etc. - to prove beyond doubt it's worth it even for enterprise use.
(d) lack of nice management tools that would allow (LDAP-stored) DNS
Record management using an easy and efficient GUI (which would also
enforce all needed checks when changing records etc.) The reason for
this is (b) and (c) above. But, there is some ongoing activity on
this (see for example the GoSA project:
For our organization's needs, we have developed a php application
which is very convenient (but would require a lot of work to become
more generic and programming is rather non-professional).
So, considering the above, I would like to underline that LDAP should
NOT become unmaintained:
(i) It would not be difficult to include at least the proposed patch
for Ticket #313
in one v3.0 build so we can install and test.
(ii) I would encourage PowerDNS developers to only provide a
solution for Ticket #260 (= #323) (this time/effort should be very
low) which is the minimum to keep LDAP backend in production status
in the new versions. So, it will gain time to hopefully build up
(b), (c), (d) above.
I have no personal reasons to promote this work (it would have been
easier for me and would require much less time than what I am doing now
to switch to any other backend), but, feeling comfortable in a nice
community like this, I have publicly expressed my feelings regarding
what I believe is/should be a real power in PowerDNS which we all want
More information about the Pdns-users