[Pdns-users] Status of the LDAP backend in 3.0 release

Alejandro aescanero at gmail.com
Sat Apr 30 21:58:44 UTC 2011 

HI Nick, The powerdns plugin for GOsa is finished, but the lack of DNSSEC
and the chance of drop this feature in future versions of powerdns force the
debian-edu project to choose bind in place of powerdns for the next version
of debian-edu.

The plugin use the same design as bind9 and the repository is here:
https://oss.gonicus.de/labs/gosa-contrib/browser/powerdns

<https://oss.gonicus.de/labs/gosa-contrib/browser/powerdns>The other real
option to use in LDAP is binddlz project but is experimental and very
complex to use in any tool, but have all the features :(.

I really like to see a update of the powerdns-ldap plugin because also I
think that ldap is a really good backend to manage DNS.

Thanks

2011/4/30 Nick Milas <nmilas at admin.noa.gr>

> On 23/3/2011 11:05 πμ, bert hubert wrote:
>
>  To clarify, PowerDNS development happens because one or more of the
>> following three reasons:
>>
>> ...
>>
>>
>> We also develop quite some things because, frankly, we find them cool
>>
>> For LDAP, right now none if these things is the case. 1) We don't feel
>> that
>> LDAP is a particularly good or interesting place to store DNS data. It
>> will
>> for example have big problems with PowerDNSSEC because of lack of
>> ordering.
>>
>>  Although there has been some time since this thread started, and nothing
> has changed in essence (we have no news from Udo Rader who offered to work
> on the issues), I would like to add a couple of points.
>
> 1. I really find storing DNS records in LDAP cool and fun, and I have been
> wondering why there is so little interest for it.
> 2. I have discussed the issue in openldap mailing list (see:
> http://www.openldap.org/lists/openldap-technical/201104/msg00363.html and
> the associated thread) and people there think too that:
>
>   * LDAP *IS *the best place to store DNS data
>   * Maintaining/evolving the PowerDNS LDAP backend is "interesting and
>     worthwhile" (but noone volunteered to work on it, at least yet)
>
> As I have said in the past, I agree with the above. It strikes me that,
> although LDAP seems perhaps the best solution to store DNS records (at least
> from a potential performance perspective), there seems to be so little use
> of it! I will attribute this to:
>
>   (a) BIND ldap backend (dlz / sdb) being highly experimental and
>   practically unsuitable for production
>   (b) lack of publicity about PowerDNS itself, let alone its LDAP backend.
>   (c) lack of "critical momentum" for PowerDNS - LDAP, mainly caused
>   by lack of case studies, performance test results (e.g. LDAP vs
>   MySQL backends), white papers, studies with focus on large domains,
>   etc. - to prove beyond doubt it's worth it even for enterprise use.
>   (d) lack of nice management tools that would allow (LDAP-stored) DNS
>   Record management using an easy and efficient GUI (which would also
>   enforce all needed checks when changing records etc.) The reason for
>   this is (b) and (c) above. But, there is some ongoing activity on
>   this (see for example the GoSA project:
>   http://www.mail-archive.com/debian-edu@lists.debian.org/msg21887.html).
>   For our organization's needs, we have developed a php application
>   which is very convenient (but would require a lot of work to become
>   more generic and programming is rather non-professional).
>
> So, considering the above, I would like to underline that LDAP should NOT
> become unmaintained:
>
>   (i) It would not be difficult to include at least the proposed patch
>   for Ticket #313
>   (
> http://mailman.powerdns.com/pipermail/pdns-users/2010-September/007004.html
> )
>   in one v3.0 build so we can install and test.
>   (ii) I would encourage PowerDNS developers to only provide a
>   solution for Ticket #260 (= #323) (this time/effort should be very
>   low) which is the minimum to keep LDAP backend in production status
>   in the new versions. So, it will gain time to hopefully build up
>   (b), (c), (d) above.
>
> I have no personal reasons to promote this work (it would have been easier
> for me and would require much less time than what I am doing now to switch
> to any other backend), but, feeling comfortable in a nice community like
> this, I have publicly expressed my feelings regarding what I believe
> is/should be a real power in PowerDNS which we all want to thrive.
>
> Regards,
> Nick
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>



-- 
Alejandro Escanero Blanco
Administrador de Sistemas GNU/Linux
Desarrollador de GOsa (http://www.gosa-project.org)
Blog: http://www.mylifebetweencomputers.com
Jabber: blainett at jabberes.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110430/933cc115/attachment-0001.html>

More information about the Pdns-users mailing list