[Pdns-users] LDAP backend and subdomain delegation

Mon Sep 12 13:59:10 UTC 2011

On 12/9/2011 3:41 ÃÅÃÅ, Cyril Jaquier wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> I'm trying to setup a subdomain delegation using the LDAP backend but
> did not manage to get it working so far. I found this post on the web
> and that is exactly the problem I'm facing:
>

Hi Cyril,

According to this thread: 
http://www.mail-archive.com/pdns-users@mailman.powerdns.com/msg01488.html, 
"delegation of normal zones (sub.test.dom) is simple as you only need a 
SOA and a NS record for your subdomain where the NS record points to the 
name server providing records of the subdomain."

Delegation with the LDAP backend should use simple mode, not "tree". (I 
don't know about strict mode.)

Also note:

 1. I have no experience with delegated subdomains using pdns/ldap - we
    are using only virtual subdomains (with no SOA record).
 2. I would say that the best setup should be to have authoritative
    server(s) running on different box(es) than the recursive one(s).
    Yet, with my setup (also with auth server v2.9.22 and recursive
    server on the same box), I have no problems - but no delegations
    either.
    If your recursor runs on another box (standalone), so that all your
    systems query this server and not the authoritative server(s)
    directly, do you still have problems?
 3. Unfortunately, pdns LDAP backend is now unmaintained. No
    developer(s) are currently supporting it; we (pdns/ldap community)
    are looking for one (or more) volunteer(s) developer(s) to continue
    support or individuals/corporations that would finance development.
    Otherwise, we are alone in the desert sticking with what we find
    working.

By the way, are you a new or older user of pdns/LDAP backend?

Let us know of your findings,
Nick