[Pdns-users] Question about logging changes

Michael Ströder michael at stroeder.com
Tue Nov 28 16:10:01 UTC 2017

Dirk Bartley wrote:
> I have been asked to look at some options for assisting my employer to
> alter the way our internal dns is served.  One of the features being
> requested is the ability to log the who, what and when of all changes
> to the data that dns is serving.  Of course when I search for change
> logging, I get the change logs of the code.  Would there be a better
> phrase than "change log" to search for.  Is this the kind of feature
> that already exists, or is this the kind of feature that would be
> better accomplished by writing a front end that we would force everyone
> here to use that does the update.  We are considering using LDAP as a
> backend for the dns service.

How do you plan to maintain the data?

E.g. if you're using LDAP server as backend *and* you're going to
maintain the data via LDAP it more boils down how to audit write
operations on the LDAP server. And this depends on the features of the
LDAP server you're planning to use. Personally I love accesslog overlay
(originally implemented for delta-replication) in OpenLDAP because it
automatigally gives you a perfect audit trail in a separate database.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20171128/53807d24/attachment.bin>

More information about the Pdns-users mailing list