The instructions below are outdated.
Getting BIND to directly talk to LDAP can be the stuff of nightmares.
Rather I describe a compromise which works as follows:
This is relatively easy to setup, but obviously there is a <=5 minute delay between you adding an entry to LDAP, and the DNS entry being known to named.
(If you run Samba, you are then in a position to use the wins hook option and have a script which add’s the client’s wins registrations directly to ldap, and hence allow name resolution between many subnets.)
To implement this solution, the following things need to happen:
So, to create a dns zone for foobar.com, create the following entry:
dn: cn=foobar.com,ou=DNS,dc=example,dc=com
dnszonename: foobar.com
dnsclass: IN
dnstype: SOA
dnszonemaster: tim.foobar.com
dnsadminmailbox: tim.foobar.com
dnsminimum: 3600
objectClass: dnszone
cn: foobar.com
dnsserial: 12345
dnsrefresh: 10800
dnsretry: 3600
dnsexpire: 3600
The zone entries are stored under this entry, and the attributes are used like this:
[dnsdomainname] [dnsclass] [dnstype] [dnspreference] [[dnsipaddr] | [dnscname]]
www IN A 192.168.50.50
IN MX 10 mail.foobar.com.
The magic command is:
ldap2dns -b "ou=DNS,dc=example,dc=com" -o db -h localhost
Create the following script in /usr/local/bin/ , I call mine updatedns. (The named.zones file contains an annoying comment which named doesn’t like, so is filtered out)
cd /var/named/chroot/var/named
logger "Updating DNS from ldap..."
ldap2dns -b "ou=DNS,dc=example,dc=com" -o db -h localhost
#modify the named.zones file, as named doesn't like the comment!
cat named.zones | grep -v "^; Auto" > named.zones.corrected
/etc/init.d/named reload
logger "Updated DNS from ldap"
That may need adjusting to suit your distribution, in particular if your named doesn’t run chroot’d
Add the following line to your /etc/named.conf so these zone db files are loaded by named:
include "/var/named/named.zones.corrected";