[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
- To: openldap-technical@openldap.org
- Subject: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
- From: Nick Milas <nick@eurobjects.com>
- Date: Thu, 28 Apr 2011 12:31:02 +0300
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9
Hi,
We've been using for several months PowerDNS Authoritative Server v9.22
with LDAP backend (simple mode), using OpenLDAP (v2.4.22) for hosting
our organization's domains (and reverse zones) and it has been working
fine (low query times, reliable etc.) so we enjoy having all our
organization's data stored/maintained in the same DIT in LDAP.
However, as PowerDNS Authoritative Server is preparing for the next
version (3.0), it seems that the LDAP backend will be unmaintained (see:
http://mailman.powerdns.com/pipermail/pdns-users/2011-March/007547.html)
as the LDAP backend developer is no more working on it (see:
http://www.mail-archive.com/pdns-users@mailman.powerdns.com/msg03625.html).
It has been alleged (see ref. above) that "We don't think that LDAP is a
particularly good or interesting place to store DNS data. It will for
example have big problems with PowerDNSSEC because of lack of ordering."
Moreover, PowerDNS LDAP backend (although current open bugs are very few
and of relatively low severity) lacks features (e.g. Notify, which we
implement using custom script, cron and notify-dns-slaves, see:
http://mailman.powerdns.com/pipermail/pdns-users/2010-October/007109.html)
and is not being evolved any more.
Additionally, LDAP/database backend projects for BIND9 (SDB and DLZ) do
not seem very well maintained either. In any case we prefer PowerDNS
approach where backend implementation is cleaner and direct.
So, my questions:
* From the above and your experience, do you consider LDAP should
not be preferred as DNS backend?
* Should LDAP be avoided as a DNS/DNSSEC backend?
* Would any companies / developer(s) from the OpenLDAP world -
perhaps already using or interested in using DNS with LDAP backend
- would be willing to devote some time to fix a couple of small
bugs and keep the very well-designed and developed PowerDNS LDAP
backend in shape? We could even start some community donation
effort (to support this development), but I don't know if there is
sufficient usage/interest in the LDAP backend that would generate
enough funds.
In essence, should we drop LDAP as a DNS Record datastore, due to the
lack of a properly maintained backend and/or unsuitability for (e.g.
DNSSEC) evolution, or you think there IS interest for the maintenance /
evolution of the LDAP backend by the OpenLDAP developers/community (even
by becoming more openldap-oriented rather than being cross-platform)?
Best Regards,
Nick