Linux HOWTOs

About | Home | Search


HOWTO: bind9-ldap
Description: Domain Name System server, resolver library, and related tools
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything


# ISC bind 9.2.2 w/ LDAP sdb
# ==============
# Prerequisites:
# OpenSSL 0.9.6e or higher

cd
test -f installed/bind-9.2.2.tar.gz && mv installed/bind-9.2.2.tar.gz .
test ! -f bind-9.2.2.tar.gz &&
 wget ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz

# Verify tarball w/ gpg:
gpg --list-keys 51BAB2ED > /dev/null 2>&1 || gpg --recv-keys 51BAB2ED
wget ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz.asc &&
 gpg --verify bind-9.2.2.tar.gz.asc && rm bind-9.2.2.tar.gz.asc

cd /usr/local/src
find -type d -maxdepth 1 -name "bind-*" -exec rm -r {} \;
tar xzvf ~/bind-9.2.2.tar.gz
cd bind-9.2.2
chown -R root.root .

# Patch the source to set it up for LDAP sdb:
rm -f ~/installed/bind-*-ldap-sdb.patch
wget http://englanders.cc/pub/linux/patches/bind-9.2.2-ldap-sdb.patch
patch -p1 < ./bind-9.2.2-ldap-sdb.patch &&
 mv bind-9.2.2-ldap-sdb.patch ~/installed/

./configure \
 --prefix=/usr \
 --sysconfdir=/etc \
 --localstatedir=/var \
 --enable-threads \
 --with-openssl=/usr/local/ssl
make
removepkg bind
make install

# zone2ldap: import a zone file into an LDAP db
cd contrib/sdb/ldap
gcc -g `../../../isc-config.sh --cflags isc dns` -c zone2ldap.c
gcc -g -o zone2ldap zone2ldap.o `../../../isc-config.sh --libs isc dns`\
 -lldap -llber -lresolv
cp zone2ldap /usr/local/bin/
cp zone2ldap.1 /usr/local/man/man1/

cd
mkdir -p installed
rm -f installed/bind-*.tar.*
mv bind-9.2.2.tar.gz installed/

# Add the dNSZone schema to OpenLDAP
test -d /usr/local/etc/openldap/schema &&
 ( cd /usr/local/etc/openldap/schema ; \
 wget -N http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt )
# Open up slapd.conf in a text editor and make sure you have this line:
include /usr/local/etc/openldap/schema/cosine.schema
# and now this line:
include /usr/local/etc/openldap/schema/dnszone-schema.txt
# Kill slapd (and slurpd if this is a master) and restart it (and slurpd...)

# Add ou=dns to the LDAP db
# I also add ou=internal,ou=dns and ou=external,ou=dns for views
cd /usr/local/etc/openldap
echo "dn: ou=dns,dc=foo,dc=org" > ldif.add
echo "objectClass: organizationalUnit" >> ldif.add
echo "ou: dns" >> ldif.add
echo >> ldif.add
echo "dn: ou=internal,ou=dns,dc=foo,dc=org" >> ldif.add
echo "objectClass: organizationalUnit" >> ldif.add
echo "ou: internal" >> ldif.add
echo >> ldif.add
echo "dn: ou=external,ou=dns,dc=foo,dc=org" >> ldif.add
echo "objectClass: organizationalUnit" >> ldif.add
echo "ou: external" >> ldif.add
ldapadd -x -D "cn=Manager,dc=foo,dc=org" -W -f ldif.add 

# Inport a zone file into LDAP (one that isn't already there (-c)):
zone2ldap -D cn=manager,dc=foo,dc=org -w secret -h localhost \
-z customer.com -b ou=internal,ou=dns,dc=foo,dc=org \
-f /var/named/master/internal/customer.com -c

# Set it up in named.conf.  Replace the nornal file line with this:
#file "master/internal/customer.com";
database "ldap ldap://192.168.0.2/dc=customer,dc=com,ou=internal,ou=dns,dc=foo,dc=org 172800";

Back to the list


Last updated: Tue, 07 Aug 2018 12:06:17 -0400
Jason Englander <jason at englanders dot us>