slapi-dnsnotify: Configuring slave notifications for LDAP based DNS servers

slapi-dnsnotify watches for changes in the serial number of a DNS zone stored in the LDAP server, and notifies DNS slave servers to refresh their copy of the zone. It can also increment the serial number of a zone whenever changes in that zone are made.

OpenLDAP + PowerDNS

Here's how to configure slapi-dnsnotify with PowerDNS and OpenLDAP. The following assumes that you already have a working DNS server using PowerDNS and have configured its LDAP plugin. PowerDNS uses the dnsdomain2.schema schema.

Add the following to your slapd.conf. Be sure to substitute the base-dn argument with the base DN of your LDAP DNS tree. Also if the plugin was installed to a different location than /usr/local update the path below to reflect that.

plugin postoperation /usr/local/lib/slapi-dnsnotify.so plugin_init \
	base-dn=dc=example,dc=com zone-attribute=associatedDomain \
	enable-auto-serial notify-delay=10

Restart openldap. slapi-dnsnotify logs to the syslog daemon facility, which is usually logged to /var/log/daemon.log. Use the log file to troubleshoot problems.

With the above configuration the serial number in your sOARecord will be updated when a zone changes, and the name servers in your nSRecord attribute will be notified of the change.

See the manual page for more detailed information.

OpenLDAP + Bind + SDB LDAP

Here's how to configure slapi-dnsnotify with Bind + SDB LDAP and OpenLDAP. The following assumes that you already have a working DNS server using Bind and have properly configured its SDB LDAP plugin. SDB LDAP uses the dnszone.schema schema.

Add the following to your slapd.conf. Be sure to substitute the base-dn argument with the base DN of your LDAP DNS tree. Also if the plugin was installed to a different location than /usr/local update the path below to reflect that.

plugin postoperation /usr/local/lib/slapi-dnsnotify.so plugin_init \
	base-dn=dc=example,dc=com zone-attribute=zoneName \
	enable-auto-serial notify-delay=10

Restart openldap. slapi-dnsnotify logs to the syslog daemon facility, which is usually logged to /var/log/daemon.log. Use the log file to troubleshoot problems.

With the above configuration the serial number in your zoneName will be updated when a zone changes, and the name servers in your nSRecord attribute will be notified of the change.

See the manual page for more detailed information.

   [ slapi-dns-notify | home page ]