Page History

{scrollbar}

...

5.6.

...

DNS

...

Protocol

...

Provider

...

Introduction

The ApacheDS Domain Name Service (DNS) provider implements

{link:RFC 1034|http://www.faqs.org/rfcs/rfc1034.html}{link}

...

{link:RFC 1035|http://www.faqs.org/rfcs/rfc1034.html}{link}

...

...

service

...

DNS

...

Protocol

...

requests.

...

The

...

DNS

...

provider

...

plugins

...

into

...

the

...

Apache

...

Directory

...

server.

...

As

...

a

...

plugin,

...

the

...

DNS

...

provider

...

uses

...

the

...

network

...

layer

...

(MINA)

...

for

...

front-end

...

services

...

and

...

the

...

Apache

...

Directory

...

read-optimized

...

backing

...

store

...

via

...

JNDI

...

for

...

a

...

persistent

...

store.

...

The

...

ApacheDS

...

DNS

...

provider,

...

in

...

conjunction

...

with

...

MINA

...

and

...

the

...

ApacheDS

...

LDAP

...

JNDI

...

store,

...

provides

...

an

...

easy-to-use

...

yet

...

fully-featured

...

name

...

resolution

...

service.

...

As

...

implemented

...

within

...

the

...

Apache

...

Directory,

...

it

...

will

...

provide:

...

• Domain

...

• name

...

• service

...

• (RFC

...

• 1034,

...

• 1035)

...

• Service

...

• location

...

• support

...

• (SRV)

...

• (RFC

...

• 2782)

...

• Certificate

...

• support

...

• (CERT)

...

• (RFC

...

• 2782)

...

• Security

...

• Extensions

...

• (DNSSEC)

...

• (RFC

...

• 2535)

...

• Secure

...

• query

...

• and

...

• dynamic

...

• update

...

• support

...

• (GSS-TSIG)

...

• (RFC

...

• 3645)

...

• LDAP/JMX

...

• management

...

• UDP

...

• and

...

• TCP

...

• Support

...

• (MINA)

...

• Easy

...

• POJO

...

• embeddability

...

• for

...

• containers

...

• such

...

• as

...

• Geronimo,

...

• JBoss,

...

• and

...

• OSGi

...

Basic

...

Testing

...

On

...

Linux,

...

a

...

typical

...

invocation

...

of

...

dig

...

looks

...

like:

{

Code Block
} dig @server name type {code}

If

...

no

...

type

...

argument

...

is

...

supplied,

...

dig

...

will

...

perform

...

a

...

lookup

...

for

...

an

...

A

...

record.

...

For

...

example:

{

Code Block

} bash-2.05b# dig @localhost www.example.com {code} h3. ApacheDS schema for storing DNS zones in LDAP h5. Abstract objectClass used to build all DNS record objectclasses ||objectclass||apacheDnsAbstractRecord|| |apacheDnsName |A sequence of labels representing a domain name or host name| |apacheDnsType |The type of a resource record| |apacheDnsClass |The class of a resource record| |apacheDnsTtl |An integer denoting time to live| h5. Address (A) record ||objectclass||apacheDnsAddressRecord|| |apacheDnsName |A sequence of labels representing a domain name or host name| |apacheDnsType |The type of a resource record| |apacheDnsClass |The class of a resource record| |apacheDnsTtl |An integer denoting time to live| |apacheDnsIpAddress|A 4 octet IP address| h5. Pointer (PTR) record ||objectclass||apacheDnsPointerRecord|| |apacheDnsName |A sequence of labels representing a domain name or host name| |apacheDnsType |The type of a resource record| |apacheDnsClass |The class of a resource record| |apacheDnsTtl |An integer denoting time to live| |apacheDnsDomainName|A domain or sequence dotted labels| h5. Name Server (NS) record ||objectclass||apacheDnsNameServerRecord|| |apacheDnsName |A sequence of labels representing a domain name or host name| |apacheDnsType |The type of a resource record| |apacheDnsClass |The class of a resource record| |apacheDnsTtl |An integer denoting time to live| |apacheDnsDomainName|A domain or sequence dotted labels| h5. Start Of Authority (SOA) record ||objectclass||apacheDnsStartOfAuthorityRecord|| |apacheDnsName |A sequence of labels representing a domain name or host name| |apacheDnsType |The type of a resource record| |apacheDnsClass |The class of a resource record| |apacheDnsTtl |An integer denoting time to live| |apacheDnsSoaMName|A domain of the server that was the primary source of data for this zone| |apacheDnsSoaRName|The domain which specifies the mailbox of the person responsible for this zone| |apacheDnsSoaSerial|The unsigned 32 bit ver num of the original copy of the zone| |apacheDnsSoaRefresh|A 32 bit time interval before the zone should be refreshed| |apacheDnsSoaRetry|A 32 bit time interval that should elapse before a failed refresh should be retired| |apacheDnsSoaExpire|A 32 bit time value that specifies the upper limit on the time interval that can elapse before the zone is no longer authoritative| |apacheDnsSoaMinimum|The unsigned 32 bit minimum TTL field that should be exported with any RR from this zone.| h3. Configuring DNS Zones !zones.jpg|align=center! h4. The STRUCTURAL 'dcObject' objectClass (

ApacheDS schema for storing DNS zones in LDAP

Abstract objectClass used to build all DNS record objectclasses

Address (A) record

Pointer (PTR) record

Name Server (NS) record

Start Of Authority (SOA) record

Configuring DNS Zones

Image Added

The STRUCTURAL 'dcObject' objectClass

( 1.3.6.1.4.1.1466.344

...

NAME

...

'dcObject'

...

SUP

...

top

...

AUXILIARY

...

MUST

...

dc

...

)

...

An

...

example

...

entry

...

using

...

the

...

STRUCTURAL

...

objectClass

...

domain

}
dn: dc=tcp,dc=example,dc=com
objectClass: top
objectClass: domain
dc: tcp
description: a placeholder entry used with SRV records
{code}

h4. The AUXILIARY 

The AUXILIARY 'domain'

...

objectClass

...

(

...

0.9.2342.19200300.100.4.13

...

NAME

...

'domain'

...

SUP

...

top

...

STRUCTURAL

...

MUST

...

dc

...

MAY

...

(

...

userPassword

...

$

...

searchGuide

...

$

...

seeAlso

...

$

...

businessCategory

...

$

...

x121Address

...

$

...

registeredAddress

...

$

...

destinationIndicator

...

$

...

preferredDeliveryMethod

...

$

...

telexNumber

...

$

...

teletexTerminalIdentifier

...

$

...

telephoneNumber

...

$

...

internationaliSDNNumber

...

$

...

facsimileTelephoneNumber

...

$

...

street

...

$

...

postOfficeBox

...

$

...

postalCode

...

$

...

postalAddress

...

$

...

physicalDeliveryOfficeName

...

$

...

st

...

$

...

l

...

$

...

description

...

$

...

o

...

$

...

associatedName

...

)

...

)

...

An

...

example

...

entry

...

using

...

the

...

AUXILIARY

...

objectClass

...

dcObject

}
dn: dc=example,dc=com
objectClass: top
objectClass: organization
objectClass: dcObject
dc: example
o: Example Inc.
{code}

h4. Resources
- 

Resources

• Wiki Markup
  {link:RFC 2247 - Using Domains in LDAP/X.500 Distinguished Names|http://www.faqs.org/rfcs/rfc2247.html

...

• }{link}

DNS Best Practices

DNS Testing Tool

Useful tool for testing DNS configuration:

{link:www.dnsreport.com|http://www.dnsreport.com/}{link}

...

There

...

are

...

other

...

tools

...

available

...

from

...

the

...

same

...

people,

...

at

{link:www.dnsstuff.com|http://www.dnsstuff.com/}{link}

...

but

...

I

...

have

...

not

...

tested

...

any

...

of

...

them.

...

1. MX

...

1. -

...

1. Change

...

1. MX

...

1. records

...

1. from

...

1. CNAME's

...

1. to

...

1. A

...

1. records.

...

1. This

...

1. is

...

1. supposed

...

1. to

...

1. improve

...

1. lookup

...

1. speed

...

1. and

...

1. MX

...

1. pointing

...

1. to

...

1. CNAME's

...

1. is

...

1. an

...

1. RFC

...

1. violation.

...

2. SOA

...

1. -

...

1. Change

...

1. SOA

...

1. values

...

1. to

...

1. come

...

1. in

...

1. line

...

1. with

...

1. recommended

...

1. values,

...

1. per

...

1. dnsreports.com.

...

2. PTR

...

1. -

...

1. Add

...

1. PTR

...

1. records

...

1. for

...

1. server1.example.com.

...

1. This

...

1. is

...

1. to

...

1. address

...

1. an

...

1. error

...

1. being

...

1. generated

...

1. by

...

1. AOL

...

1. and

...

1. Hotmail,

...

1. which

...

1. use

...

1. reverse

...

1. lookups

...

1. on

...

1. mail

...

1. servers

...

1. to

...

1. weed

...

1. out

...

1. spam.

...

1. Mail

...

1. on

...

1. the

...

1. example.com

...

1. mailing

...

1. lists

...

1. has

...

1. increasingly

...

1. been

...

1. bounced

...

1. by

...

1. AOL

...

1. and

...

1. Hotmail

...

1. as

...

1. spam

...

1. and

...

1. header

...

1. inspection

...

1. points

...

1. to

...

1. lack

...

1. of

...

1. PTR

...

1. record.

...

1. Setting

...

1. PTR

...

1. records

...

1. at

...

1. the

...

1. hosting

...

1. provider

...

1. is

...

1. a

...

1. relatively

...

1. new

...

1. feature,

...

1. probably

...

1. added

...

1. to

...

1. address

...

1. this

...

1. problem.

...

Notes

A Zone is a Pruned Subtree

4.2

...

Zone

...

"pruned

...

subtree."

...

Subtree

...

of

...

1..n

...

nodes/domainNames

...

Zones

...

are

...

split

...

by

...

org

...

control

...

A

...

zone

...

is

...

a

...

set

...

of

...

types.

...

Highest

...

node

...

contains

...

SOA.

...

SOA

...

is

...

1..1

...

with

...

highest

...

node.

...

Below

...

SOA

...

is

...

authoritative.

...

Highest

...

node

...

contains

...

1..n

...

NS.

...

Authoritative

...

NS

...

only

...

at

...

top

...

of

...

zone.

...

A

...

domain

...

name

...

id's

...

a

...

node.

...

A

...

node

...

is

...

a

...

set

...

of

...

RR's.

...

NS

...

in

...

leaf

...

is:

...

• non-authoritative

...

• referral
• aka "delegation

...

• NS

...

• RR"

...

A

...

in

...

leaf

...

is:

...

• non-authoritative

...

• aka

...

• "glue

...

• RR"

...

Iterative

...

-

...

server

...

refers

...

client

...

(preferred,

...

required)

...

Recursive

...

-

...

server

...

persues

...

query

...

for

...

client

...

(optional)

...

Cache

...

-

...

in-memory

...

partition

...

non-authoritative

...

Authority

...

-

...

points

...

to

...

authority

...

Non-recursive

...

4.3.1

...

1. error
2. answer
3. referral

Unit tests for all 6.2.*

...

Key

...

algorithm

...

4.3.1

...

&

...

4.3.2

...

Sender

...

Permitted

...

From

• Wiki Markup
  {link:Sender Permitted From|http://spf.pobox.com/}{link}

...

• is

...

• a

...

• DNS-based

...

• method

...

• for

...

• preventing

...

• SMTP

...

• spoofing.

...

Secret

...

Key

...

Transaction

...

Authentication

...

for

...

DNS

...

(TSIG)

...

• Wiki Markup
  {link:RFC 2845|http://www.faqs.org/rfcs/rfc2845.html}{link}