Versions Compared

Old Version 14

changes.mady.by.user Emmanuel Lécharny

Saved on

compared with

New Version Current

changes.mady.by.user Emmanuel Lécharny

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

This site is in the process of being reviewed and updated.

...

5.6. DNS Protocol Provider

...

Introduction

The ApacheDS Domain Name Service (DNS) provider implements

RFC 1034RFC 1034http://www.faqs.org/rfcs/rfc1034.html

RFC 1035RFC 1035http://www.faqs.org/rfcs/rfc1034.html

The DNS provider plugins into the Apache Directory server. As a plugin, the DNS provider uses the network layer (MINA) for front-end services and the Apache Directory read-optimized backing store via JNDI for a persistent store.

...

On Linux, a typical invocation of dig looks like:

...

...

If no type argument is supplied, dig will perform a lookup for an A record. For example:

...

ApacheDS schema for storing DNS zones in LDAP

...

An example entry using the STRUCTURAL objectClass domain

...

The AUXILIARY 'domain' objectClass

...

An example entry using the AUXILIARY objectClass dcObject

...

...

Resources

  • RFC 2247 - Using Domains in LDAP/X.500 Distinguished NamesRFC 2247 - Using Domains in LDAP/X.500 Distinguished Nameshttp://www.faqs.org/rfcs/rfc2247.html

DNS Best Practices

DNS Testing Tool

Useful tool for testing DNS configuration:

www.dnsreport.comwww.dnsreport.comhttp://www.dnsreport.com/

There are other tools available from the same people, at

www.dnsstuff.comwww.dnsstuff.comhttp://www.dnsstuff.com/

  1. MX - Change MX records from CNAME's to A records. This is supposed to improve lookup speed and MX pointing to CNAME's is an RFC violation.
  2. SOA - Change SOA values to come in line with recommended values, per dnsreports.com.
  3. PTR - Add PTR records for server1.example.com. This is to address an error being generated by AOL and Hotmail, which use reverse lookups on mail servers to weed out spam. Mail on the example.com mailing lists has increasingly been bounced by AOL and Hotmail as spam and header inspection points to lack of PTR record. Setting PTR records at the hosting provider is a relatively new feature, probably added to address this problem.

...

Unit tests for all 6.2.*
Key algorithm 4.3.1 & 4.3.2

Sender Permitted From

  • Sender Permitted FromSender Permitted Fromhttp://spf.pobox.com/

    is a DNS-based method for preventing SMTP spoofing.
Secret Key Transaction Authentication for DNS (TSIG)

  • RFC 2845RFC 2845http://www.faqs.org/rfcs/rfc2845.html