...
This site is in the process of being reviewed and updated.
...
5.6. DNS Protocol Provider
...
Introduction
The ApacheDS Domain Name Service (DNS) provider implements
RFC 1034RFC 1034http://www.faqs.org/rfcs/rfc1034.html
RFC 1035RFC 1035http://www.faqs.org/rfcs/rfc1034.html
The DNS provider plugins into the Apache Directory server. As a plugin, the DNS provider uses the network layer (MINA) for front-end services and the Apache Directory read-optimized backing store via JNDI for a persistent store.
...
On Linux, a typical invocation of dig looks like:
...
...
If no type argument is supplied, dig will perform a lookup for an A record. For example:
...
ApacheDS schema for storing DNS zones in LDAP
...
An example entry using the STRUCTURAL objectClass domain
...
The AUXILIARY 'domain' objectClass
...
An example entry using the AUXILIARY objectClass dcObject
...
...
Resources
RFC 2247 - Using Domains in LDAP/X.500 Distinguished NamesRFC 2247 - Using Domains in LDAP/X.500 Distinguished Nameshttp://www.faqs.org/rfcs/rfc2247.html
DNS Best Practices
DNS Testing Tool
Useful tool for testing DNS configuration:
www.dnsreport.comwww.dnsreport.comhttp://www.dnsreport.com/
There are other tools available from the same people, at
www.dnsstuff.comwww.dnsstuff.comhttp://www.dnsstuff.com/
- MX - Change MX records from CNAME's to A records. This is supposed to improve lookup speed and MX pointing to CNAME's is an RFC violation.
- SOA - Change SOA values to come in line with recommended values, per dnsreports.com.
- PTR - Add PTR records for server1.example.com. This is to address an error being generated by AOL and Hotmail, which use reverse lookups on mail servers to weed out spam. Mail on the example.com mailing lists has increasingly been bounced by AOL and Hotmail as spam and header inspection points to lack of PTR record. Setting PTR records at the hosting provider is a relatively new feature, probably added to address this problem.
...
Unit tests for all 6.2.*
Key algorithm 4.3.1 & 4.3.2
Sender Permitted From
Sender Permitted FromSender Permitted Fromhttp://spf.pobox.com/
is a DNS-based method for preventing SMTP spoofing.
Secret Key Transaction Authentication for DNS (TSIG)
RFC 2845RFC 2845http://www.faqs.org/rfcs/rfc2845.html