Versions Compared

Old Version 7

changes.mady.by.user Emmanuel Lécharny

Saved on

compared with

New Version Current

changes.mady.by.user Emmanuel Lécharny

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

This site is in the process of being reviewed and updated.

...

...

5.6. DNS Protocol Provider

...

...

Introduction

The ApacheDS Domain Name Service (DNS) provider implements

Wiki Markup{link:RFC 1034|RFC 1034RFC 1034http://www.faqs.org/rfcs/rfc1034.html}{link}

...

Wiki Markup{link:RFC 1035|RFC 1035RFC 1035http://www.faqs.org/rfcs/rfc1034.html}{link}

...

The DNS provider plugins into the Apache Directory server. As a plugin, the DNS provider uses the network layer (MINA) for front-end services and the Apache Directory read-optimized backing store via JNDI for a persistent store.

...

On Linux, a typical invocation of dig looks like:

...

...

If no type argument is supplied, dig will perform a lookup for an A record. For example:

...

...

ApacheDS schema for storing DNS zones in LDAP

...

An example entry using the STRUCTURAL objectClass domain

...

...

The AUXILIARY 'domain' objectClass

...

An example entry using the AUXILIARY objectClass dcObject

...

...

Resources

  • Wiki Markup{link:RFC 2247 - Using Domains in

    RFC 2247 - Using Domains in LDAP/X.500 Distinguished NamesRFC 2247 - Using Domains in LDAP/X.500

    Distinguished

    Names

    |

    http://www.faqs.org/rfcs/rfc2247.html

    }{link}

DNS Best Practices

DNS Testing Tool

Useful tool for testing DNS configuration:

Wiki Markup{link:www.dnsreport.comwww.dnsreport.com|http://www.dnsreport.com/}{link}

There are other tools available from the same people, at

Wiki Markup{link:www.dnsstuff.comwww.dnsstuff.com|http://www.dnsstuff.com/}{link}

...

  1. MX - Change MX records from CNAME's to A records. This is supposed to improve lookup speed and MX pointing to CNAME's is an RFC violation.
  2. SOA - Change SOA values to come in line with recommended values, per dnsreports.com.
  3. PTR - Add PTR records for server1.example.com. This is to address an error being generated by AOL and Hotmail, which use reverse lookups on mail servers to weed out spam. Mail on the example.com mailing lists has increasingly been bounced by AOL and Hotmail as spam and header inspection points to lack of PTR record. Setting PTR records at the hosting provider is a relatively new feature, probably added to address this problem.

...

Unit tests for all 6.2.*
Key algorithm 4.3.1 & 4.3.2

Sender Permitted From
  • Wiki Markup{link:Sender Permitted From|

    Sender Permitted FromSender Permitted Fromhttp://spf.pobox.com/

    }{link}

    is a DNS-based method for preventing SMTP spoofing.

Secret Key Transaction Authentication for DNS (TSIG)
  • Wiki Markup{link:RFC 2845|

    RFC 2845RFC 2845http://www.faqs.org/rfcs/rfc2845.html

    }{link}