Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


DRAFT: OpenLDAP backend for DNS

Overview

As we explore extending ClearOS so that it is a fully capable office server, consideration of the name services and creating authoritative name records across the enterprise. This may seem like an advanced feature and undoubtedly will not be that useful for home users. The advantage for home and business users of single servers is that when it comes time for migration to new hardware, the new server can be set up along side the old one and configuration of LDAP can be replicated. For DNS on LDAP this means that all DNS entries are preserved.

Advantages

For multisite organizations, and LDAP backend means that we can have a single authoritative resource for Naming Service data. This reduces double entry between site, and preserves consistency.

Disadvantages

BIND with LDAP as a backend cannot make use of caching algorithms at this point in time. This means that DNS queries resolved by the LDAP backend must be queried to LDAP. This could cause performance issues. During the development process we will look at ways to optimize this issue.

Installation Proceedure

Disable DNSmasq

ClearOS 5.1 uses DNSmasq for DHCP and DNS. We need to disable DNSmasq.

This code is intended for experimental purposes and is not recommended for production environments.

Set the existing authoritation level of DNSmasq to disabled in Webconfig. Stop the DHCP service. From command line run the following:

service dnsmasq stop
chkconfig --levels 2345 dnsmasq off
chkconfig --list dnsmasq

The service should indicate that it is stopped and the result from the chkconfig should look like this:

dnsmasq         0:off   1:off   2:off   3:off   4:off   5:off   6:off

Install ISC BIND and DHCPd

To install BIND and DHCP run the following:

yum -y install bind dhcp

Running BIND and DHCPd

BIND

BIND installs without a configuration file and without the root.hints file. You can copy the ones it installs as samples by running the following:

cp -r /usr/share/doc/bind-9.3.6/sample/etc/* /etc/
cp -r /usr/share/doc/bind-9.3.6/sample/var/named/* /var/named/

You also need to generate a Dynamic DNS key and place it within /etc/named.conf. Use the following:

mv -f /etc/named.conf /etc/named.conf~
ccdhcpvar="$(/usr/sbin/dns-keygen)"
sed 's/use \/usr\/sbin\/dns-keygen to generate TSIG keys/'"$ccdhcpvar"'/' /etc/named.conf~ > /etc/named.conf
unset ccdhcpvar

To start BIND, run the following:

service named start
DHCPd

The default dhcpd.conf file contains no data. For now copy the sample file and test that dhcpd can be started:

mv -f /etc/dhcpd.conf /etc/dhcpd.conf~
cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf

To start DHCPd, run the following:

service dhcpd start
content/en_us/dev_apps_ldap_dns.txt · Last modified: 2014/12/23 13:16 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Adev_apps_ldap_dns&1710826351