LogoBrowsing around in the source tree of ISC’s BIND 9.4.1 name server, I notice a directory called dlz/ in the contrib directory. That contains a patch named Bind DLZ, or Dynamically Loadable Zones, a feature richt implementation sponsored by NLnet, that allows data (including new zones!) served by a BIND name server to be modified without reloading or restarting it (something that many people who serve a large amount of zones hate to do because of BIND’s rather long startup time). Bind DLZ supports a number of backends including Berkeley DB, PostgreSQL, MySQL and LDAP, and it doesn’t impose a schema to the LDAP backend; theoretically I can use almost any schema, as long as I observe some rules. Quite interesting is the possibility to limit zone transfers (AXFR) by adding an object to the directory:

dn: dlzrecordid=0,dlzZoneName=mens.de,o=dns
dlzrecordid: 0
objectclass: dlzxfr

Bind DLZ comes with an impressive set of performance tools including a data set with 2,697,736 domains which can be used to test the configuration. I used dnsCSVDataReader.pl to convert those to an LDIF with which I could load my slapd. This config file did the job:

inputfile: dns_data-1.0.csv
writer: binddlz::writers::ldap::file
file: dnsin.ldif
base: o=dns

I was aware of the LDAP SDB back-end patch for BIND 9, which works very well, but that only allows individual zones to be retrieved from an LDAP directory. BIND DLZ looks very interesting indeed.

LDAP, DNS, and Database :: 10 Sep 2007 :: e-mail