DRAFT: OpenLDAP backend for DNS
Overview
As we explore extending ClearOS so that it is a fully capable office server, consideration of the name services and creating authoritative name records across the enterprise. This may seem like an advanced feature and undoubtedly will not be that useful for home users. The advantage for home and business users of single servers is that when it comes time for migration to new hardware, the new server can be set up along side the old one and configuration of LDAP can be replicated. For DNS on LDAP this means that all DNS entries are preserved.
Advantages
For multisite organizations, and LDAP backend means that we can have a single authoritative resource for Naming Service data. This reduces double entry between site, and preserves consistency.
Disadvantages
BIND with LDAP as a backend cannot make use of caching algorithms at this point in time. This means that DNS queries resolved by the LDAP backend must be queried to LDAP. This could cause performance issues. During the development process we will look at ways to optimize this issue.
Installation Proceedure
Disable DNSmasq
ClearOS 5.1 uses DNSmasq for DHCP and DNS. We need to disable DNSmasq.
Set the existing authoritation level of DNSmasq to disabled in Webconfig. Stop the DHCP service. From command line run the following:
service dnsmasq stop chkconfig --levels 2345 dnsmasq off chkconfig --list dnsmasq
The service should indicate that it is stopped and the result from the chkconfig should look like this:
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Install ISC BIND and DHCPd
To install BIND and DHCP run the following:
yum -y install bind dhcp
Running BIND and DHCPd
BIND
BIND installs without a configuration file and without the root.hints file. You can copy the ones it installs as samples by running the following:
cp -r /usr/share/doc/bind-9.3.6/sample/etc/* /etc/ cp -r /usr/share/doc/bind-9.3.6/sample/var/named/* /var/named/
You also need to generate a Dynamic DNS key and place it within /etc/named.conf. Use the following:
mv -f /etc/named.conf /etc/named.conf~ ccdhcpvar="$(/usr/sbin/dns-keygen)" sed 's/use \/usr\/sbin\/dns-keygen to generate TSIG keys/'"$ccdhcpvar"'/' /etc/named.conf~ > /etc/named.conf unset ccdhcpvar
To start BIND, run the following:
service named start
DHCPd
The default dhcpd.conf file contains no data. For now copy the sample file and test that dhcpd can be started:
mv -f /etc/dhcpd.conf /etc/dhcpd.conf~ cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
To start DHCPd, run the following:
service dhcpd start