BIND 9 et DLZ LDAP
De Diablotins.org.
| Installation du patch DLZ pour Bind 9.3 avec Support LDAP
|
| ||
| Remarque : Il vous faut un serveur LDAP en état de marche pour continuer à mettre en œuvre cette documentations.
|
Sommaire |
Installation
On passe par le port, et on va compiler notre version avec précision :
$ su -
ou
$ sudo zsh
# cd /usr/ports/dns/bind9-dlz # make install clean
Voici les options à cocher :
[X] OpenSSL OpenSSL support [X] Threads Thread support [X] OpenLDAP22 OpenLDAP 2.2 backend x x
Initialisation
On part du postulat que vous n'avez jamais lancé Bind n'y configuré quoi que ce soit :
# cd /etc/namedb # sh ./make-localhost
Configuration de base de BIND 9
/etc/named.conf
On met en place une configuration de BIND quasi standard, avec "Control Channel" et "Logging faicilities", forwarder sur un DNS publique quelconque.
Remarque : Ici, /etc/namedb/ est le lien symbolique crée par la distribution FreBSD vers /var/named/etc/namedb/.
# vi /etc/namedb/named.conf
options {
directory "/etc/namedb";
forwarders {
<IP_CACHE_PUBLIQUE>;
};
query-source address * port 53;
dump-file "s/named_dump.db";
auth-nxdomain no;
allow-transfer { 127.0.0.1; <IP_MASTER>; <IP_SLAVE>; };
notify yes;
listen-on port 53 { 127.0.0.1; <IP_MASTER>; };
};
logging {
category "unmatched" { "null"; };
category "default" { "default_syslog"; "default_debug"; };
category "queries" { "default_syslog"; };
category "update" { "default_syslog"; };
category "security" { "default_syslog"; };
category "general" { "default_syslog"; };
category "client" { "default_syslog"; };
category "dispatch" { "default_syslog"; };
category "database" { "default_syslog"; };
category "config" { "default_syslog"; };
category "resolver" { "default_syslog"; };
category "notify" { "default_syslog"; };
category "network" { "default_syslog"; };
category "dnssec" { "default_syslog"; };
category "xfer-out" { "default_syslog"; };
# category "xfer_in" { "default_syslog"; };
};
Zone "." {
Type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
type master;
file "localhost-v6.rev";
};
key "key" {
algorithm hmac-md5;
secret "<HMAC_MD5_KEY>";
};
controls {
inet <IP_MASTER> port 953
allow { 127.0.0.1;
<IP_MASTER>;
<IP_SLAVE>;
} keys { "key"; };
};
On remplacera :
# vi /etc/namedb/named.conf -- :%s/<IP_MASTER>/ip du serveur maitre (lui même)/g :%s/<IP_SLAVE>/ip du serveur secondaire/g :%s/<HMAC_MD5_KEY>/hashage MD5/g :%s/<IP_CACHE_PUBLIQUE>/ip du serveur cache publique/g
/etc/rc.conf
On ajoute les lignes suivantes au fichier /etc/rc.conf:
# vi /etc/rc.conf -- # Bind named server in Chroot and Sandbox WITH DLZ named_enable="YES" named_program="/usr/local/sbin/named" named_flags="-u bind -c /etc/namedb/named.conf" named_pidfile="/var/run/named/pid" named_chrootdir="/var/named" named_chroot_autoupdate="YES" named_symlink_enable="YES"
Ainsi on lance la version de BIND 9 des ports avec un environnement de chroot identique à la version "distribution".
/etc/namedb/rndc.key
On crée le fichier de clef pour rndc
# vi /etc/namedb.key
--
key "rndc-key" {
algorithm hmac-md5;
secret "<HMAC_MD5_KEY>";
}
On remplace :
# vi /etc/namedb/rndc.key -- :%s/<HMAC_MD5_KEY>/hashage MD5 identique au named.conf/g
/etc/namedb/rndc.conf
On crée le fichier de configuration de rndc :
options {
default-server <IP_MASTER>;
default-key "key";
};
server <IP_MASTER> {
key "key";
};
key "key" {
algorithm hmac-md5;
secret "<HMAC_MD5_KEY>";
};
On remplace :
# vi /etc/namedb/rndc.key -- :%s/<HMAC_MD5_KEY>/hashage MD5 identique au named.conf/g :%s/<IP_MASTER>/Ip du Serveur DNS MASTER (lui-même)/g
Configuration DLZ de BIND
On ajoute les lignes suivantes dans la configuration de BIND 9 :
dlz "ldap zone" {
database "ldap 1 v3 simple {<LDAP_ROOT>} {<SECRET>} 127.0.0.1
ldap:///DNSZoneName=%zone%,ou=dns,<BASE_DN>???objectclass=DNSZone
ldap:///DNSHostName=%record%,DNSZoneName=%zone%,ou=dns,<BASE_DN>?DNSTTL,DNSType,DNSPreference,
DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefresh,DNSRetry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord
{}
ldap:///DNSZoneName=%zone%,ou=dns,<BASE_DN>?DNSTTL,DNSType,DNSHostName,DNSPreference,DNSData,DNSIPAddr,
DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefresh,DNSRetry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord
ldap:///DNSZoneName=%zone%,ou=dns,<BASE_DN>??sub?(&(objectclass=DNSXFR)(DNSIPAddr=%client%))";
};
On remplace :
# vi /etc/namedb/named.conf -- :%s/<LDAP_ROOT>/Distinguish name du root LDAP (ex; cn=root,dc=domain,dc=tld)/g :%s/<SECRET>/mot de passe du root LDAP/g :%s/<BASE_DN>/Base dinstiguish name (ex; dc=domain,dc=tld)/g
Si vous utilisez une version 2.3.30-rc2 ou supérieure de OpenLDAP, la lecture fichier de configuration peut échouer sur cette erreur:
Aug 31 14:53:16 lab1 named[3215]: parsing allow zone transfer query failed
En fait, le caractère "%" ( i.e.: ldap:///DNSZoneName=%zone% )dans les URL LDAP est traité selon la RFC3986. Je recommande le patch suivant qui utilise le caractère "$" plutôt que "%". Ce patch appliqué, modifiez name.conf ainsi:
ldap:///DNSZoneName=$zone$,ou=dns,<BASE_DN>???objectclass=DNSZone
ldap:///DNSHostName=$record$,DNSZoneName=$zone$,ou=dns,<BASE_DN>?DNSTTL,DNSType,DNSPreference,DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefresh,DNSRetry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord
{}
ldap:///DNSZoneName=$zone$,ou=dns,<BASE_DN>?DNSTTL,DNSType,DNSHostName,DNSPreference,DNSData,DNSIPAddr,DNSPrimaryNS,DNSAdminEmail,DNSSerial,DNSRefresh,DNSRetry,DNSExpire,DNSMinimum?sub?objectclass=DNSAbstractRecord
ldap:///DNSZoneName=$zone$,ou=dns,<BASE_DN>??sub?(&(objectclass=DNSXFR)(DNSIPAddr=$client$))";
Configuration DLZ de OpenLDAP
Organigramme du schéma LDAP
Edition du Schema pour OpenLDAP
On édite le fichier de schéma de OpenLDAP suivant :
# vi /usr/local/etc/openldap/shemas/dlz.schema
--
# DLZ schema definition for Openldap
# Romain GEORGES variation from DLZ project Schema
objectidentifier dlz 1.3.6.1.4.1.18420
###############################################################################
# Attribute Type Definitions #
# #
# 1.1 DLZ Attributs #
###############################################################################
# 1.1.10 DNSZoneName
# 1.1.20 DNSHostName
# 1.1.30 DNSData
# 1.1.40 DNSType
# 1.1.50 DNSSerial
# 1.1.60 DNSRefresh
# 1.1.70 DNSRetry
# 1.1.80 DNSExpire
# 1.1.90 DNSMinimum
# 1.1.100 DNSAdminEmail
# 1.1.110 DNSPrimaryNS
# 1.1.120 DNSIPAddr
# 1.1.130 DNSCName
# 1.1.140 DNSPreference
# 1.1.150 DNSTTL
# 1.1.160 DNSRecord
attributetype ( dlz:1.1.10
NAME 'DNSZoneName'
DESC 'DNS zone name - domain name not including host name'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.20
NAME 'DNSHostName'
DESC 'Host portion of a domain name'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.30
NAME 'DNSData'
DESC 'Data for the resource record'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.40
NAME 'DNSType'
DESC 'DNS record type - A, SOA, NS, MX, etc...'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.50
NAME 'DNSSerial'
DESC 'SOA record serial number'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.60
NAME 'DNSRefresh'
DESC 'SOA record refresh time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.70
NAME 'DNSRetry'
DESC 'SOA retry time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.80
NAME 'DNSExpire'
DESC 'SOA expire time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.90
NAME 'DNSMinimum'
DESC 'SOA minimum time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.100
NAME 'DNSAdminEmail'
DESC 'E-mail address of person responsible for this zone - @ should be replaced with . (period)'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.110
NAME 'DNSPrimaryNS'
DESC 'Primary name server for this zone - should be host name not IP address'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.120
NAME 'DNSIPAddr'
DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xx\
xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40}
SINGLE-VALUE )
attributetype ( dlz:1.1.130
NAME 'DNSCName'
DESC 'DNS cname'
SUP name
SINGLE-VALUE )
attributetype ( dlz:1.1.140
NAME 'DNSPreference'
DESC 'DNS MX record preference. Lower numbers have higher preference'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.150
NAME 'DNSTTL'
DESC 'DNS time to live - how long this record can be cached by caching DNS servers'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( dlz:1.1.160
NAME 'DNSRecord'
DESC 'DNS Record identifier'
SUP name
SINGLE-VALUE )
###############################################################################
# Object class Definitions #
# #
# 1.2 DLZ Classes #
###############################################################################
# 1.2.10 DNSZone
# 1.2.20 DNSHost
# 1.2.30 DNSAbstractRecord
# 1.2.40 DNSGenericRecord
# 1.2.50 DNSARecord
# 1.2.60 DNSNSRecord
# 1.2.70 DNSMXRecord
# 1.2.80 DNSSOARecord
# 1.2.90 DNSTEXTRecord
# 1.2.100 DNSPTRRecord
# 1.2.110 DNSCNAMERecord
# 1.2.120 DNSXFR
objectclass ( dlz:1.2.10
NAME 'DNSZone'
DESC 'Zone name portion of a domain name'
SUP top STRUCTURAL
MUST ( objectclass $ DNSZoneName ) )
objectclass ( dlz:1.2.20
NAME 'DNSHost'
DESC 'Host definition node'
SUP top STRUCTURAL
MUST ( objectclass $ DNSHostName ) )
objectclass ( dlz:1.2.30
NAME 'DNSAbstractRecord'
DESC 'Data common to all DNS record types'
SUP top ABSTRACT
MUST ( objectclass $ DNSHostName $ DNSType $ DNSTTL $ DNSRecord ) )
objectclass ( dlz:1.2.40
NAME 'DNSGenericRecord'
DESC 'Generic DNS record - useful when a specific object class has not been defined for a DNS record'
SUP DNSAbstractRecord STRUCTURAL
MUST ( DNSData ) )
objectclass ( dlz:1.2.50
NAME 'DNSARecord'
DESC 'DNS A record'
SUP DNSAbstractrecord STRUCTURAL
MUST ( DNSIPAddr ) )
objectclass ( dlz:1.2.60
NAME 'DNSNSRecord'
DESC 'DNS NS record'
SUP DNSGenericRecord STRUCTURAL )
objectclass ( dlz:1.2.70
NAME 'DNSMXRecord'
DESC 'DNS MX record'
SUP DNSGenericRecord STRUCTURAL
MUST ( DNSPreference ) )
objectclass ( dlz:1.2.80
NAME 'DNSSOARecord'
DESC 'DNS SOA record'
SUP DNSAbstractRecord STRUCTURAL
MUST ( DNSSerial $ DNSRefresh $ DNSRetry
$ DNSExpire $ DNSMinimum $ DNSAdminEmail $ DNSPrimaryNS ) )
objectclass ( dlz:1.2.90
NAME 'DNSTEXTRecord'
DESC 'Text data with spaces should be wrapped in double quotes'
SUP DNSGenericRecord STRUCTURAL )
objectclass ( dlz:1.2.100
NAME 'DNSPTRRecord'
DESC 'DNS PTR record'
SUP DNSGenericRecord STRUCTURAL )
objectclass ( dlz:1.2.110
NAME 'DNSCNAMERecord'
DESC 'DNS CName record'
SUP DNSGenericRecord STRUCTURAL )
objectclass ( dlz:1.2.120
NAME 'DNSXFR'
DESC 'Host allowed to perform zone transfer'
SUP top STRUCTURAL
MUST ( objectclass $ DNSIPAddr $ DNSRecord ) )
Configuration de OpenLDAP pour DLZ
On edite le fichier de conf de OpenLDAP du type :
# vi /usr/local/etc/openldap/slapd.conf
--
# Config SLapd for DLZ BIND server
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/dlz.schema
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb
# moduleload back_ldap
# moduleload back_ldbm
# moduleload back_passwd
# moduleload back_shell
#loglevel 0
database ldbm
suffix "<BASE_DN>"
rootdn "<ROOT_DN>"
rootpw <SECRET>
directory /var/db/openldap-data
# Indexing
index objectClass eq
cachesize 2000
# ACL's
access to attrs=userPassword
by dn="<ROOT_DN>" write
by anonymous auth
by self write
by * none
access to *
by dn="<ROOT_DN>" write
by self write
by * read
On remplace
# vi /usr/local/etc/openldap/slapd.conf -- :%s/<ROOT_DN>/Distinguish name du root LDAP (ex; cn=root,dc=domain,dc=tld)/g :%s/<SECRET>/mot de passe du root LDAP/g :%s/<BASE_DN>/Base dinstiguish name (ex; dc=domain,dc=tld)/g
Démarrage du DNS
On va redémarrer le serveur :
# /usr/local/etc/rc.d/slapd.sh restart # /etc/rc.d/named restart # tail -f /var/log/messages (vérification)
Insertion des zones dans le DNS
Voici un LDIF de zones template :
# Zone LDIF for domaine.tld dn: DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSZone DNSZoneName: domaine.tld # @ container for domaine.tld dn: DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: @ # SOA Record for domaine.tld dn: DNSRecord=SOA,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSSOARecord DNSHostName: @ DNSRecord: SOA DNSType: soa DNSSerial: 2006042401 DNSRefresh: 2800 DNSRetry: 7200 DNSExpire: 604800 DNSMinimum: 86400 DNSAdminEmail: root.domaine.tld. DNSPrimaryns: ns.domaine.tld. DNSTTL: 10 # NS Record for domaine.tld dn: DNSRecord=NS0,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSNSRecord DNSRecord: NS0 DNSHostName: @ DNSType: ns DNSData: ns.dns_domaine.tld. DNSTTL: 10 # NS Record for domaine.tld dn: DNSRecord=NS1,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSNSRecord DNSRecord: NS1 DNSHostName: @ DNSType: ns DNSData: ns2.dns_domaine.tld. DNSTTL: 10 # MX Record for domaine.tld dn: DNSRecord=MX0,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSMXRecord DNSRecord: MX0 DNSHostName: @ DNSType: mx DNSData: . DNSPreference: DNSTTL: 10 # MX Record for domaine.tld dn: DNSRecord=MX1,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSMXRecord DNSRecord: MX1 DNSHostName: @ DNSType: mx DNSData: . DNSPreference: DNSTTL: 10 # A Record for @ dn: DNSRecord=A,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSARecord DNSRecord: A DNSHostName: @ DNSType: a DNSIPAddr: 192.168.1.1 DNSTTL: 10 # TXT Record for domaine.tld dn: DNSRecord=TXT0,DNSHostName=@,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSTEXTRecord DNSRecord: TXT0 DNSHostName: @ DNSType: TXT DNSData: "v=spf1 include:aspmx.googlemail.com ~all" DNSTTL: 10 # Host hostname container for domaine.tld dn: DNSHostName=hostname,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: hostname # A Record for hostname dn: DNSRecord=A,DNSHostName=hostname,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSARecord DNSRecord: A DNSHostName: hostname DNSType: a DNSIPAddr: 192.168.1.1 DNSTTL: 10 # Host mx container for domaine.tld dn: DNSHostName=mx,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: mx # A Record for mx dn: DNSRecord=A,DNSHostName=mx,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSARecord DNSRecord: A DNSHostName: mx DNSType: a DNSIPAddr: 192.168.1.1 DNSTTL: 10 # Host www container for domaine.tld dn: DNSHostName=www,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: www # CNAME Record for www dn: DNSRecord=CNAME,DNSHostName=www,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSCNAMERecord DNSRecord: CNAME DNSHostName: www DNSType: cname DNSData: hostname DNSTTL: 10 # Host ftp container for domaine.tld dn: DNSHostName=ftp,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: ftp # CNAME Record for ftp dn: DNSRecord=CNAME,DNSHostName=ftp,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSCNAMERecord DNSRecord: CNAME# Host ssh container for domaine.tld dn: DNSHostName=ssh,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: ssh # CNAME Record for ssh dn: DNSRecord=CNAME,DNSHostName=ssh,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSCNAMERecord DNSRecord: CNAME DNSHostName: ssh DNSType: cname DNSData: hostname DNSTTL: 10 # Host mail container for domaine.tld dn: DNSHostName=mail,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: mail # CNAME Record for mail dn: DNSRecord=CNAME,DNSHostName=mail,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSCNAMERecord DNSRecord: CNAME DNSHostName: mail DNSType: cname DNSData: hostname DNSTTL: 10 # Host mail container for domaine.tld dn: DNSHostName=mail,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: mail # CNAME Record for mail dn: DNSRecord=CNAME,DNSHostName=mail,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSCNAMERecord DNSRecord: CNAME DNSHostName: mail DNSType: cname DNSData: hostname DNSTTL: 10 # Host mail container for domaine.tld dn: DNSHostName=mail,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: mail # CNAME Record for mail dn: DNSRecord=CNAME,DNSHostName=mail,DNSZoneName=domaine.tld,ou=dns,dc=domaine,dc=tld objectclass: DNSCNAMERecord DNSRecord: CNAME DNSHostName: mail DNSType: cname DNSData: hostname DNSTTL: 10 DNSHostName: ftp DNSType: cname DNSData: hostname DNSTTL: 10
Script de Création de Fichier LDIF de Zone DNS en RUBY
voici le script en question :
def return_serial month = Time.now.month month = "0#{month}" if Time.now.month.to_s.size == 1 day= Time.now.day day = "0#{day}" if Time.now.day.to_s.size == 1 year = Time.now.year return "#{year}#{month}#{day}01" end class Zone attr_accessor :domain attr_accessor :serial attr_accessor :ttl attr_accessor :refresh attr_accessor :retry attr_accessor :expire attr_accessor :minimum attr_accessor :adminmail attr_accessor :primaryns attr_accessor :dn attr_accessor :ns attr_accessor :mx attr_accessor :cname attr_accessor :ptr attr_accessor :a def initialize(_domain="domain.tld",_serial=return_serial,_dn='ou=dns,dc=domaine,dc=tld',_ttl=10,_refresh=280\ 0,_retry=7200,_expire=604800,_minimum=86400,_adminmail='root.domaine.tld',_primaryns='ns.domaine.tld') @domain = _domain @serial = _serial @ttl = _ttl @refresh = _refresh @retry = _retry @expire = _expire @minimum = _minimum @adminmail = _adminmail @primaryns = _primaryns @dn= _dn @cname = Array::new @a = Array::new @mx = Array::new @ns = Array::new @ptr = Array::new end def get_ldif result = String::new("") result = "# Zone LDIF for #{self.domain}\n" result << "dn: DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSZone\n" result << "DNSZoneName: #{self.domain}\n" result << "\n" result << "# @ container for #{self.domain}\n" result << "dn: DNSHostName=@,DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSHost\n" result << "DNSHostName: @\n" result << "\n" result << "# SOA Record for #{self.domain}\n" result << "dn: DNSRecord=SOA,DNSHostName=@,DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSSOARecord\n" result << "DNSHostName: @\n" result << "DNSRecord: SOA\n" result << "DNSType: soa\n" result << "DNSSerial: #{self.serial}\n" result << "DNSRefresh: #{self.refresh}\n" result << "DNSRetry: #{self.retry}\n" result << "DNSExpire: #{self.expire}\n" result << "DNSMinimum: #{self.minimum}\n" result << "DNSAdminEmail: #{self.adminmail}.\n" result << "DNSPrimaryns: #{self.primaryns}.\n" result << "DNSTTL: #{self.ttl}\n" result << "\n" ns.each_index do |index| record = ns[index] result << "# NS Record for #{self.domain}\n" result << "dn: DNSRecord=NS#{index},DNSHostName=@,DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSNSRecord\n" result << "DNSRecord: NS#{index}\n" result << "DNSHostName: @\n" result << "DNSType: ns\n" result << "DNSData: #{record['nameserver']}.\n" result << "DNSTTL: #{record['TTL']}\n" result << "\n" end mx.each_index do |index| record = mx[index] result << "# MX Record for #{self.domain}\n" result << "dn: DNSRecord=MX#{index},DNSHostName=@,DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSMXRecord\n" result << "DNSRecord: MX#{index}\n" result << "DNSHostName: @\n" result << "DNSType: mx\n" result << "DNSData: #{record['mxserver']}.\n" result << "DNSPreference: #{record['pref']}\n" result << "DNSTTL: #{record['TTL']}\n" result << "\n" end a.each do |record| if record['hostname'] != '@' then result << "# Host #{record['hostname']} container for #{self.domain}\n" result << "dn: DNSHostName=#{record['hostname']},DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSHost\n" result << "DNSHostName: #{record['hostname']}\n" result << "\n" end result << "# A Record for #{record['hostname']}\n" result << "dn: DNSRecord=A,DNSHostName=#{record['hostname']},DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSARecord\n" result << "DNSRecord: A\n" result << "DNSHostName: #{record['hostname']}\n" result << "DNSType: a\n" result << "DNSIPAddr: #{record['IP']}\n" result << "DNSTTL: #{record['TTL']}\n" result << "\n" end cname.each do |record| if record['hostname'] != '@' then result << "# Host #{record['hostname']} container for #{self.domain}\n" result << "dn: DNSHostName=#{record['hostname']},DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSHost\n" result << "DNSHostName: #{record['hostname']}\n" result << "\n" end result << "# CNAME Record for #{record['hostname']}\n" result << "dn: DNSRecord=CNAME,DNSHostName=#{record['hostname']},DNSZoneName=#{self.domain},#{self.dn}\n" result << "objectclass: DNSCNAMERecord\n" result << "DNSRecord: CNAME\n" result << "DNSHostName: #{record['hostname']}\n" result << "DNSType: cname\n" result << "DNSData: #{record['cible']}\n" result << "DNSTTL: #{record['TTL']}\n" result << "\n" end return result end def parse_file end end toto = Zone::new toto.domain = "domaine.tld" toto.ns.push({ "TTL" => 10, "nameserver" => "ns.dns_domaine.tld" }) toto.ns.push({ "TTL" => 10, "nameserver" => "ns2.dns_domaine.tld" }) toto.mx.push({ "TTL" => 10, "nameserver" => "mx1.dns_domaine.tld" }) toto.mx.push({ "TTL" => 10, "nameserver" => "mx2.dns_domaine.tld" }) toto.a.push({ "TTL" => 10, "hostname" => "@", "IP" => "192.168.1.1" }) toto.a.push({ "TTL" => 10, "hostname" => "hostname", "IP" => "192.168.1.1" }) toto.a.push({ "TTL" => 10, "hostname" => "mx", "IP" => "192.168.1.1" }) toto.cname.push({ "TTL" => 10, "hostname" => "www", "cible" => "hostname" }) toto.cname.push({ "TTL" => 10, "hostname" => "ftp", "cible" => "hostname" }) toto.cname.push({ "TTL" => 10, "hostname" => "ssh", "cible" => "hostname" }) toto.cname.push({ "TTL" => 10, "hostname" => "mail", "cible" => "hostname" }) toto.cname.push({ "TTL" => 10, "hostname" => "mail", "cible" => "hostname" }) puts toto.get_ldif
Le LDIF précédant est fait avec le script suivant.
Exemple de Reverse LDAP ldif
Je n'ai pas trouvé d'exemple à ce sujet, je vous propose donc celui-ci que j'ai constitué.
Il est peut-être incorrect, mais cela fonctionne.
dn: DNSZoneName=1.168.192.in-addr.arpa,ou=dns,dc=domaine,dc=tld objectclass: DNSZone DNSZoneName: 1.168.192.in-addr.arpa dn: DNSHostName=@,DNSZoneName=1.168.192.in-addr.arpa,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: @ # SOA Record for domaine.tld dn: DNSRecord=SOA,DNSHostName=@,DNSZoneName=1.168.192.in-addr.arpa,ou=dns,dc=domaine,dc=tld objectclass: DNSSOARecord DNSHostName: @ DNSRecord: SOA DNSType: soa DNSSerial: 2006042401 DNSRefresh: 2800 DNSRetry: 7200 DNSExpire: 604800 DNSMinimum: 86400 DNSAdminEmail: root.domaine.tld. DNSPrimaryns: ns.domaine.tld. DNSTTL: 10 dn: DNSRecord=NS0,DNSHostName=@,DNSZoneName=1.168.192.in-addr.arpa,ou=dns,dc=domaine,dc=tld objectclass: DNSNSRecord DNSRecord: NS0 DNSHostName: @ DNSType: ns DNSData: ns.dns_domaine.tld. DNSTTL: 10 dn: DNSHostName=1,DNSZoneName=1.168.192.in-addr.arpa,ou=dns,dc=domaine,dc=tld objectclass: DNSHost DNSHostName: 1 dn: DNSRecord=PTR,DNSHostName=1,DNSZoneName=1.168.192.in-addr.arpa,ou=dns,dc=domaine,dc=tld objectclass: DNSPTRRecord DNSRecord: PTR DNSHostName: 1 DNSData: domaine.tld. DNSType: PTR DNSTTL: 10
