# DNS records for zone test.local
dn: idnsName=server, idnsName=test.local, cn=dns, dc=test, dc=local
objectClass: idnsRecord
objectClass: top
idnsName: server
CNAMERecord: test.local.
dn: idnsName=_ldap._tcp, idnsName=test.local, cn=dns, dc=test, dc=local
objectClass: idnsRecord
objectClass: top
idnsName: _ldap._tcp
SRVRecord: 0 100 389 server
EOF
adding new entry "ou=Services,dc=test,dc=local"
adding new entry "ou=dns,ou=Services,dc=test,dc=local"
adding new entry "idnsName=test.local,ou=dns,ou=Services,dc=test,dc=local"
adding new entry "idnsName=_ldap._tcp,idnsName=test.local,ou=dns,ou=Services,dc=test,dc=local"
> Add the following to /etc/bind/named.conf.local
dyndb "test_local_ldap" "/usr/lib/bind/ldap.so" {
uri "ldapi:///";
base "ou=dns,ou=Services,dc=test,dc=local";
auth_method "simple";
bind_dn "uid=admin,dc=test,dc=local";
password "ldappassword";
server_id "server";
};
Verified for Jammy + Kinetic based on https:/ /wiki.debian. org/LDAP/ OpenLDAPSetup# DNS.2FBind9
I've also started on a DEP-8 test based on my testing
# lxc launch images: ubuntu/ {kinetic, jammy} test-bind- dyndb-ldap dyndb-ldap bash
# lxc exec test-bind-
# apt update && apt dist-upgrade -y
# cat <<EOF >/etc/apt/ sources. list.d/ ubuntu- $(lsb_release -cs)-proposed.list archive. ubuntu. com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
# Enable Ubuntu proposed archive
deb http://
EOF
# apt update && apt upgrade -y
# apt install bind9 bind9-dyndb-ldap bind9-dnsutils slapd ldap-utils -y
> Enter new LDAP password
> Update /etc/ldap/ldap.conf to have ldap.test. local
BASE dc=test,dc=local
URI ldap://
# zcat /usr/share/ doc/bind9- dyndb-ldap/ schema. ldif.gz | sed 's/^attributeTy pes:/olcAttribu teTypes: /; es:/olcObjectCl asses:/ ; 6.1.4.1. 2428.20. 0.0/ {/1.3.6. 1.4.1.2428. 20.0.0/ !s/^/#/ }; cn=schema, cn=config\ nobjectClass: olcSchemaConfig
s/^objectClass
1,/1.3.
1idn: cn=dns,
' >> /tmp/dns.schema
# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/dns.schema
adding new entry "cn=dns, cn=schema, cn=config"
ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF 0},cn=config
dn: cn=module{
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
EOF
modifying entry "cn=module{ 0},cn=config"
# ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF syncprov, olcDatabase= {1}mdb, cn=config
dn: olcOverlay=
changeType: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 10
olcSpSessionLog: 100
EOF
adding new entry "olcOverlay= syncprov, olcDatabase= {1}mdb, cn=config"
ldapadd -x -D cn=admin, dc=test, dc=local -W <<EOF
# Top container
dn: cn=dns, dc=test, dc=local
objectClass: nsContainer
objectClass: top
cn: dns
# Zone test.local test.local, cn=dns, dc=test, dc=local test.local
dn: idnsName=
objectClass: top
objectClass: idnsZone
objectClass: idnsRecord
idnsName: test.local
idnsUpdatePolicy: grant TEST.LOCAL krb5-self * A;
idnsZoneActive: TRUE
idnsSOAmName: server.test.local
idnsSOArName: root.server.
idnsSOAserial: 1
idnsSOArefresh: 10800
idnsSOAretry: 900
idnsSOAexpire: 604800
idnsSOAminimum: 86400
NSRecord: test.local.
ARecord: 127.0.0.1
# DNS records for zone test.local test.local, cn=dns, dc=test, dc=local
dn: idnsName=server, idnsName=
objectClass: idnsRecord
objectClass: top
idnsName: server
CNAMERecord: test.local.
dn: idnsName= _ldap._ tcp, idnsName= test.local, cn=dns, dc=test, dc=local
objectClass: idnsRecord
objectClass: top
idnsName: _ldap._tcp
SRVRecord: 0 100 389 server
EOF
adding new entry "ou=Services, dc=test, dc=local"
adding new entry "ou=dns, ou=Services, dc=test, dc=local"
adding new entry "idnsName= test.local, ou=dns, ou=Services, dc=test, dc=local"
adding new entry "idnsName= _ldap._ tcp,idnsName= test.local, ou=dns, ou=Services, dc=test, dc=local"
> Add the following to /etc/bind/ named.conf. local
dyndb "test_local_ldap" "/usr/lib/ bind/ldap. so" { ou=Services, dc=test, dc=local" ; dc=test, dc=local" ;
uri "ldapi:///";
base "ou=dns,
auth_method "simple";
bind_dn "uid=admin,
password "ldappassword";
server_id "server";
};
# systemctl restart bind9
# dig test.local. @localhost +short
127.0.0.1