To configure LDAPDNS, you will need some kind of LDAP browser, or my administration scripts. See README.admin for details on those. This document describes the real deal :) ldapdns supports _THREE_ different schemas. If you're using Microsoft Active Directory, or BIND+LDAP, then this document will not help you. I'm afraid I haven't written much documentation on these things yet, but by poking around the FAQ, you may be able to get them working. ldapdns DOES SUPPORT AXFR: see INSTALL or README for details about it. ldapdns looks up DNS records in an LDAP directory. domains and zones are split onto a string of domainComponent (dc) objects, and use attributes to resource records on a dnsDomain object. ldapdns walks the tree up and down, first up to find SOA/NS records (it won't serve a request unless it's found an SOA/NS record somewhere in a domain's rootsor in the domain itself; e.g. www.nimh.org doesn't require an SOA/NS if nimh.org has one) the second pass is to find wildcards: dc=www, dc=nimh, dc=org, [suffix] dc=*, dc=nimh, dc=org, [suffix] dc=*, dc=org, [suffix] note that ldapdns NEVER recursively resolves; it ONLY operates as a root server. this will likely never change. resource records (RR) are mapped to LDAP attributes: SOA -- sOARecord NS -- nSRecord A -- aRecord MX -- mXRecord CNAME -- cNAMERecord TXT -- description PTR -- cNAMERecord or seeAlso * -- photo all "domain names" in fields must be fully qualified: you may leave off the trailing dot. If you don't like this, search the FAQ for "RELATIVE_NAMES" aRecord this can be in one of the following forms: a.b.c.d a.b.c.d%ID A.B.C.D/CIDR=a.b.c.d A.B.C.D/E.F.G.H=a.b.c.d the last three forms are for implementing "split-horizon" DNS, and can be useful if you want to serve a different address based on the connecting client. "split-horizon" has not yet been well documented. see the FAQ for more details. sOARecord this is 5 numbers seperated by whitespace. serial refresh retry expire minimum the defaults are: nnn 3600 900 36000000 3600 where 'nnn' is the last-modified time of the DN. this attribute has side-effects: If you start this with an asterisk, this field will disable the entire zone. note that under LDAPDNS you DO NOT NEED sOAReocrds! they can be emulated- but note you WILL need nSRecords.... nSRecord this is a domain name. it can also be a single @ which allows you to use the domains specified in the environment variables $NS and $NSx (NS1, NS2, etc) this specifies where a zone is. if you create an nSRecord without ANY OTHER RECORDS, LDAPDNS will treat this as a referral, and refer caching DNS proxies to the real server. (clearing the AD bit) mXRecord this is a preference, followed by whitespace, followed by a name. this works exactly like "real MX records" LDAPDNS will attempt to resolve these names if they are local, placing the results in the ADDITIONAL section. This is useful for caches. cNAMERecord this is a domain name. in the in-addr.arpa. tree, these return PTR records _unless_ the target is outside of the directory OR retargets the in-addr.arpa. tree, in which case it returns CNAME records. otherwise, it returns CNAME records. LDAPDNS will attempt to resolve these names if they are local, placing the results in the ADDITIONAL section. This is useful for caches. description this is a free-form text string. a hack splits this on the pipe(|) character. this is useful for returning multiple TXT names. photo this is a "catch all" record. it is always in binary. the exact format lends itself to being compressed in DNS packets: 0x00-0xFE literal octet 0xFF 0xFF literal 0xFF octet 0xFF DNS-compressed name (will be recompressed to safe space) follows this helps save space and reduce the need for TCP connections. this allows LDAPDNS to support _all_ RR's as efficiently as any other nameserver -- better still than some.