Use LDAP instead of flat file for zone storage

3 files changed, 99 insertions, 10 deletions

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 754da8ee2..511f8f3ab 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -13,6 +13,7 @@ app_DATA =				\
 	caJarSigningCert.cfg.template	\
 	default-aci.ldif		\
 	default-keytypes.ldif		\
+	dns.ldif			\
 	kerberos.ldif			\
 	indices.ldif			\
 	bind.named.conf.template	\
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index c1d2817e0..a04fc1813 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -1,10 +1,4 @@
 options {
-	/* make named use port 53 for the source of all queries, to allow
-	 * firewalls to block all ports except 53:
-	 */
-	query-source    port 53;
-	query-source-v6 port 53;
-
 	// Put files that named is allowed to write in the data/ directory:
 	directory "/var/named"; // the default
 	dump-file               "data/cache_dump.db";
@@ -34,8 +28,9 @@ zone "." IN {
 
 include "/etc/named.rfc1912.zones";
 
-zone "$DOMAIN" {
-	type master;
-	file "$DOMAIN.zone.db";
+dynamic-db "ipa" {
+	library "ldap.so";
+	arg "uri ldap://$FQDN";
+	arg "base cn=dns, $SUFFIX";
+	arg "auth_method none";
 };
-
diff --git a/install/share/dns.ldif b/install/share/dns.ldif
new file mode 100644
index 000000000..939f80dd2
--- /dev/null
+++ b/install/share/dns.ldif
@@ -0,0 +1,93 @@
+dn: cn=dns,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: dns
+
+dn: idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: idnsZone
+objectClass: idnsRecord
+idnsName: $DOMAIN
+idnsZoneActive: True
+idnsAllowDynUpdate: True
+idnsUpdatePolicy: grant $REALM krb5-self * A;
+idnsSOAmName: $HOST.$DOMAIN.
+idnsSOArName: root.$HOST.$DOMAIN.
+idnsSOAserial: 1
+idnsSOArefresh: 10800
+idnsSOAretry: 900
+idnsSOAexpire: 604800
+idnsSOAminimum: 86400
+NSRecord: $HOST
+
+dn: idnsName=$HOST,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: $HOST
+ARecord: $IP
+
+dn: idnsName=_ldap._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _ldap._tcp
+SRVRecord: 0 100 389 $HOST
+
+dn: idnsName=_kerberos,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kerberos
+TXTRecord: $REALM
+
+dn: idnsName=_kerberos._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kerberos._tcp
+SRVRecord: 0 100 88 $HOST
+
+dn: idnsName=_kerberos._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kerberos._udp
+SRVRecord: 0 100 88 $HOST
+
+dn: idnsName=_kerberos-master._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kerberos-master._tcp
+SRVRecord: 0 100 88 $HOST
+
+dn: idnsName=_kerberos-master._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kerberos-master._udp
+SRVRecord: 0 100 88 $HOST
+
+dn: idnsName=_kpasswd._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kpasswd._tcp
+SRVRecord: 0 100 464 $HOST
+
+dn: idnsName=_kpasswd._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _kpasswd._udp
+SRVRecord: 0 100 464 $HOST
+
+dn: idnsName=_ntp._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: _ntp._udp
+SRVRecord: 0 100 123 $HOST