dn: cn=dns,$SUFFIX
changetype: add
objectClass: nsContainer
objectClass: top
cn: dns
aci: (targetfilter = "(objectClass=idnsRecord)")(targetattr != "aci")(version 3.0; acl "DNS Servers Updates"; allow (add,write,delete) groupdn = "ldap:///cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX";)

dn: idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: top
objectClass: idnsZone
objectClass: idnsRecord
idnsName: $DOMAIN
idnsZoneActive: TRUE
idnsAllowDynUpdate: TRUE
idnsUpdatePolicy: grant $REALM krb5-self * A;
idnsSOAmName: $FQDN.
idnsSOArName: root.$FQDN.
idnsSOAserial: 1
idnsSOArefresh: 10800
idnsSOAretry: 900
idnsSOAexpire: 604800
idnsSOAminimum: 86400
NSRecord: $HOST

dn: idnsName=$HOST,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: $HOST
ARecord: $IP

dn: idnsName=_ldap._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _ldap._tcp
SRVRecord: 0 100 389 $HOST

dn: idnsName=_kerberos,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kerberos
TXTRecord: $REALM

dn: idnsName=_kerberos._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kerberos._tcp
SRVRecord: 0 100 88 $HOST

dn: idnsName=_kerberos._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kerberos._udp
SRVRecord: 0 100 88 $HOST

dn: idnsName=_kerberos-master._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kerberos-master._tcp
SRVRecord: 0 100 88 $HOST

dn: idnsName=_kerberos-master._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kerberos-master._udp
SRVRecord: 0 100 88 $HOST

dn: idnsName=_kpasswd._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kpasswd._tcp
SRVRecord: 0 100 464 $HOST

dn: idnsName=_kpasswd._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _kpasswd._udp
SRVRecord: 0 100 464 $HOST

dn: idnsName=_ntp._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
changetype: add
objectClass: idnsRecord
objectClass: top
idnsName: _ntp._udp
SRVRecord: 0 100 123 $HOST