Review request: DNS server implementation

Kai Blin kai at
Tue Oct 12 07:35:35 MDT 2010

On 2010-10-12 15:18, Adam Tauno Williams wrote:
>> 10) Adding a BIND ldb plugin is possible, but so far there's no way a
>> backend plugin can make decisions about who's allowed to do updates to
>> what records from the way I understand the code. We could possibly add
>> that, but that requires us to play "find the patch" again once we start
>> getting this upstream. Also, I can't help to notice that the bind-ldap
>> plug-in isn't maintained upstream but out-of-tree.
> But the LDAP backend itself works well;  just postulating that you could
> use bind and point it at your internal LDAP database (we've been using
> Bind backed with LDAP for years - much easier to update LDAP than to
> argue with Bind).

Right, but if we need to maintain an LDB plugin for BIND out of tree,
this also puts the maintenance burden on us. We can't use the LDAP
plugin, as of course the way DNS records are stored in AD are different
to the way BIND stores them. Of course we could add a translation layer
to our LDAP server (and possibly OpenLDAP), also carrying a maintenance

I guess it's a case of choose your poison. If someone else gets another
solution to work sooner, I'm happy to reconsider. But as long as it's me
who gets to do the implementation, I'm taking the NIH pill.


Kai Blin
Worldforge developer
Wine developer
Samba team member

More information about the samba-technical mailing list