BIND9 dyndb
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Fri Jan 30 01:23:03 UTC 2026
The BIND9 DLZ interface is deprecated.
I am not sure of the schedule but there are mentions of it around,
including the 9.20.4 release notes[1]:
> the DLZ interface itself is going to be scheduled for removal,
[1]https://bind9.readthedocs.io/en/v9.20.18/notes.html#id104
The preferred replacement seems to be dyndb, which I think would
occasionally slurp records into the BIND9 database, rather than reading
from LDB for every request (Microsoft has a similarly loose coupling,
according to tests). There is an existing module called bind-dyndb-ldap.
In a Gitlab comment[2], Alexander said
> We plan to add support of samba DC use case to bind-dyndb-ldap. Once
> that is done (and migration to support new bind 9.20+), will be able
> to drop need for dlz in samba.
[2]https://gitlab.com/samba-team/samba/-/merge_requests/3932#note_2321941542
I am curious whether anyone is currently working on this.
https://github.com/freeipa/bind-dyndb-ldap seems a little ignored
lately, but maybe that is because it works perfectly.
I guess that the modifications for Samba would at least reflect the
different schema (for example "DnsRecord" vs "idnsRecord", which
presumably have different attributes). Things like `acl_from_ldap()`
have me wondering if there is a lot more to consider.
AFAICT, bind-dyndb-ldap is really the only dyndb module in use.
Douglas
More information about the samba-technical
mailing list