60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<section xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="dlz-info"><info><title>DLZ (Dynamically Loadable Zones)</title></info>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User DLZ (Dynamically Loadable Zones) is an extension to BIND 9 that allows

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt zone data to be retrieved directly from an external database. There is

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein no required format or schema. DLZ drivers exist for several different

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein database backends including PostgreSQL, MySQL, and LDAP and can be

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User written for any other.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Historically, DLZ drivers had to be statically linked with the <command>named</command>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein binary and were turned on via a configure option at compile time (for

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein example, <userinput>"configure --with-dlz-ldap"</userinput>).

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Currently, the drivers provided in the BIND 9 tarball in

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>contrib/dlz/drivers</filename> are still linked this

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein way.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein In BIND 9.8 and higher, it is possible to link some DLZ modules

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dynamically at runtime, via the DLZ "dlopen" driver, which acts as a

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein generic wrapper around a shared object implementing the DLZ API. The

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "dlopen" driver is linked into <command>named</command> by default, so configure options

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein are no longer necessary when using these dynamically linkable drivers,

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User but are still needed for the older drivers in

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <filename>contrib/dlz/drivers</filename>.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User When the DLZ module provides data to <command>named</command>, it does so in text format.

af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User The response is converted to DNS wire format by <command>named</command>. This

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User conversion, and the lack of any internal caching, places significant

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User limits on the query performance of DLZ modules. Consequently, DLZ is

af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User not recommended for use on high-volume servers. However, it can be

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein used in a hidden master configuration, with slaves retrieving zone

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein updates via AXFR. (Note, however, that DLZ has no built-in support for

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User DNS notify; slaves are not automatically informed of changes to the

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User zones in the database.)

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <section><info><title>Configuring DLZ</title></info>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User A DLZ database is configured with a <command>dlz</command>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User statement in <filename>named.conf</filename>:

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <screen>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dlz example {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein database "dlopen driver.so <option>args</option>";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein search yes;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein };

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </screen>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This specifies a DLZ module to search when answering queries; the

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User module is implemented in <filename>driver.so</filename> and is

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User loaded at runtime by the dlopen DLZ driver. Multiple

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>dlz</command> statements can be specified; when

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User answering a query, all DLZ modules with <option>search</option>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User set to <literal>yes</literal> will be queried to find out if

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User they contain an answer for the query name; the best available

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews answer will be returned to the client.

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews </para>

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews <para>

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews The <option>search</option> option in the above example can be

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews omitted, because <literal>yes</literal> is the default value.

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews </para>

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews <para>

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews If <option>search</option> is set to <literal>no</literal>, then

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews this DLZ module is <emphasis>not</emphasis> searched for the best

48abcd3eb789fdd24a2e0a6155b25e6979a39ae0Mark Andrews match when a query is received. Instead, zones in this DLZ must be

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein separately specified in a zone statement. This allows you to

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User configure a zone normally using standard zone option semantics,

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User but specify a different database back-end for storage of the

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone's data. For example, to implement NXDOMAIN redirection using

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a DLZ module for back-end storage of redirection rules:

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <screen>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User dlz other {

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User database "dlopen driver.so <option>args</option>";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein search no;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein };

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone "." {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type redirect;

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User dlz other;

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User };

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </screen>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </section>

af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <section><info><title>Sample DLZ Driver</title></info>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews For guidance in implementation of DLZ modules, the directory

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <filename>contrib/dlz/example</filename> contains a basic

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews dynamically-linkable DLZ module--i.e., one which can be

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein loaded at runtime by the "dlopen" DLZ driver.

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews The example sets up a single zone, whose name is passed

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to the module as an argument in the <command>dlz</command>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein statement:

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <screen>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dlz other {

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews database "dlopen driver.so example.nil";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein };

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </screen>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein In the above example, the module is configured to create a zone

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User "example.nil", which can answer queries and AXFR requests, and

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews accept DDNS updates. At runtime, prior to any updates, the zone

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User contains an SOA, NS, and a single A record at the apex:

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <screen>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User example.nil. 3600 IN SOA example.nil. hostmaster.example.nil. (

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User 123 900 600 86400 3600

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein )

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein example.nil. 3600 IN NS example.nil.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein example.nil. 1800 IN A 10.53.0.1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </screen>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The sample driver is capable of retrieving information about the

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein querying client, and altering its response on the basis of this

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein information. To demonstrate this feature, the example driver

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein responds to queries for "source-addr.<option>zonename</option>&gt;/TXT"

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein with the source address of the query. Note, however, that this

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein record will *not* be included in AXFR or ANY responses. Normally,

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews this feature would be used to alter responses in some other fashion,

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein e.g., by providing different address records for a particular name

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User depending on the network from which the query arrived.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Documentation of the DLZ module API can be found in

c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User <filename>contrib/dlz/example/README</filename>. This directory also

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein contains the header file <filename>dlz_minimal.h</filename>, which

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein defines the API and should be included by any dynamically-linkable

DLZ module.

</para>

</section>

</section>