[Opendnssec-user] Database support for OpenDNSSEC

Simon Mittelberger mittelberger at united-domains.de
Mon Nov 15 16:19:31 UTC 2010 

Dear OpenDNSSEC-Community,


we tested OpenDNSSEC for a few weeks now and we are pretty happy with
it.

We noticed the section "External API" on your todo list and we think,
that there is a third possibility to simplify integration into existing
systems. In addition to a "library" or "improved command line tools" the
following could be interesting too:

In our opinion there are a lot of organizations which use a database
backend to store their records for their nameservers. After an
integration of OpenDNSSEC the workflow would most probably look like the
following: exporting the zones to files, sign them and maybe importing
them again. If OpenDNSSEC could read the records of an unsigned zone out
of a database table and write the signed zone to a database table again,
integration into such a system would be simplified.

We created a proof of concept implementation of a mysql adapter for
OpenDNSSEC. It is not completed yet; currently only the "reading part"
is working and the audit of the zone fails after signing, because the
auditor still wants to get the unsigned zone out of the file.

The patch file for the mysql adapter is attached to this email as well
as the database schema with a few test records and an example of
zonelist.xml. The patch was developed using r4174. The auditor has to be
disabled (--disable-auditor) and the mysql headers have to be included
(--with-database-backend=mysql) when executing ./configure

What are your thoughts about this subject? Any suggestions and comments
are highly appreciated.

I am looking forward to hear from you.



Kind regards,

Simon Mittelberger
united-domains AG
www.united-domains.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opendnssec_mysql.patch
Type: text/x-patch
Size: 26133 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20101115/55937e63/attachment.bin>
-------------- next part --------------
CREATE TABLE unsigned_records (
    record_id INT auto_increment,
    zone_name VARCHAR(255) DEFAULT NULL,
    owner_name VARCHAR(255) DEFAULT NULL,
    ttl INT DEFAULT 1,
    class VARCHAR(6) DEFAULT NULL,
    type VARCHAR(6) DEFAULT NULL,
    content VARCHAR(255) DEFAULT NULL,
    primary key(record_id)
)type=InnoDB;

CREATE TABLE signed_records (
    record_id INT auto_increment,
    zone_name VARCHAR(255) DEFAULT NULL,
    owner_name VARCHAR(255) DEFAULT NULL,
    ttl INT DEFAULT 1,
    class VARCHAR(6) DEFAULT NULL,
    type VARCHAR(6) DEFAULT NULL,
    content VARCHAR(255) DEFAULT NULL,
    primary key(record_id)
)type=InnoDB;

INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'sub01.domain.tld', '1', 'IN', 'SOA', 'ns1.sub01.domain.tld. hostmaster.sub01.domain.tld. (1 1 1 1 1)');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'sub01.domain.tld', '1', 'IN', 'NS', 'ns1.sub01.domain.tld.');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'ns1.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'sub01.domain.tld', '1', 'IN', 'MX', '10 mail1.sub01.domain.tld.');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'mail1.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');

INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www01.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www02.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www03.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www04.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www05.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www06.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www07.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www08.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www09.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
INSERT INTO unsigned_records(zone_name, owner_name, ttl, class, type, content) VALUES('sub01.domain.tld', 'www10.sub01.domain.tld', '1', 'IN', 'A', '172.16.0.10');
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zonelist.xml
Type: application/xml
Size: 629 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20101115/55937e63/attachment.wsdl>

More information about the Opendnssec-user mailing list