Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This schema contains OIDs from Uninett and FreeIPA.
- #
- # Unninet: http://drift.uninett.no/nett/ip-nett/dnsattributes.schema
- # Base OID for DNS records is 1.3.6.1.4.1.2428.20.1,
- # see http://drift.uninett.no/nett/ip-nett/oids.html
- #
- # FreeIPA: http://freeipa.org/
- # Base OID for DNS records is 2.16.840.1.113730.3.8.5
- # Base OID for DNS objectClasses is 2.16.840.1.113730.3.8.6
- #
- # If you want to add some record types that are defined by IANA,
- # please define it similar to what is done for the existing ones. The
- # name should be {TYPE}Record, and OID should be
- # 1.3.6.1.4.1.2428.20.1.value. For instance the RR type LOC has value
- # 29, so attribute name should be LocRecord (casing shouldn't matter),
- # and the OID is 1.3.6.1.4.1.2428.20.1.29. If you follow this, you
- # know that it will be compatible with what others use, and one is
- # guaranteed that the OIDs are unique.
- # The IANA DNS record type values are available from
- # <URL: http://www.iana.org/assignments/dns-parameters >.
- #
- # If you define new attributes, please report them to drift@uninett.no
- # to get them added of this schema.
- #
- # The basic record types like A, CNAME etc are defined in the cosine
- # schema and not by UNINETT or FreeIPA. This means that your LDAP server
- # should use the old COSINE schema (RFC 1274) plus this one to get
- # all the DNS attributes defined.
- #
- # Alternativelly you can use included excerpt from COSINE schema to get all
- # the missing attributes.
- #
- #
- # 389 DS requires following DN
- #dn: cn=schema
- #
- # OpenLDAP 2.4 requires following DN + objectClass + different attribute names
- # s/^attributeTypes:/olcAttributeTypes:/
- # s/^objectClasses:/olcObjectClasses:/
- dn: cn=dns,cn=schema,cn=config
- objectClass: olcSchemaConfig
- #
- #
- # COSINE schema
- # comment out if your server has COSINE schema installed
- #attributeTypes: ( 0.9.2342.19200300.100.1.26
- # NAME 'aRecord'
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- # EQUALITY caseIgnoreIA5Match )
- ##
- #attributeTypes: ( 0.9.2342.19200300.100.1.27
- # NAME 'mDRecord'
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- # EQUALITY caseIgnoreIA5Match )
- ##
- #attributeTypes: ( 0.9.2342.19200300.100.1.28
- # NAME 'mXRecord'
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- # EQUALITY caseIgnoreIA5Match )
- ##
- #attributeTypes: ( 0.9.2342.19200300.100.1.29
- # NAME 'nSRecord'
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- # EQUALITY caseIgnoreIA5Match )
- # CNAME record was originally defined as multi-value
- # but we redefined it as single-value to conform with RFC 2136, section 1.1.5.
- #olcAttributeTypes: ( 0.9.2342.19200300.100.1.31
- # NAME 'cNAMERecord'
- # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- # EQUALITY caseIgnoreIA5Match
- # SINGLE-VALUE )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.0.0
- NAME 'dNSTTL'
- DESC 'An integer denoting time to live'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- EQUALITY integerMatch )
- #
- #
- # UNINETT and FreeIPA attributes
- # dnsClass attribute is in fact unsupported by bind-dyndb-ldap
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.0.1
- NAME 'dNSClass'
- DESC 'The class of a resource record'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.12
- NAME 'pTRRecord'
- DESC 'domain name pointer, RFC 1035'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.13
- NAME 'hInfoRecord'
- DESC 'host information, RFC 1035'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.14
- NAME 'mInfoRecord'
- DESC 'mailbox or mail list information, RFC 1035'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.16
- NAME 'tXTRecord'
- DESC 'text string, RFC 1035'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.18
- NAME 'aFSDBRecord'
- DESC 'for AFS Data Base location, RFC 1183'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.28
- NAME 'aAAARecord'
- DESC 'IPv6 address, RFC 1886'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.29
- NAME 'LocRecord'
- DESC 'Location, RFC 1876'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.30
- NAME 'nXTRecord'
- DESC 'non-existant, RFC 2535'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.33
- NAME 'sRVRecord'
- DESC 'service location, RFC 2782'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.35
- NAME 'nAPTRRecord'
- DESC 'Naming Authority Pointer, RFC 2915'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.36
- NAME 'kXRecord'
- DESC 'Key Exchange Delegation, RFC 2230'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.37
- NAME 'certRecord'
- DESC 'certificate, RFC 2538'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.38
- NAME 'a6Record'
- DESC 'A6 Record Type, RFC 2874'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.39
- NAME 'dNameRecord'
- DESC 'Non-Terminal DNS Name Redirection, RFC 6672'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.43
- NAME 'dSRecord'
- DESC 'Delegation Signer, RFC 3658'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.44
- NAME 'sSHFPRecord'
- DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.51
- NAME 'nSEC3PARAMRecord'
- DESC 'RFC 5155'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord'
- DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769
- NAME 'DLVRecord'
- DESC 'RFC 4431: DNSSEC Lookaside Validation'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- # See https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/UnknownRecord
- olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.4
- NAME 'UnknownRecord'
- DESC 'unknown DNS record, RFC 3597'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.0
- NAME 'idnsName'
- DESC 'DNS FQDN'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.1
- NAME 'idnsAllowDynUpdate'
- DESC 'permit dynamic updates on this zone'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- EQUALITY booleanMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.2
- NAME 'idnsZoneActive'
- DESC 'define if the zone is considered in use'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- EQUALITY booleanMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.3
- NAME 'idnsSOAmName'
- DESC 'SOA Name'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.4
- NAME 'idnsSOArName'
- DESC 'SOA root Name'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.5
- NAME 'idnsSOAserial'
- DESC 'SOA serial number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
- EQUALITY numericStringMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.6
- NAME 'idnsSOArefresh'
- DESC 'SOA refresh value'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
- EQUALITY numericStringMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.7
- NAME 'idnsSOAretry'
- DESC 'SOA retry value'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
- EQUALITY numericStringMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.8
- NAME 'idnsSOAexpire'
- DESC 'SOA expire value'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
- EQUALITY numericStringMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.9
- NAME 'idnsSOAminimum'
- DESC 'SOA minimum value'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
- EQUALITY numericStringMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.10
- NAME 'idnsUpdatePolicy'
- DESC 'DNS dynamic updates policy'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.11
- NAME 'idnsAllowQuery'
- DESC 'BIND9 allow-query ACL element'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.12
- NAME 'idnsAllowTransfer'
- DESC 'BIND9 allow-transfer ACL element'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.13
- NAME 'idnsAllowSyncPTR'
- DESC 'permit synchronization of PTR records'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- EQUALITY booleanMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.14
- NAME 'idnsForwardPolicy'
- DESC 'forward policy: only or first'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.15
- NAME 'idnsForwarders'
- DESC 'list of forwarders'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch )
- #
- olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.18
- NAME 'idnsSecInlineSigning'
- DESC 'DNSSEC in-line signing'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- EQUALITY booleanMatch
- SINGLE-VALUE )
- #
- olcObjectClasses: ( 2.16.840.1.113730.3.8.6.0
- NAME 'idnsRecord'
- DESC 'dns Record, usually a host'
- SUP top
- STRUCTURAL
- MUST idnsName
- MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $
- AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $
- SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $
- MINFORecord $ AFSDBRecord $ LOCRecord $
- NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $
- DSRecord $ SSHFPRecord $ DLVRecord $ TLSARecord $ UnknownRecord
- ) )
- #
- olcObjectClasses: ( 2.16.840.1.113730.3.8.6.1
- NAME 'idnsZone'
- DESC 'Zone class'
- SUP idnsRecord
- STRUCTURAL
- MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $
- idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $
- idnsSOAminimum
- )
- MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $
- idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $
- idnsSecInlineSigning $ nSEC3PARAMRecord
- ) )
- #
- olcObjectClasses: ( 2.16.840.1.113730.3.8.6.2
- NAME 'idnsConfigObject'
- DESC 'DNS global config options'
- STRUCTURAL
- MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR ) )
- #
- olcObjectClasses: ( 2.16.840.1.113730.3.8.6.3
- NAME 'idnsForwardZone'
- DESC 'Forward Zone class'
- SUP top
- STRUCTURAL
- MUST ( idnsName $ idnsZoneActive )
- MAY ( idnsForwarders $ idnsForwardPolicy ) )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement