
ldapdns / ldapaxfr


welcome to LDAPDNS.


i wrote LDAPDNS simply because there is no other LDAP<->DNS gateway that
I found useful, and infact, there are only two others that I am aware of:
	1. Microsoft Active Directory
	2. BIND+LDAP (patch)

If you need to know why these are completely wrong, go elsewhere, because I'm
not going to explain it in this README.


Still here?


LDAPDNS is a fast, rhobust, and powerful content DNS server.

It does not do:
	recursive resolving
	proxying
	caching

or anything else but serve DNS content.


The first version of LDAPDNS was written as a patch to DJBDNS - a very fine
DNS server. However, OpenLDAP was unstable at the time, and had lots of
bugs in the client-side code. It also blocked frequently, and even sometimes
disappeared completely.

LDAPDNS 2 is a rewrite that primarily addresses problems with OpenLDAP,
and also succeeds the original: It is faster than other nameservers, and can
scale above and beyond any other nameserver. <README.comparison>

LDAPDNS does some things that other nameservers don't- a kind of innovation
if you will- and AFAIK, is the only nameserver that supports generic records
AND still compresses domain-names inside of them <README.generic-rr>

Like DJBDNS, it supports "split-horizon" DNS, and also puts in some offensive
programming tactics that make LDAPDNS safe to use.
	a remote user cannot write to the LDAP server (permissions)
	a remote user cannot trash the filesystem
	a remote user cannot gain access to a "shell"
some of the should nots :)
	a remote user should not be able to crash LDAPDNS

that's a hard one. I'm not as good a programmer as DJB- but his tactics have
changed my code - and continue to. One day, I'll be able to make a guarantee :)

Like BIND, you can make binary packages of LDAPDNS, and unlike the ISC, I will
actually try and help you with it! Redistribution of LDAPDNS is a good thing...

If you have any questions at all about LDAPDNS, feel free to contact me
directly; all my relevent contact information is on my website.

