[nssldap] Enhancement to DNS location of LDAP servers to support site location

[Howard Wilkinson <howard [at] cohtech.com>]

I have published a patch against nss_ldap 264 which adds the facility to 
specify the site that a host should locate its ldap servers in.

This is bug #381 in the bugzilla. It adds the configuration item 
'nss_srv_site <sitename>' to the application. With this set the dns 
lookup will use the site servers only.

This is a simple approach to providing site location. I would propose 
that a more general solution could/should be adopted but it requires 
additional DNS records to suppress the need to do a search of a random 
Active Directory to find the subnet information for the site. What I 
would propose should be implemented would be the addition of TXT records 
to the DNS that bind subnets to sites. These text records could be of 
the following format.

<sitename>.subnets.<domain> IN TXT "192.168.0.0/24,192.168.10.0/24"

A lookup for the wildcard *.subnets.<domain> would give candidate sites 
which could be filtered by IP address of the interfaces on the local host.

An alternative approach would be to use the reverse lookup for the 
network to find the record but this requires that the reverse zone is 
available which is often not the case but here we could use records like

0.10.168.192.in-addr.arpa IN TXT "Subnet: 192.168.10.0/24" "Site: 
<sitename>"

where the address lookup is the network address. The Subnet text is a 
check facility and is not really necessary but would allow a check that 
the site layout is as expected.

Given these sort of records the lookup to locate the servers could use 
the network interface addresses to find the sites to lookup the ldap 
servers - I would even be willing to try to code something like this if 
there is enough demand. The nice thing about this is that it would allow 
a sites and service facility in the absence of an Active Directory!

Regards, Howard.