Creating SRV Records in PowerDNS

Creating SRV Records in PowerDNS

PowerDNS is a great little DNS server, especially if you want to use OpenLDAP for the backend. Unfortunately some of it's features are not well documented. That includes creating SRV records when using the "tree" structure of LDAP storage.

If you're using the tree structure for PowerDNS, you already have something like the following:

dc=yourdomain,dc=com,ou=powerdns,dc=ldapdomain

This shows in a tree view something like:

dc=ldapdomain
  ou=powerdns
    dc=com
      dc=yourdomain
        dc=server1
        dc=server2
...

If you want to use SRV records to let your DNS server tell apps where services are located, you must create the following branch structure:

dc=ldapdomain
  ou=powerdns
    dc=com
      dc=yourdomain
        dc=_tcp
          dc=_xmpp-client
          dc=_xmpp-server
        dc=server1
...

Notice you need a tree branch under "yourdomain" that is for the _tcp protocol. For udp services you'll need a tree branch called "_udp" obviously.

From there, you create the actual sRVRecords for the services such as _xmpp-client and _xmpp-server

Set the associatedDomain attribute to "_xmpp-client._tcp.yourdomain.com", etc., and set the sRVRecord to "[weight] [priority] [port] [target]".

An example LDIF would look like:

dn: dc=_tcp,dc=example,dc=com,ou=powerdns,dc=ldapdomain
objectClass: dNSDomain2
objectClass: dcObject
objectClass: domainRelatedObject
objectClass: top
associatedDomain: _tcp
dc: _tcp

dn: dc=_xmpp-client,dc=_tcp,dc=example,dc=com,ou=powerdns,dc=ldapdomain
objectClass: dNSDomain
objectClass: dNSDomain2
objectClass: domain
objectClass: domainRelatedObject
objectClass: top
associatedDomain: _xmpp-client._tcp.example.com
dc: _xmpp-client
sRVRecord: 5 0 5222 xmpp-server.example.com

dn: dc=_xmpp-server,dc=_tcp,dc=example,dc=com,ou=powerdns,dc=ldapdomain
objectClass: dNSDomain
objectClass: dNSDomain2
objectClass: domain
objectClass: domainRelatedObject
objectClass: top
associatedDomain: _xmpp-server._tcp.example.com
dc: _xmpp-server
sRVRecord: 5 0 5269 xmpp-server.example.com

With the above in your DNS tree, you'll be able to connect to the XMPP (Jabber) server using the format "loginexample.com" instead of the actual server name "loginxmpp-server.example.com". It's much easier for managing large volumes of users.

None of the documentation I found for PowerDNS actually describes how to do this. I ended up putting my OpenLDAP server into debug mode and watching the queries that the DNS server was sending it when I tried to lookup the SRV records.

Finally, you can test that it works by doing the following:

$ nslookup
set type=srv
_xmpp-server._tcp.example.com

The result would look like:

Non-authoritative answer:
_xmpp-server._tcp.example.com service = 5 0 5269 xmpp-server.example.com
...

Obviously the "xmpp-server.example.com" would be the location of your Jabber server, with it's server connections on port 5269 and it's client connections using 5222.

Posted by Tony on Sep 19, 2011 | Servers