auth: autosecondary support for LMDB

[phillipp]

• Program: Authoritative
• Issue type: Feature request

Short description

Implement support for storing and retrieving autoprimaries in the LMDB backend.

Usecase

We run a hosting environment and want to operate our PowerDNS servers as Autosecondaries using the LMDB backend. We chose LMDB for its superior performance and resilience against DDoS attacks compared to SQL backends and faster reload speed compared to bind database.

Description

Please add support for the autoprimaries table/functionality to the LMDB backend.

Currently, the LMDB backend lacks the ability to store trusted autoprimary IP adresses and nameservers. Without this implementation, pdns_server cannot lookup if an incoming NOTIFY comes from a trusted source when running on LMDB, making it impossible to use the Autosecondary feature with this backend.

We need the LMDB backend to implement the equivalent of the autoprimaries table found in the generic SQL backends.

From looking at the code this would require the following changes:

• new struct for autoprimary (with ip/nameserver/account)
• add/list/remove operations for autoprimaries
• add function to create secondary domain
• add function to check the notify comes from an autoprimary

[kpfleming]

Would you consider using catalog zones instead of autoprimary/autosecondary? They are extremely capable and offer functionality not available in the older mechanism (in particular zone deletion).

[dmgeurts-mm]

Catalog zones aren't always an option when using a non-PowerDNS source for zones. For example, ISPconfig doesn't (currently) support it. Though the underlying bind does, it requires extra scripts to get bind to link new zones to the catalog zone. I'm sure there are other DNS management tools out there that don't yet have the required support either.