From cbcd022f302adc39ecb89fba6faf72e68184c0e0 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Fri, 2 Aug 2024 19:10:39 -0400
Subject: halfway working idm server and laptop hostclasses

---
 files/usr/local/etc/pdns/pdns.conf.idm_server | 29 +++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 files/usr/local/etc/pdns/pdns.conf.idm_server

(limited to 'files/usr/local/etc/pdns')

diff --git a/files/usr/local/etc/pdns/pdns.conf.idm_server b/files/usr/local/etc/pdns/pdns.conf.idm_server
new file mode 100644
index 0000000..fc63bd6
--- /dev/null
+++ b/files/usr/local/etc/pdns/pdns.conf.idm_server
@@ -0,0 +1,29 @@
+# With SASL_MECH=EXTERNAL set in system ldap.conf, PowerDNS can be fooled
+# into performing an EXTERNAL (Unix peercred) bind over the ldapi:/// domain
+# socket.
+#
+# You must set ldap-bindmethod=gssapi (?!) for this to work. This behavior doesn't
+# seem to be documented anywhere, but hey, it's nice!
+ldap-host=ldapi:///
+ldap-bindmethod=gssapi
+
+ldap-basedn=${dns_basedn}
+ldap-reconnect-attempts=2147483647
+ldap-method=simple
+
+launch=ldap
+
+local-address=127.0.0.1,::1
+local-port=${pdns_port}
+distributor-threads=${pdns_distributor_threads}
+receiver-threads=${pdns_receiver_threads}
+reuseport=yes
+
+allow-axfr-ips=${pdns_allow_axfr_ips}
+
+cache-ttl=${pdns_cache_ttl}
+query-cache-ttl=${pdns_query_cache_ttl}
+negquery-cache-ttl=${pdns_negquery_cache_ttl}
+zone-cache-refresh-interval=0
+
+security-poll-suffix=
-- 
cgit v1.2.3