BIND DLZ
Browsing around in the source tree of ISC's BIND 9.4.1 name server, I notice a directory called dlz/ in the contrib directory. That contains a patch named Bind DLZ, or Dynamically Loadable Zones, a feature richt implementation sponsored by NLnet, that allows data (including new zones!) served by a BIND name server to be modified without reloading or restarting it (something that many people who serve a large amount of zones hate to do because of BIND's rather long startup time).
Bind DLZ supports a number of backends including Berkeley DB, PostgreSQL, MySQL and LDAP, and it doesn't impose a schema to the LDAP backend; theoretically I can use almost any schema, as long as I observe some rules. Quite interesting is the possibility to limit zone transfers (AXFR) by adding an object to the directory:
dn: dlzrecordid=0,dlzZoneName=mens.de,o=dns dlzrecordid: 0 objectclass: dlzxfr dlzIPAddr: 127.0.0.1 dlzIPAddr: 192.168.1.173
Bind DLZ comes with an impressive set of performance tools including a data set with 2,697,736 domains which can be used to test the configuration. I used dnsCSVDataReader.pl to convert those to an LDIF with which I could load my slapd. This config file did the job:
inputfile: dns_data-1.0.csv writer: binddlz::writers::ldap::file file: dnsin.ldif base: o=dns
I was aware of the LDAP SDB back-end patch for BIND 9, which works very well, but that only allows individual zones to be retrieved from an LDAP directory.
BIND DLZ looks very interesting indeed.