網際網路由於範圍廣大，因此具有一套發展良好的命名系統 — 網域名稱系統(DNS)，網域名稱系統的架構在邏輯上是屬於階層式的樹狀結構，分層授權管理。
通常，我們較希望將DNS資訊存放在資料庫中更勝過於放在純文字檔裡，這樣可以對減少管理者的負擔產生很大的幫助；再者傳統DNS Zone-Transfer機制以往最讓人詬病的，就是slave name server的資料往往無法立即與master的資料做同步化，而DNS Zone-Transfer若沒有做適當的限制設定，也會被駭客作當作系統入侵的幫兇，或是利用用其漏洞對DNS伺服器執行阻絕服務攻擊。
而輕量級目錄存取協定 - LDAP，這個階層式的資料庫目錄協定，不僅是IETF所提出的標準協定，所具有的一些性質與特性，正好可以幫助我們將DNS資料庫成功的移植到LDAP目錄裡，在LDAP目錄服務中建立網域名稱系統的基本架構，對於以往存在的DNS Zone-Transfer問題，也有了適度而成功的改善。
因此本論文即是利用了輕量級目錄存取協定，這個目前網路上很受重視的通信協定，作為後端，而設計並實作能提供Domain Name Resolution的網域名稱系統。

Due to the wide range of the Internet , therefore it has a well-developed naming system — Domain Name System(DNS) . The framework of the Domain Name System is part of hierarchical tree-shaped structure in logically and authorize to manage according to layers. Often , it is desirable t o store DNS information in a database rather than in flat text files. This can help to reduce administration overhead. Also , the traditional DNS Zone-Transfer mechanism was usually denounced that the data between the master and the slave name servers can’t be synchronized immediately. And if you don’t make appropriate restriction settings , hackers will utilize it to invade systems or to execute denial of service for DNS server.
Lightweight directory access protocol (LDAP) is a hierarchical database directory protocol . It is a standard protccol supplied by IETF organization . Besides , some properties it has just can help us to transplant the DNS database to the LDAP directory and establish basic structure of the Domain Name System in the LDAP directory. In regard to the problems of DNS Zone-Transfer which already exist , it also has appropriate and successful improvement .
Our thesis now utilize the lightweight directory access protocol to be our behind end to design and implement the Domain Name System which can supply Domain Name Resolution.

1. 序論……………………………………………………………………1
2.背景介紹………………………………………………………………4
2.1 LDAP目錄服務的主要功能….…………………………………4
2.2 LDAP目錄服務的結構及組成元件……………………………5
2.2.1 Directory Information Tree(DIT)……………….5
2.2.2 Entry…………………………………………………………..5
2.2.3 Attribute………………………………………..6
3.系統功能與實作…………………………………….. …………………8
3.1 開發環境…………………………………….. ………………8
3.1.1 Server端……………………….. ……………8
3.1.2 Client端……………………………………..9
3.1.2.1 Command-line tools……………9
3.1.2.2 LDAP Browser/Editor…………10
3.1.2.3 Softerra LDAP Browser…..11
3.1.2.4 GQ.......................12
3.1.2.5 Kldap……………………………12
3.2 在LDAP中制定新的Schema定義………………………………13
3.2.1 何謂Schema…………………………………..13
3.2.2 Object class definition的格式…………15
3.2.3 Attribute type definition的格式………15
3.2.4 針對DNS開始制定新的Schema定義…………17
3.2.4.1 制定新的attribute type: DNSdomainname.........17
3.2.4.2 制定新的attribute type: DNSzonemaster……………17
3.2.4.3 制定新的attribute type: DNSadminmailbox…………18
3.2.4.4 制定新的attribute type: DNSserial…………………18
3.2.4.5 制定新的attribute type: DNSrefresh…………………19
3.2.4.6 制定新的attribute type: DNSretry…………………..19
3.2.4.7 制定新的attribute type: DNSexpire…………………20
3.2.4.8 制定新的attribute type: DNSminimum……………20
3.2.4.9 制定新的attribute type: DNStypeA…………………21
3.2.4.10制定新的attribute type: DNStypeNS………………21
3.2.4.11制定新的attribute type: DNStypeCNAME…………22
3.2.4.12制定新的attribute type: DNStypeMB………………22
3.2.4.13制定新的attribute type: DNStypeMG………………22
3.2.4.14制定新的attribute type: DNStypeMR………………23
3.2.4.15制定新的attribute type: DNStypePTR……………….23
3.2.4.16制定新的attribute type: DNScpu…………………….24
3.2.4.17制定新的attribute type: DNSos………………………24
3.2.4.18制定新的attribute type: DNSrmailbox…………….…24
3.2.4.19制定新的attribute type: DNSemailbox………………25
3.2.4.20制定新的attribute type: DNStypeMX………………..25
3.2.4.21制定新的attribute type: DNStypeTXT………………26
3.2.4.22制定新的attribute type: DNSttl………………………26
3.2.4.23制定新的 object class: DNSzone……………………27
3.2.4.24制定新的 object class: DNShost………………………27
3.2.4.25制定新的 object class: DNSrhost……………………28
3.3 根據新定義好的Schema建制測試資料………………….28
3.3.1 Include指令……………..………………28
3.3.2 在LDAP設定檔中定義DIT樹相關資料………29
3.3.3 實際建制測試資料………………. ………33
3.4 以LDAP Replication機制建制slave name server……35
3.5 以LDAP Referral及Reference機制串連DNS Domains……39
3.5.1 Referral指令………………. ……………….39
3.5.2 Referral物件………………………………40
3.6 實作DNS與LDAP間的中介軟體(middleware) ……………….41
3.7 DNS Round Robin的支援………………. ………….43
3.7.1 DNS Round Robin的概念………………….43
3.7.2 在本系統中實作DNS Round Robin………….46
3.8 實作資料檔轉換工具………………. ……………….51
3.8.1 First Utility：nsdb2ldif…………………52
3.8.2 Second Utility：nsrdb2ldif…………….54
4. 本系統與另一實作：ldap2dns之比較…………………………………56
4.1 系統功能與外部架構比較……………………………………….56
4.2 運作程序與啟動參數比較……………………………………… 58
4.3 Schema定義與DIT樹內部架構比較…………………60
4.3.1所定義object class比較…………….60
4.3.2 所定義attribute type比較………….62
4.3.3 DIT樹內部架構比較……………….63
4.4 本系統相對於傳統DNS或ldap2dns系統所具有之優點……….65
4.4.1 後端資料來源隱藏且獨立運作可防止DDos阻絕服務攻擊…….65
4.4.2 Zone-Transfer方面的改善…………….68
4.4.2.1 縮短同步化時間………………68
4.4.2.2 防止有心人士濫用zone-transfer...........69
4.4.3 利用Access Control機制分散管理權責………………….70
5. 未來展望…………..…. ………………………………………………….72
5.1 Support更多的DNS Resource Records……………………72
5.2 改寫DNS client…………………………………….72
6. 參考資料…..…………. ………………………………………………….73

[1] Domain Names — Concepts and Facilities, RFC1034 , http://www.ietf.org/
[2] Domain Names — Implementation and Specification, RFC1035 ,
http://www.ietf.org/
[3] Incremental Zone Transfer in DNS, RFC1995 , http://www.ietf.org/
[4] A Mechanism for Prompt Notification of Zone Changes(DNS NOTIFY),
RFC1996 , http://www.ietf.org/
[5] DNS and BIND 3rd Edition ,by Paul Albitz & Cricket Liu , published by O’Reilly & Associate Inc.
[6] Lightweight Directory Access Protocol (v3), RFC2251 , http://www.ietf.org/
[7] LDAP (v3)：Attribute Syntax Definitions, RFC2252 , http://www.ietf.org/
[8] LDAP (v3)：UTF-8 String Representation of Distinguished Names, RFC2253 ,
http://www.ietf.org/
[9] The String Representation of LDAP Search Filters, RFC2254, http://www.ietf.org/
[10] The LDAP URL Format, RFC2255 , http://www.ietf.org/
[11] A Summary of the X.500 User Schema for use with LDAPv3, RFC2256 ,
http://www.ietf.org/
[12] The LDAP Data Interchange Format (LDIF) — Technical Specification ,RFC2849
, http://www.ietf.org/
[13] The LDAP Application Program Interface, RFC1823 , http://www.ietf.org/
[14] The C LDAP Application Progarm Interface
[15] Windows Sockets Network Programming-網路程式設計經典,by Quinn Shute
[16] Unix Network Programming 2nd Edition, by W. Richard Stevens
[17] Linux C 語言實錄 , 施威銘研究室著 , 旗標出版
[18] Linux C 函式庫參考手冊 , 徐千洋著 , 旗標出版
[19] LDAP to DNS gateway , http://ldap2dns.tiscover.com/
[20] OpenLDAP Project , http://www.openldap.org/
[21] LDAP Browser/Editor version2.8.1 , http://www.iit.edu/~gawojar/ldap
[22] LDAP Administrator , http://www.ldapbrowser.com/
[23] GQ — a GTK-based LDAP client , http://biot.com/gq/
[24] kldap , http://www.mountpoint.ch/oliver/kldap/
[25] ITU-T Rec. X.500 , ”The Directory: Overview of Concepts,Models ans Service” , 1993.
[26] NOVELL Worldwide , http://www.novell.com/
[27] RedHat Linux , http://www.redhat.org/