Last modified 2 weeks ago Last modified on 02/13/17 17:28:16


This is a new LDAP driver for BIND9.

It allows you to read data and also write data back (DNS Updates) to an LDAP backend.

The new version v11 is compatible with BIND 9.11 and newer. It uses the new API accepted in upstream BIND.

Driver versions <= 10 used unofficial "dynamic database" API so you would need patches for official BIND9.

Migration Notice

The bind-dyndb-ldap project is in the process of migration to

Please file new issues at

The current wiki is not yet migrated.

Documentation and support

Lastest documentation is available inside README in Git.

More detailed information is in wiki articles:

This plugin is used extensively by FreeIPA project. Best place to post your questions is freeipa-users mailing list. You can also look into mailing list archive.

Did you encounter a bug? Please follow bug reporting guideline. Thank you!

Source code

The latest release is available at

Web interface to git repository is available at


Notes about Fedora package release process

Design documents

(please read General considerations)


Notes about BIND internals

Design goals and core decisions

  • bind-dyndb-ldap was developed for needs of FreeIPA project (but it can be used independently, e.g. with OpenLDAP)
  • FreeIPA defines most of bind-dyndb-ldap's high-level goals
  • Today, some functionality and code overlaps with existing software. The open question is if we should do something about it, and what happens if we do not do anything. For further details see article about Maintainability.