# This schema contains OIDs from Uninett and FreeIPA.
#
# Unninet: http://drift.uninett.no/nett/ip-nett/dnsattributes.schema
#          Base OID for DNS records is 1.3.6.1.4.1.2428.20.1,
#          see http://drift.uninett.no/nett/ip-nett/oids.html
#
# FreeIPA: http://freeipa.org/
#          Base OID for DNS records is 2.16.840.1.113730.3.8.5
#          Base OID for DNS objectClasses is 2.16.840.1.113730.3.8.6
#
# If you want to add some record types that are defined by IANA,
# please define it similar to what is done for the existing ones. The
# name should be {TYPE}Record, and OID should be
# 1.3.6.1.4.1.2428.20.1.value. For instance the RR type LOC has value
# 29, so attribute name should be LocRecord (casing shouldn't matter),
# and the OID is 1.3.6.1.4.1.2428.20.1.29. If you follow this, you
# know that it will be compatible with what others use, and one is
# guaranteed that the OIDs are unique.
# The IANA DNS record type values are available from
# <URL: http://www.iana.org/assignments/dns-parameters >.
#
# If you define new attributes, please report them to drift@uninett.no
# to get them added of this schema.
#
# The basic record types like A, CNAME etc are defined in the cosine
# schema and not in this schema.  This means that your LDAP server
# must use both the cosine schema and this one to get all the DNS
# attributes defined.

attributetype ( 1.3.6.1.4.1.2428.20.0.0
	NAME 'dNSTTL'
	DESC 'An integer denoting time to live'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

attributetype ( 1.3.6.1.4.1.2428.20.0.1
	NAME 'dNSClass'
	DESC 'The class of a resource record'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.12
	NAME 'pTRRecord'
	DESC 'domain name pointer, RFC 1035'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.13
	NAME 'hInfoRecord'
	DESC 'host information, RFC 1035'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.14
	NAME 'mInfoRecord'
	DESC 'mailbox or mail list information, RFC 1035'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.16
	NAME 'tXTRecord'
	DESC 'text string, RFC 1035'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.18
	NAME 'aFSDBRecord'
	DESC 'for AFS Data Base location, RFC 1183'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.28
	NAME 'aAAARecord'
	DESC 'IPv6 address, RFC 1886'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.29
	NAME 'LocRecord'
	DESC 'Location, RFC 1876'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.30
	NAME 'nXTRecord'
	DESC 'non-existant, RFC 2535'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.33
	NAME 'sRVRecord'
	DESC 'service location, RFC 2782'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.35
	NAME 'nAPTRRecord'
	DESC 'Naming Authority Pointer, RFC 2915'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.36
	NAME 'kXRecord'
	DESC 'Key Exchange Delegation, RFC 2230'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.37
	NAME 'certRecord'
	DESC 'certificate, RFC 2538'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.38
	NAME 'a6Record'
	DESC 'A6 Record Type, RFC 2874'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.39
	NAME 'dNameRecord'
	DESC 'Non-Terminal DNS Name Redirection, RFC 6672'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.2428.20.1.43
	NAME 'dSRecord'
	DESC 'Delegation Signer, RFC 3658'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.44
	NAME 'sSHFPRecord'
	DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.51
	NAME 'nSEC3PARAMRecord'
	DESC 'RFC 5155'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord'
        DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.2428.20.1.32769
       NAME 'DLVRecord'
       DESC 'RFC 4431: DNSSEC Lookaside Validation'
       EQUALITY caseIgnoreIA5Match
       SUBSTR caseIgnoreIA5SubstringsMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 2.16.840.1.113730.3.8.5.0
	NAME 'idnsName'
	DESC 'DNS FQDN'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.1
	NAME 'idnsAllowDynUpdate'
	DESC 'permit dynamic updates on this zone'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.2
	NAME 'idnsZoneActive'
	DESC 'define if the zone is considered in use'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.3
	NAME 'idnsSOAmName'
	DESC 'SOA Name'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.4
	NAME 'idnsSOArName'
	DESC 'SOA root Name'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.5
	NAME 'idnsSOAserial'
	DESC 'SOA serial number'
	EQUALITY numericStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.6
	NAME 'idnsSOArefresh'
	DESC 'SOA refresh value'
	EQUALITY numericStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.7
	NAME 'idnsSOAretry'
	DESC 'SOA retry value'
	EQUALITY numericStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.8
	NAME 'idnsSOAexpire'
	DESC 'SOA expire value'
	EQUALITY numericStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.9
	NAME 'idnsSOAminimum'
	DESC 'SOA minimum value'
	EQUALITY numericStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.10
	NAME 'idnsUpdatePolicy'
	DESC 'DNS dynamic updates policy'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.11
	NAME 'idnsAllowQuery'
	DESC 'BIND9 allow-query ACL element'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.12
	NAME 'idnsAllowTransfer'
	DESC 'BIND9 allow-transfer ACL element'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.13
	NAME 'idnsAllowSyncPTR'
	DESC 'permit synchronization of PTR records'
	EQUALITY booleanMatch 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.14 
	NAME 'idnsForwardPolicy'
	DESC 'forward policy: only or first'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
	SINGLE-VALUE )

attributetype ( 2.16.840.1.113730.3.8.5.15
	NAME 'idnsForwarders'
	DESC 'list of forwarders'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype ( 2.16.840.1.113730.3.8.5.18
	NAME 'idnsSecInlineSigning'
	DESC 'DNSSEC in-line signing'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

objectclass ( 2.16.840.1.113730.3.8.6.0
	NAME 'idnsRecord'
	DESC 'dns Record, usually a host'
	SUP top
	STRUCTURAL
	MUST idnsName
	MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $
		AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $
		SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $
		MINFORecord $ AFSDBRecord $ LOCRecord $
		NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $
		DSRecord $ SSHFPRecord $ DLVRecord $ TLSARecord
	) )

objectclass ( 2.16.840.1.113730.3.8.6.1
	NAME 'idnsZone'
	DESC 'Zone class'
	SUP idnsRecord
	STRUCTURAL
	MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $
		idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $
		idnsSOAminimum
	)
	MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $
		idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $
		idnsSecInlineSigning $ nSEC3PARAMRecord
	) )

objectclass ( 2.16.840.1.113730.3.8.6.2
	NAME 'idnsConfigObject'
	DESC 'DNS global config options'
	STRUCTURAL
	MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR ) )

objectClass ( 2.16.840.1.113730.3.8.6.3
	NAME 'idnsForwardZone'
	DESC 'Forward Zone class'
	SUP top
	STRUCTURAL
	MUST ( idnsName $ idnsZoneActive )
	MAY ( idnsForwarders $ idnsForwardPolicy ) )
