samba-mirror/named.conf at c021c7d648944c1e4fed3946470c9b74591a4278

mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

Simo Sorce 7663475111 r24651: Allow dynamic updates for the domain controller over its own name

(This used to be commit ce9b64341159cb1a8f42809dcecc0b1e80eb8a5e)

2007-10-10 15:02:32 -05:00

 #
 # Insert these snippets into your named.conf or bind.conf to configure
 # the BIND nameserver.
 #
 #insert this into options {}
 tkey-gssapi-credential "DNS/${DNSDOMAIN}"
 tkey-domain "${REALM}";
 #the zone file
 zone "${DNSDOMAIN}." IN {
         type master;
         file "${DNSDOMAIN}.zone";
 	update-policy {
 		/* use ANY only for Domain controllers for now */
 		/* for normal machines A AAAA PTR is probbaly all is needed */
 		grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY;
 	};
 };
 # Also, you need to change your init scripts to set this environment variable
 # for named: KRB_KTNAME so that it points to the keytab generated.
 # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
 # line to the /etc/sysconfig/named file
 # export KRB_KTNAME=/etc/named.keytab
 # *TODO*: generate and install a keytab file in /etc/named.keytab