mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
c986bfb22e
The named.conf.update file will be filled in at runtime by Samba to contain the list of bind9 grant rules for granting DNS dynamic update permissions on the domain.
40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
# This file should be included in your main BIND configuration file
|
|
#
|
|
# For example with
|
|
# include "${NAMED_CONF}";
|
|
|
|
zone "${DNSDOMAIN}." IN {
|
|
type master;
|
|
file "${ZONE_FILE}";
|
|
/*
|
|
* the list of principals and what they can change is created
|
|
* dynamically by Samba, based on the membership of the domain controllers
|
|
* group. The provision just creates this file as an empty file.
|
|
*/
|
|
include "${NAMED_CONF_UPDATE}";
|
|
|
|
/* we need to use check-names ignore so _msdcs A records can be created */
|
|
check-names ignore;
|
|
};
|
|
|
|
# The reverse zone configuration is optional. The following example assumes a
|
|
# subnet of 192.168.123.0/24:
|
|
|
|
/*
|
|
zone "123.168.192.in-addr.arpa" in {
|
|
type master;
|
|
file "123.168.192.in-addr.arpa.zone";
|
|
update-policy {
|
|
grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;
|
|
};
|
|
};
|
|
*/
|
|
|
|
# Note that the reverse zone file is not created during the provision process.
|
|
|
|
# The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG
|
|
# updates. If you are running an earlier version of BIND, or if you do not wish
|
|
# to use secure GSS-TSIG updates, you may remove the update-policy sections in
|
|
# both examples above.
|
|
|