1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4/setup/named.txt
Andrew Bartlett 5de841f6f2 s4-dns: Remove dynamic DNS instructions for bind 9.7
This version of BIND only ever caused pain when trying to do dynamic DNS.

If users are using this version, simply treat it as a static server.

Andrew Bartlett
2012-07-03 08:13:02 +10:00

46 lines
2.1 KiB
Plaintext

# Additional informations for DNS setup using BIND
# If you are running a capable version of BIND and you wish to support
# secure GSS-TSIG updates, you must make the following configuration
# changes:
#
# Steps for BIND 9.8.x and 9.9.x -----------------------------------------
#
# 1. Insert following lines into the options {} section of your named.conf
# file:
tkey-gssapi-keytab "${DNS_KEYTAB_ABS}";
#
# Common Steps for BIND 9.x.x --------------------------------------------
#
# 2. Set appropriate ownership and permissions on the ${DNS_KEYTAB} file.
# Note that the most distributions have BIND configured to run under a
# non-root user account. For example, Fedora 9 runs BIND as the user
# "named" once the daemon relinquishes its rights. Therefore, the file
# ${DNS_KEYTAB} must be readable by the user that BIND run as. If BIND
# is running as a non-root user, the "${DNS_KEYTAB}" file must have its
# permissions altered to allow the daemon to read it. Under Fedora 9,
# execute the following commands:
chgrp named ${DNS_KEYTAB_ABS}
chmod g+r ${DNS_KEYTAB_ABS}
# 3. Ensure the BIND zone file(s) that will be dynamically updated are in
# a directory where the BIND daemon can write. When BIND performs
# dynamic updates, it not only needs to update the zone file itself but
# it must also create a journal (.jnl) file to track the dynamic updates
# as they occur. Under Fedora 9, the /var/named directory can not be
# written to by the "named" user. However, the directory /var/named/dynamic
# directory does provide write access. Therefore the zone files were
# placed under the /var/named/dynamic directory. The file directives in
# both example zone statements at the beginning of this file were changed
# by prepending the directory "dynamic/".
# 4. If SELinux is enabled, ensure that all files have the appropriate
# SELinux file contexts. The ${DNS_KEYTAB} file must be accessible by the
# BIND daemon and should have a SELinux type of named_conf_t. This can be
# set with the following command:
chcon -t named_conf_t ${DNS_KEYTAB_ABS}