mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
5de841f6f2
This version of BIND only ever caused pain when trying to do dynamic DNS. If users are using this version, simply treat it as a static server. Andrew Bartlett
46 lines
2.1 KiB
Plaintext
46 lines
2.1 KiB
Plaintext
# Additional informations for DNS setup using BIND
|
|
|
|
# If you are running a capable version of BIND and you wish to support
|
|
# secure GSS-TSIG updates, you must make the following configuration
|
|
# changes:
|
|
|
|
#
|
|
# Steps for BIND 9.8.x and 9.9.x -----------------------------------------
|
|
#
|
|
|
|
# 1. Insert following lines into the options {} section of your named.conf
|
|
# file:
|
|
tkey-gssapi-keytab "${DNS_KEYTAB_ABS}";
|
|
|
|
#
|
|
# Common Steps for BIND 9.x.x --------------------------------------------
|
|
#
|
|
|
|
# 2. Set appropriate ownership and permissions on the ${DNS_KEYTAB} file.
|
|
# Note that the most distributions have BIND configured to run under a
|
|
# non-root user account. For example, Fedora 9 runs BIND as the user
|
|
# "named" once the daemon relinquishes its rights. Therefore, the file
|
|
# ${DNS_KEYTAB} must be readable by the user that BIND run as. If BIND
|
|
# is running as a non-root user, the "${DNS_KEYTAB}" file must have its
|
|
# permissions altered to allow the daemon to read it. Under Fedora 9,
|
|
# execute the following commands:
|
|
chgrp named ${DNS_KEYTAB_ABS}
|
|
chmod g+r ${DNS_KEYTAB_ABS}
|
|
|
|
# 3. Ensure the BIND zone file(s) that will be dynamically updated are in
|
|
# a directory where the BIND daemon can write. When BIND performs
|
|
# dynamic updates, it not only needs to update the zone file itself but
|
|
# it must also create a journal (.jnl) file to track the dynamic updates
|
|
# as they occur. Under Fedora 9, the /var/named directory can not be
|
|
# written to by the "named" user. However, the directory /var/named/dynamic
|
|
# directory does provide write access. Therefore the zone files were
|
|
# placed under the /var/named/dynamic directory. The file directives in
|
|
# both example zone statements at the beginning of this file were changed
|
|
# by prepending the directory "dynamic/".
|
|
|
|
# 4. If SELinux is enabled, ensure that all files have the appropriate
|
|
# SELinux file contexts. The ${DNS_KEYTAB} file must be accessible by the
|
|
# BIND daemon and should have a SELinux type of named_conf_t. This can be
|
|
# set with the following command:
|
|
chcon -t named_conf_t ${DNS_KEYTAB_ABS}
|