acl test.org { 192.168.0.0/24; }; acl local { 127.0.0.0/8; }; # # Insert these snippets into your named.conf or bind.conf to configure # the BIND nameserver. # options { directory "/var/bind"; recursion true; forward first; forwarders { ; }; listen-on-v6 { none; }; listen-on { 127.0.0.1; 192.168.0.130; }; allow-query { local; test.org; }; pid-file "/var/run/named/named.pid"; # tkey-gssapi-credential "DNS/test.org"; # tkey-domain "TEST.ORG"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "pri/localhost.zone"; allow-update { none; }; notify no; }; zone "127.in-addr.arpa" IN { type master; file "pri/127.zone"; allow-update { none; }; notify no; }; # If you have a very recent BIND, supporting GSS-TSIG, # insert this into options {} (otherwise omit, it is not required if we don't accept updates) #tkey-gssapi-credential "DNS/test.org"; #tkey-domain "TEST.ORG"; # You should always include the actual zone configuration reference: zone "test.org" IN { type master; file "pri/test.org.zone"; update-policy { /* use ANY only for Domain controllers for now */ /* for normal machines A AAAA PTR is probbaly all is needed */ grant gentoolinux.test.org@TEST.ORG name gentoolinux.test.org ANY; }; }; # Also, you need to change your init scripts to set this environment variable # for named: KRB5_KTNAME so that it points to the keytab generated. # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following # line to the /etc/sysconfig/named file: # export KRB5_KTNAME=/usr/local/samba/private/dns.keytab # # Please note that most distributions have BIND configured to run under # a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as # the user "named" once the daemon relinquishes its rights. Therefore, # the file "dns.keytab" must be readable by the user that BIND run as. # If BIND is running as a non-root user, the "dns.keytab" file must have its # permissions altered to allow the daemon to read it. In the FC6 # example, execute the commands: # # chgrp named /usr/local/samba/private/dns.keytab # chmod g+r /usr/local/samba/private/dns.keytab