The Samba-Bugzilla – Attachment 3386 Details for
Bug 4813
DNS: Simplify setup
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
A new named.txt
named.txt (text/plain), 2.49 KB, created by
Matthias Dieter Wallnöfer
on 2008-07-03 13:07:11 UTC
(
hide
)
Description:
A new named.txt
Filename:
MIME Type:
Creator:
Matthias Dieter Wallnöfer
Created:
2008-07-03 13:07:11 UTC
Size:
2.49 KB
patch
obsolete
># Additional informations for DNS setup using BIND > ># If you are running a capable version of BIND and you wish to support secure ># GSS-TSIG updates, you must make the following configuration changes: > ># - Insert the following lines into the options {} section of your named.conf ># file: >tkey-gssapi-credential "DNS/${DNSDOMAIN}"; >tkey-domain "${REALM}"; > ># - Modify BIND init scripts to pass the location of the generated keytab file. ># Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named ># for this purpose: >KEYTAB_FILE="${DNS_KEYTAB_ABS}" ># Note that the Fedora scripts translate KEYTAB_FILE behind the scenes into a ># variable named KRB5_KTNAME, which is ultimately passed to the BIND daemon. If ># your distribution does not provide a variable like KEYTAB_FILE to pass a ># keytab file to the BIND daemon, a workaround is to place the following line in ># BIND's sysconfig file or in the init script for BIND: >export KRB5_KTNAME="${DNS_KEYTAB_ABS}" > ># - Set appropriate ownership and permissions on the ${DNS_KEYTAB} file. Note ># that most distributions have BIND configured to run under a non-root user ># account. For example, Fedora 9 runs BIND as the user "named" once the daemon ># relinquishes its rights. Therefore, the file ${DNS_KEYTAB} must be readable ># by the user that BIND run as. If BIND is running as a non-root user, the ># "${DNS_KEYTAB}" file must have its permissions altered to allow the daemon to ># read it. Under Fedora 9, execute the following commands: >chgrp named ${DNS_KEYTAB_ABS} >chmod g+r ${DNS_KEYTAB_ABS} > ># - Ensure the BIND zone file(s) that will be dynamically updated are in a ># directory where the BIND daemon can write. When BIND performs dynamic ># updates, it not only needs to update the zone file itself but it must also ># create a journal (.jnl) file to track the dynamic updates as they occur. ># Under Fedora 9, the /var/named directory can not be written to by the "named" ># user. However, the directory /var/named/dynamic directory does provide write ># access. Therefore the zone files were placed under the /var/named/dynamic ># directory. The file directives in both example zone statements at the ># beginning of this file were changed by prepending the directory "dynamic/". > ># - If SELinux is enabled, ensure that all files have the appropriate SELinux ># file contexts. The ${DNS_KEYTAB} file must be accessible by the BIND daemon ># and should have a SELinux type of named_conf_t. This can be set with the ># following command: >chcon -t named_conf_t ${DNS_KEYTAB_ABS}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 4813
:
3384
|
3385
| 3386