diff options
Diffstat (limited to 'source4/selftest/provisions/release-4-1-0rc3/private/named.txt')
| -rw-r--r-- | source4/selftest/provisions/release-4-1-0rc3/private/named.txt | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/source4/selftest/provisions/release-4-1-0rc3/private/named.txt b/source4/selftest/provisions/release-4-1-0rc3/private/named.txt new file mode 100644 index 0000000000..ac971595cf --- /dev/null +++ b/source4/selftest/provisions/release-4-1-0rc3/private/named.txt @@ -0,0 +1,45 @@ +# Additional informations for DNS setup using BIND + +# If you are running a capable version of BIND and you wish to support +# secure GSS-TSIG updates, you must make the following configuration +# changes: + +# +# Steps for BIND 9.8.x and 9.9.x ----------------------------------------- +# + +# 1. Insert following lines into the options {} section of your named.conf +# file: +tkey-gssapi-keytab "/data/samba/git/samba/st/promoted_dc/private/dns.keytab"; + +# +# Common Steps for BIND 9.x.x -------------------------------------------- +# + +# 2. Set appropriate ownership and permissions on the dns.keytab file. +# Note that the most distributions have BIND configured to run under a +# non-root user account. For example, Fedora 9 runs BIND as the user +# "named" once the daemon relinquishes its rights. Therefore, the file +# dns.keytab must be readable by the user that BIND run as. If BIND +# is running as a non-root user, the "dns.keytab" file must have its +# permissions altered to allow the daemon to read it. Under Fedora 9, +# execute the following commands: +chgrp named /data/samba/git/samba/st/promoted_dc/private/dns.keytab +chmod g+r /data/samba/git/samba/st/promoted_dc/private/dns.keytab + +# 3. Ensure the BIND zone file(s) that will be dynamically updated are in +# a directory where the BIND daemon can write. When BIND performs +# dynamic updates, it not only needs to update the zone file itself but +# it must also create a journal (.jnl) file to track the dynamic updates +# as they occur. Under Fedora 9, the /var/named directory can not be +# written to by the "named" user. However, the directory /var/named/dynamic +# directory does provide write access. Therefore the zone files were +# placed under the /var/named/dynamic directory. The file directives in +# both example zone statements at the beginning of this file were changed +# by prepending the directory "dynamic/". + +# 4. If SELinux is enabled, ensure that all files have the appropriate +# SELinux file contexts. The dns.keytab file must be accessible by the +# BIND daemon and should have a SELinux type of named_conf_t. This can be +# set with the following command: +chcon -t named_conf_t /data/samba/git/samba/st/promoted_dc/private/dns.keytab |