summaryrefslogtreecommitdiff
path: root/source4/setup/named.conf
blob: 6e69f59d17b18812a05c456bee6633eba218b906 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# This file should be included in your main BIND configuration file
#
# For example with
# include "${NAMED_CONF}";

zone "${DNSDOMAIN}." IN {
	type master;
	file "${ZONE_FILE}";
	/*
	 * the list of principals and what they can change is created
	 * dynamically by Samba, based on the membership of the domain controllers
	 * group. The provision just creates this file as an empty file.
	 */
	include "${NAMED_CONF_UPDATE}";

	/* we need to use check-names ignore so _msdcs A records can be created */
	check-names ignore;
};

# The reverse zone configuration is optional.  The following example assumes a
# subnet of 192.168.123.0/24:

/*
zone "123.168.192.in-addr.arpa" in {
	type master;
	file "123.168.192.in-addr.arpa.zone";
	update-policy {
		grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;
	};
};
*/

# Note that the reverse zone file is not created during the provision process.

# The most recent BIND versions (9.7.2 or later) support secure GSS-TSIG
# updates.  If you are running an earlier version of BIND, or if you do not wish
# to use secure GSS-TSIG updates, you may remove the update-policy sections in
# both examples above.