blob: 2513632a476922754ef3b39b49acd4b3e8a51b3f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
#
# Insert these snippets into your named.conf or bind.conf to configure
# the BIND nameserver.
#
#insert this into options {}
tkey-gssapi-credential "DNS/${DNSDOMAIN}"
tkey-domain "${REALM}";
#the zone file
zone "${DNSDOMAIN}." IN {
type master;
file "${DNSDOMAIN}.zone";
update-policy {
/* use ANY only for Domain controllers for now */
/* for normal machines A AAAA PTR is probbaly all is needed */
grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY;
};
};
# Also, you need to change your init scripts to set this environment variable
# for named: KRB_KTNAME so that it points to the keytab generated.
# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
# line to the /etc/sysconfig/named file
# export KRB_KTNAME=/etc/named.keytab
# *TODO*: generate and install a keytab file in /etc/named.keytab
|
