Bind slave zone not updating


23-Jun-2017 20:00

It also manifests itself as named being unable to create custom log files.Red Hat Security Enhanced Linux (SELinux) policy security protections : Red Hat have adopted the National Security Agency's SELinux security policy (see and recommendations for security , which are more secure than running named in a chroot and make use of the bind-chroot environment unnecessary .'/var/log/named' for a log file, do: # chcon system_u:object_r:named_cache_t /var/log/named To create a custom zone file location, e.g./root/zones/, do: # chcon system_u:object_r:named_zone_t /root/zones/ See these man-pages for more information : selinux(8), named_selinux(8), chcon(1), setsebool(8) For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted).

Diagram 1 DNS Master Master status is defined in BIND by including 'type master' in the zone declaration section of the file as shown by the following fragment.

SELinux policy overrules file access permissions - so even if all the files under /var/named have ownership named:named and mode rw-rw-r--, named will still not be able to write or create files except in the directories above, with SELinux in Enforcing mode.

So, to allow named to update slave or DDNS zone files, it is best to locate them in $ROOTDIR/var/named/slaves, with zone statements such as: zone "" IN ; zone "" IN ; To allow named to create its cache dump and statistics files, for example, you could use options statements such as: options ; You can also tell SELinux to allow named to update any zone database files, by setting the SELinux tunable boolean parameter 'named_write_master_zones=1', using the system-config-securitylevel GUI, using the 'setsebool' command, or in /etc/selinux/targeted/booleans.

You can disable SELinux protection for named entirely by setting the 'named_disable_trans=1' SELinux tunable boolean parameter.

bind slave zone not updating-16

Kostenlos cam chat strawber

The SELinux named policy defines these SELinux contexts for named: named_zone_t : for zone database files - $ROOTDIR/var/named/*named_conf_t : for named configuration files - $ROOTDIR/etc/.*named_cache_t: for files modifiable by named - $ROOTDIR/var/ If you want to retain use of the SELinux policy for named, and put named files in different locations, you can do so by changing the context of the custom file locations .To create a custom configuration file location, e.g.'/root/named.conf', to use with the 'named -c' option, do: # chcon system_u:object_r:named_conf_t /root/To create a custom modifiable named data location, e.g.Many observers object to the concept of DNS types partly because of the schizophrenic behaviour of most DNS servers and partly to avoid confusion with the zone parameter 'type' which only allows master, slave, stub, forward, hint).



BIND is a widely used DNS Server. Ideally, DNS server consist of 2 machines that work together simultaneously, one act as master and the other one act as slave.… continue reading »


Read more