mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
f52a15b808
/etc/named.conf is now owned by IPA. The file is overwritten on installation and all subsequent updates. All user modification will be lost. Config file creation and update use the same code paths. This simplifies upgrade process a lot. There is no errprone fiddling with config settings any more. During upgrade there is a one-time backup of named.conf to named.conf.ipa-backup. It allows users to salvage their customization and move them to one of two user config files which are included by named.conf. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
61 lines
1.5 KiB
Plaintext
61 lines
1.5 KiB
Plaintext
/* WARNING: This config file is managed by IPA.
|
|
*
|
|
* DO NOT MODIFY! Any modification will be overwritten by upgrades.
|
|
*
|
|
*
|
|
* - $NAMED_CUSTOM_OPTIONS_CONF (for options)
|
|
* - $NAMED_CUSTOM_CONF (all other settings)
|
|
*/
|
|
|
|
options {
|
|
// Put files that named is allowed to write in the data/ directory:
|
|
directory "$NAMED_VAR_DIR"; // the default
|
|
dump-file "${NAMED_DATA_DIR}cache_dump.db";
|
|
statistics-file "${NAMED_DATA_DIR}named_stats.txt";
|
|
memstatistics-file "${NAMED_DATA_DIR}named_mem_stats.txt";
|
|
|
|
tkey-gssapi-keytab "$NAMED_KEYTAB";
|
|
|
|
pid-file "$NAMED_PID";
|
|
|
|
managed-keys-directory "$MANAGED_KEYS_DIR";
|
|
|
|
/* user customizations of options */
|
|
include "$NAMED_CUSTOM_OPTIONS_CONF";
|
|
|
|
/* crypto policy snippet on platforms with system-wide policy. */
|
|
$INCLUDE_CRYPTO_POLICY
|
|
};
|
|
|
|
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
|
* By default, SELinux policy does not allow named to modify the /var/named directory,
|
|
* so put the default debug log file in data/ :
|
|
*/
|
|
logging {
|
|
channel default_debug {
|
|
file "${NAMED_DATA_DIR}named.run";
|
|
severity dynamic;
|
|
print-time yes;
|
|
};
|
|
};
|
|
|
|
${NAMED_ZONE_COMMENT}zone "." IN {
|
|
${NAMED_ZONE_COMMENT} type hint;
|
|
${NAMED_ZONE_COMMENT} file "named.ca";
|
|
${NAMED_ZONE_COMMENT}};
|
|
|
|
include "$RFC1912_ZONES";
|
|
include "$ROOT_KEY";
|
|
|
|
/* user customization */
|
|
include "$NAMED_CUSTOM_CONF";
|
|
|
|
dyndb "ipa" "$BIND_LDAP_SO" {
|
|
uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
|
|
base "cn=dns,$SUFFIX";
|
|
server_id "$FQDN";
|
|
auth_method "sasl";
|
|
sasl_mech "GSSAPI";
|
|
sasl_user "DNS/$FQDN";
|
|
};
|