mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
e8a2abd548
Use the new API for bind 9.11. Removed deprecated "serial_autoincrement" and updated the rest of configuration to conform to the new format. This only fixes new IPA installations. For existing installations, named.conf will be transformed when the new version of bind-dyndb-ldap is installed. https://fedorahosted.org/freeipa/ticket/6565 Reviewed-By: Martin Basti <mbasti@redhat.com>
54 lines
1.2 KiB
Plaintext
54 lines
1.2 KiB
Plaintext
options {
|
|
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
|
|
listen-on-v6 {any;};
|
|
|
|
// Put files that named is allowed to write in the data/ directory:
|
|
directory "$NAMED_VAR_DIR"; // the default
|
|
dump-file "data/cache_dump.db";
|
|
statistics-file "data/named_stats.txt";
|
|
memstatistics-file "data/named_mem_stats.txt";
|
|
|
|
// Any host is permitted to issue recursive queries
|
|
allow-recursion { any; };
|
|
|
|
tkey-gssapi-keytab "$NAMED_KEYTAB";
|
|
pid-file "$NAMED_PID";
|
|
|
|
dnssec-enable yes;
|
|
dnssec-validation yes;
|
|
|
|
/* Path to ISC DLV key */
|
|
bindkeys-file "$BINDKEYS_FILE";
|
|
|
|
managed-keys-directory "$MANAGED_KEYS_DIR";
|
|
};
|
|
|
|
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
|
* By default, SELinux policy does not allow named to modify the /var/named directory,
|
|
* so put the default debug log file in data/ :
|
|
*/
|
|
logging {
|
|
channel default_debug {
|
|
file "data/named.run";
|
|
severity dynamic;
|
|
print-time yes;
|
|
};
|
|
};
|
|
|
|
zone "." IN {
|
|
type hint;
|
|
file "named.ca";
|
|
};
|
|
|
|
include "$RFC1912_ZONES";
|
|
include "$ROOT_KEY";
|
|
|
|
dyndb "ipa" "$BIND_LDAP_SO" {
|
|
uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
|
|
base "cn=dns, $SUFFIX";
|
|
server_id "$FQDN";
|
|
auth_method "sasl";
|
|
sasl_mech "GSSAPI";
|
|
sasl_user "DNS/$FQDN";
|
|
};
|