freeipa/install/share/bind.named.conf.template
Christian Heimes f52a15b808 Overhaul bind upgrade process
/etc/named.conf is now owned by IPA. The file is overwritten on
installation and all subsequent updates. All user modification will be
lost. Config file creation and update use the same code paths.

This simplifies upgrade process a lot. There is no errprone fiddling
with config settings any more.

During upgrade there is a one-time backup of named.conf to
named.conf.ipa-backup. It allows users to salvage their customization
and move them to one of two user config files which are included by
named.conf.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-06-10 16:07:07 +02:00

61 lines
1.5 KiB
Plaintext

/* WARNING: This config file is managed by IPA.
*
* DO NOT MODIFY! Any modification will be overwritten by upgrades.
*
*
* - $NAMED_CUSTOM_OPTIONS_CONF (for options)
* - $NAMED_CUSTOM_CONF (all other settings)
*/
options {
// Put files that named is allowed to write in the data/ directory:
directory "$NAMED_VAR_DIR"; // the default
dump-file "${NAMED_DATA_DIR}cache_dump.db";
statistics-file "${NAMED_DATA_DIR}named_stats.txt";
memstatistics-file "${NAMED_DATA_DIR}named_mem_stats.txt";
tkey-gssapi-keytab "$NAMED_KEYTAB";
pid-file "$NAMED_PID";
managed-keys-directory "$MANAGED_KEYS_DIR";
/* user customizations of options */
include "$NAMED_CUSTOM_OPTIONS_CONF";
/* crypto policy snippet on platforms with system-wide policy. */
$INCLUDE_CRYPTO_POLICY
};
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
logging {
channel default_debug {
file "${NAMED_DATA_DIR}named.run";
severity dynamic;
print-time yes;
};
};
${NAMED_ZONE_COMMENT}zone "." IN {
${NAMED_ZONE_COMMENT} type hint;
${NAMED_ZONE_COMMENT} file "named.ca";
${NAMED_ZONE_COMMENT}};
include "$RFC1912_ZONES";
include "$ROOT_KEY";
/* user customization */
include "$NAMED_CUSTOM_CONF";
dyndb "ipa" "$BIND_LDAP_SO" {
uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
base "cn=dns,$SUFFIX";
server_id "$FQDN";
auth_method "sasl";
sasl_mech "GSSAPI";
sasl_user "DNS/$FQDN";
};