mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
f5964b7157
``dnssec-enable`` is obsolete in 9.16 and raises a warning. The option defaults to ``yes`` in all supported versions of bind. The option is removed when set to ``yes`` and a warning is emitted when the value is ``no``. DNSSEC lookaside validation has been deprecated by RFC 8749 and the feature removed from Bind 9.16. The only available lookaside provider dlv.isc.org no longer provides DLV information since 2017. Fixes: https://pagure.io/freeipa/issue/8349 Fixes: https://pagure.io/freeipa/issue/8350 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
65 lines
1.8 KiB
Plaintext
65 lines
1.8 KiB
Plaintext
options {
|
|
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
|
|
listen-on-v6 {any;};
|
|
|
|
// Put files that named is allowed to write in the data/ directory:
|
|
directory "$NAMED_VAR_DIR"; // the default
|
|
dump-file "${NAMED_DATA_DIR}cache_dump.db";
|
|
statistics-file "${NAMED_DATA_DIR}named_stats.txt";
|
|
memstatistics-file "${NAMED_DATA_DIR}named_mem_stats.txt";
|
|
|
|
// If not explicitly set, the ACLs for "allow-query-cache" and
|
|
// "allow-recursion" are set to "localnets; localhost;".
|
|
// If either "allow-query-cache" or "allow-recursion" is set,
|
|
// the other would be set the same value.
|
|
// Please refer to $CUSTOM_CONFIG
|
|
// for more informations
|
|
|
|
tkey-gssapi-keytab "$NAMED_KEYTAB";
|
|
pid-file "$NAMED_PID";
|
|
|
|
/* dnssec is enabled by default */
|
|
dnssec-validation yes;
|
|
|
|
managed-keys-directory "$MANAGED_KEYS_DIR";
|
|
|
|
/* crypto policy snippet on platforms with system-wide policy. */
|
|
$INCLUDE_CRYPTO_POLICY
|
|
};
|
|
|
|
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
|
* By default, SELinux policy does not allow named to modify the /var/named directory,
|
|
* so put the default debug log file in data/ :
|
|
*/
|
|
logging {
|
|
channel default_debug {
|
|
file "${NAMED_DATA_DIR}named.run";
|
|
severity dynamic;
|
|
print-time yes;
|
|
};
|
|
};
|
|
|
|
${NAMED_ZONE_COMMENT}zone "." IN {
|
|
${NAMED_ZONE_COMMENT} type hint;
|
|
${NAMED_ZONE_COMMENT} file "named.ca";
|
|
${NAMED_ZONE_COMMENT}};
|
|
|
|
include "$RFC1912_ZONES";
|
|
include "$ROOT_KEY";
|
|
|
|
/* custom configuration snippet */
|
|
include "$CUSTOM_CONFIG";
|
|
|
|
/* WARNING: This part of the config file is IPA-managed.
|
|
* Modifications may break IPA setup or upgrades.
|
|
*/
|
|
dyndb "ipa" "$BIND_LDAP_SO" {
|
|
uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
|
|
base "cn=dns, $SUFFIX";
|
|
server_id "$FQDN";
|
|
auth_method "sasl";
|
|
sasl_mech "GSSAPI";
|
|
sasl_user "DNS/$FQDN";
|
|
};
|
|
/* End of IPA-managed part. */
|