On Fri, Feb 15, 2013 at 2:47 PM, Robert Moskowitz <rgm at htt-consult.com>wrote: > > On 02/15/2013 02:27 PM, Louis Lagendijk wrote: > > On Fri, 2013-02-15 at 11:44 -0500, Robert Moskowitz wrote: > >> I am setting up bind this time around (just rebuilt my test machine via > >> Kickstart) without chroot. > >> > >> I have a fair number of includes for named.conf; I have two views and > >> other odds and ends. My thoughts are to make a directory; /etc/named.d > >> to put all these includes into instead of 'dirtying' up /etc. This way > >> the only files I replace/add to /etc are named.conf and rndc.key (I > >> would like to work the latter around to also be in named.d, but this > >> impacts rndc itself). > >> > > There is an /etc/named directory included in the bind package, I assume > > that it is meant for this purpose... > > It is for your zone files, not necessarily for your named.conf > includes. Bind can write to this, and if your includes are there, in > theory, more zones could be added to your domain. > > The opposite. named.conf resides in /etc/ I don't use /etc/named/ ... it isn't present on my CentOS 5 Bind DNS server. /etc/named/ is present since CentOS 6 came out. Zones in /var/named - old [0], newer [1], newest [2] [0] http://centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html [1] http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-zone.html [2] https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-bind-zone.html > > I just changed my config to use that (with the chroot package) as it get > > bind mount from the standard startup script > > The lastest part of this thread is me getting 'current' and moving from > relying on chroot and following Redhat/NSA recommendation to just use > selinux protection. > Of course using a chroot will require the modification of paths in your config file, but the directory structure is similar. /var/named/chroot/var/named/ [2] > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 //