[CentOS] Setting up bind - location for includes

Mon Feb 18 18:59:51 UTC 2013
Robert Moskowitz <rgm at htt-consult.com>

Yes.  I had things a bit wrong here.

On 02/18/2013 12:46 PM, SilverTip257 wrote:
> On Fri, Feb 15, 2013 at 2:47 PM, Robert Moskowitz <rgm at htt-consult.com>wrote:
>
>> On 02/15/2013 02:27 PM, Louis Lagendijk wrote:
>>> On Fri, 2013-02-15 at 11:44 -0500, Robert Moskowitz wrote:
>>>> I am setting up bind this time around (just rebuilt my test machine via
>>>> Kickstart) without chroot.
>>>>
>>>> I have a fair number of includes for named.conf; I have two views and
>>>> other odds and ends.  My thoughts are to make a directory; /etc/named.d
>>>> to put all these includes into instead of 'dirtying' up /etc.  This way
>>>> the only files I replace/add to /etc are named.conf and rndc.key (I
>>>> would like to work the latter around to also be in named.d, but this
>>>> impacts rndc itself).
>>>>
>>> There is an /etc/named directory included in the bind package, I assume
>>> that it is meant for this purpose...
>> It is for your zone files, not necessarily for your named.conf
>> includes.  Bind can write to this, and if your includes are there, in
>> theory, more zones could be added to your domain.
>>
>>
> The opposite.
>
> named.conf resides in /etc/
> I don't use /etc/named/ ... it isn't present on my CentOS 5 Bind DNS
> server.  /etc/named/ is present since CentOS 6 came out.
> Zones in /var/named - old [0], newer [1], newest [2]

I  put my zone files into /var/named with it having a subdir for slaves.

I am reshaping my conf includes to go into /etc/named, rather than what 
I created /etc/name.d

There is significant lack of consistancy as to where things are kept 
under /etc

It seems there should be a better way so you don't have to change 
/etc/named.conf, but add files as needed to /etc/named but how is beyond me.

This system is also my internal ntp server, and my notes from what I set 
up 3 years ago are too thin, plus now I have IPv6 to support. 
/etc/ntp.conf takes a lot of customization.  This is definitely a week 
to pretend to be a wizard and stay up late.  Or maybe that is my 
problem; staying up too late last week!  (Us 60+ yearold guys need our 
sleep!)

>
> [0] http://centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html
> [1]
> http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-zone.html
> [2]
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-bind-zone.html
>
>
>
>>> I just changed my config to use that (with the chroot package) as it get
>>> bind mount from the standard startup script
>> The lastest part of this thread is me getting 'current' and moving from
>> relying on chroot and following Redhat/NSA recommendation to just use
>> selinux protection.
>>
> Of course using a chroot will require the modification of paths in your
> config file, but the directory structure is similar.
> /var/named/chroot/var/named/ [2]
>

I have dropped chroot; I am going to 'trust' selinux as better than 
chroot.  Definitely stands the chance of being less complex.