[CentOS] CentOS 6 as DNS-Server
Александр Кириллов
nevis2us at infoline.su
Tue May 10 19:36:42 UTC 2016
>> I'm also using ddns and have my zone files in
>> /var/named/chroot/var/named/dynamic.
> are you using DDNS in DualStack (IPv4 and IPv6 together) or do you
> have only DHCP or DHCPv6 and not both?
IPv4 only.
> By default, SELinux prevents any role from modifying
> named_zone_t
> files; this means that files in the zone database directory
> cannot be
> modified by dynamic DNS (DDNS) updates or zone transfers.
>
> The Red Hat BIND distribution and SELinux policy creates three
> directories where named is allowed to create and modify files:
> /var/named/slaves, /var/named/dynamic /var/named/data. By
> placing files
> you want named to modify, such as slave or DDNS updateable zone
> files
> and database / statistics dump files in these directories, named
> will
> work normally and no further operator action is required. Files
> in
> these directories are automatically assigned the ’named_cache_t’
> file
> context, which SELinux allows named to write."
That's probably why I have updateable zone files in chrooted
/var/named/dynamic.
Default targeted policy comes with necessary rules for chrooted bind.
See
# semanage fcontext -l | grep named_
More information about the CentOS
mailing list