[CentOS] CentOS 6 as DNS-Server
nevis2us at infoline.su
Tue May 10 19:36:42 UTC 2016
>> I'm also using ddns and have my zone files in
> are you using DDNS in DualStack (IPv4 and IPv6 together) or do you
> have only DHCP or DHCPv6 and not both?
> By default, SELinux prevents any role from modifying
> files; this means that files in the zone database directory
> cannot be
> modified by dynamic DNS (DDNS) updates or zone transfers.
> The Red Hat BIND distribution and SELinux policy creates three
> directories where named is allowed to create and modify files:
> /var/named/slaves, /var/named/dynamic /var/named/data. By
> placing files
> you want named to modify, such as slave or DDNS updateable zone
> and database / statistics dump files in these directories, named
> work normally and no further operator action is required. Files
> these directories are automatically assigned the ’named_cache_t’
> context, which SELinux allows named to write."
That's probably why I have updateable zone files in chrooted
Default targeted policy comes with necessary rules for chrooted bind.
# semanage fcontext -l | grep named_
More information about the CentOS