[CentOS] CentOS 6 as DNS-Server

Walter H. Walter.H at mathemainzel.info
Tue May 10 20:03:28 UTC 2016


On 10.05.2016 21:36, Александр Кириллов wrote:
>>> I'm also using ddns and have my zone files in 
>>> /var/named/chroot/var/named/dynamic.
>> are you using DDNS in DualStack (IPv4 and IPv6 together) or do you
>> have only DHCP or DHCPv6 and not both?
>
> IPv4 only.
>
if a host has IPv4 only or IPv6 only this works fine, but when a host 
has both - DualStack
somethimes it works sometimes only one - can be IPv4 or can be IPv6 works;
and in /var/log/messages  I get something like

May 10 18:51:30 dnssrvr named[2526]: client 192.168.1.2#38618: view 
wkst: updating zone 'ddns.local/IN': update unsuccessful: 
WIN7HOST.ddns.local: 'name not in use' prerequisite not satisfied (YXDOMAIN)

for several times;
>>        By default, SELinux prevents any role from modifying named_zone_t
>>        files; this means that files in the zone database directory 
>> cannot be
>>        modified by dynamic DNS (DDNS) updates or zone transfers.
>>
>>        The Red Hat BIND distribution and SELinux policy creates three
>>        directories where named is allowed to create and modify files:
>>        /var/named/slaves, /var/named/dynamic /var/named/data. By 
>> placing files
>>        you want named to modify, such as slave or DDNS updateable 
>> zone files
>>        and database / statistics dump files in these directories, 
>> named will
>>        work normally and no further operator action is required. 
>> Files in
>>        these directories are automatically assigned the 
>> ’named_cache_t’ file
>>        context, which SELinux allows named to write."
>
> That's probably why I have updateable zone files in chrooted 
> /var/named/dynamic.
> Default targeted policy comes with necessary rules for chrooted bind. See
>
> # semanage fcontext -l | grep named_
>
I have them in /var/named/dynamic




More information about the CentOS mailing list