Imported Upstream version 4.8.10
This commit is contained in:
Mario Fetka
@@ -1,23 +1,30 @@
|
||||
/* WARNING: This config file is managed by IPA.
|
||||
*
|
||||
* DO NOT MODIFY! Any modification will be overwritten by upgrades.
|
||||
*
|
||||
*
|
||||
* - $NAMED_CUSTOM_OPTIONS_CONF (for options)
|
||||
* - $NAMED_CUSTOM_CONF (all other settings)
|
||||
*/
|
||||
|
||||
options {
|
||||
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
|
||||
listen-on-v6 {any;};
|
||||
|
||||
// Put files that named is allowed to write in the data/ directory:
|
||||
directory "/var/named"; // the default
|
||||
dump-file "data/cache_dump.db";
|
||||
statistics-file "data/named_stats.txt";
|
||||
memstatistics-file "data/named_mem_stats.txt";
|
||||
directory "$NAMED_VAR_DIR"; // the default
|
||||
dump-file "${NAMED_DATA_DIR}cache_dump.db";
|
||||
statistics-file "${NAMED_DATA_DIR}named_stats.txt";
|
||||
memstatistics-file "${NAMED_DATA_DIR}named_mem_stats.txt";
|
||||
|
||||
forward first;
|
||||
forwarders {$FORWARDERS};
|
||||
tkey-gssapi-keytab "$NAMED_KEYTAB";
|
||||
|
||||
// Any host is permitted to issue recursive queries
|
||||
allow-recursion { any; };
|
||||
pid-file "$NAMED_PID";
|
||||
|
||||
tkey-gssapi-keytab "/etc/named.keytab";
|
||||
pid-file "/run/named/named.pid";
|
||||
managed-keys-directory "$MANAGED_KEYS_DIR";
|
||||
|
||||
dnssec-enable yes;
|
||||
/* user customizations of options */
|
||||
include "$NAMED_CUSTOM_OPTIONS_CONF";
|
||||
|
||||
/* crypto policy snippet on platforms with system-wide policy. */
|
||||
$INCLUDE_CRYPTO_POLICY
|
||||
};
|
||||
|
||||
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
||||
@@ -26,26 +33,28 @@ options {
|
||||
*/
|
||||
logging {
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
file "${NAMED_DATA_DIR}named.run";
|
||||
severity dynamic;
|
||||
print-time yes;
|
||||
};
|
||||
};
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "named.ca";
|
||||
};
|
||||
${NAMED_ZONE_COMMENT}zone "." IN {
|
||||
${NAMED_ZONE_COMMENT} type hint;
|
||||
${NAMED_ZONE_COMMENT} file "named.ca";
|
||||
${NAMED_ZONE_COMMENT}};
|
||||
|
||||
include "/etc/named.rfc1912.zones";
|
||||
include "$RFC1912_ZONES";
|
||||
include "$ROOT_KEY";
|
||||
|
||||
dynamic-db "ipa" {
|
||||
library "ldap.so";
|
||||
arg "uri ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
|
||||
arg "base cn=dns, $SUFFIX";
|
||||
arg "fake_mname $FQDN.";
|
||||
arg "auth_method sasl";
|
||||
arg "sasl_mech GSSAPI";
|
||||
arg "sasl_user DNS/$FQDN";
|
||||
arg "serial_autoincrement yes";
|
||||
/* user customization */
|
||||
include "$NAMED_CUSTOM_CONF";
|
||||
|
||||
dyndb "ipa" "$BIND_LDAP_SO" {
|
||||
uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
|
||||
base "cn=dns,$SUFFIX";
|
||||
server_id "$FQDN";
|
||||
auth_method "sasl";
|
||||
sasl_mech "GSSAPI";
|
||||
sasl_user "DNS/$FQDN";
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user