Bind » History » Version 2
Ohad Levy, 12/19/2010 05:45 AM
| 1 | 1 | Ohad Levy | h1. Bind |
|---|---|---|---|
| 2 | |||
| 3 | Bind configuration manipulation is based on nsupdate, which means that in theory could also be used to manipulate other dns servers which support nsupdate (such as MS). |
||
| 4 | |||
| 5 | h3. Configuration |
||
| 6 | |||
| 7 | In order to communicate securely with your dns server, you would need use a key can be used by nsupdate and your named daemon using ddns-confgen or dnssec-keygen |
||
| 8 | 2 | Ohad Levy | h4. example using ddns-confen |
| 9 | 1 | Ohad Levy | |
| 10 | execute 'ddns-confgen -k foreman' - this should output something like the following: |
||
| 11 | <pre> |
||
| 12 | # To activate this key, place the following in named.conf, and |
||
| 13 | # in a separate keyfile on the system or systems from which nsupdate |
||
| 14 | # will be run: |
||
| 15 | key "foreman" { |
||
| 16 | algorithm hmac-sha256; |
||
| 17 | secret "8zOZzyhQ7LSEHXwAzLf9peDfpoeMlnJno+X0fCATehg="; |
||
| 18 | }; |
||
| 19 | |||
| 20 | # Then, in the "zone" statement for each zone you wish to dynamically |
||
| 21 | # update, place an "update-policy" statement granting update permission |
||
| 22 | # to this key. For example, the following statement grants this key |
||
| 23 | # permission to update any name within the zone: |
||
| 24 | update-policy { |
||
| 25 | grant foreman zonesub ANY; |
||
| 26 | }; |
||
| 27 | |||
| 28 | </pre> |
||
| 29 | |||
| 30 | You should create a new file (such as /etc/rndc.key or other) and store the key "foreman {...} in it. |
||
| 31 | in the proxy Settings file you should point to this file location - make sure that the proxy have read permissions to this file. |
||
| 32 | |||
| 33 | In your named file, you could add the update-policy statement or something like this [[named example file]] if you need more fine grained permissions. |