Bind » History » Version 4
Ohad Levy, 12/23/2010 09:28 AM
| 1 | 1 | Ohad Levy | h1. Bind |
|---|---|---|---|
| 2 | |||
| 3 | 4 | Ohad Levy | Bind configuration manipulation is based on nsupdate, which means that in theory could also be used to manipulate other dns servers which support nsupdate (such as Microsoft DNS server). |
| 4 | 1 | Ohad Levy | |
| 5 | h3. Configuration |
||
| 6 | |||
| 7 | 4 | Ohad Levy | In order to communicate securely with your dns server, you would need a key which will be used by nsupdate and your named daemon using ddns-confgen or dnssec-keygen |
| 8 | 3 | Ohad Levy | |
| 9 | 4 | Ohad Levy | h4. example using ddns-confgen |
| 10 | 1 | Ohad Levy | |
| 11 | execute 'ddns-confgen -k foreman' - this should output something like the following: |
||
| 12 | <pre> |
||
| 13 | # To activate this key, place the following in named.conf, and |
||
| 14 | # in a separate keyfile on the system or systems from which nsupdate |
||
| 15 | # will be run: |
||
| 16 | key "foreman" { |
||
| 17 | algorithm hmac-sha256; |
||
| 18 | secret "8zOZzyhQ7LSEHXwAzLf9peDfpoeMlnJno+X0fCATehg="; |
||
| 19 | }; |
||
| 20 | |||
| 21 | # Then, in the "zone" statement for each zone you wish to dynamically |
||
| 22 | # update, place an "update-policy" statement granting update permission |
||
| 23 | # to this key. For example, the following statement grants this key |
||
| 24 | # permission to update any name within the zone: |
||
| 25 | update-policy { |
||
| 26 | grant foreman zonesub ANY; |
||
| 27 | }; |
||
| 28 | |||
| 29 | </pre> |
||
| 30 | |||
| 31 | You should create a new file (such as /etc/rndc.key or other) and store the key "foreman {...} in it. |
||
| 32 | in the proxy Settings file you should point to this file location - make sure that the proxy have read permissions to this file. |
||
| 33 | |||
| 34 | In your named file, you could add the update-policy statement or something like this [[named example file]] if you need more fine grained permissions. |