Bind » History » Revision 4
Revision 3 (Ohad Levy, 12/19/2010 05:45 AM) → Revision 4/5 (Ohad Levy, 12/23/2010 09:28 AM)
h1. Bind Bind configuration manipulation is based on nsupdate, which means that in theory could also be used to manipulate other dns servers which support nsupdate (such as Microsoft DNS server). MS). h3. Configuration In order to communicate securely with your dns server, you would need use a key which will can be used by nsupdate and your named daemon using ddns-confgen or dnssec-keygen h4. example using ddns-confgen ddns-confen execute 'ddns-confgen -k foreman' - this should output something like the following: <pre> # To activate this key, place the following in named.conf, and # in a separate keyfile on the system or systems from which nsupdate # will be run: key "foreman" { algorithm hmac-sha256; secret "8zOZzyhQ7LSEHXwAzLf9peDfpoeMlnJno+X0fCATehg="; }; # Then, in the "zone" statement for each zone you wish to dynamically # update, place an "update-policy" statement granting update permission # to this key. For example, the following statement grants this key # permission to update any name within the zone: update-policy { grant foreman zonesub ANY; }; </pre> You should create a new file (such as /etc/rndc.key or other) and store the key "foreman {...} in it. in the proxy Settings file you should point to this file location - make sure that the proxy have read permissions to this file. In your named file, you could add the update-policy statement or something like this [[named example file]] if you need more fine grained permissions.