Version 5 - History - Bind - Smart Proxy - Foreman

Bind » History » Version 5

Koaps Freeman, 03/26/2012 12:30 AM

-Ohad Levy
+h1. Bind
-Ohad Levy
+Bind configuration manipulation is based on nsupdate, which means that in theory could also be used to manipulate other dns servers which support nsupdate (such as Microsoft DNS server).
 Ohad Levy
 h3. Configuration
-Ohad Levy
+In order to communicate securely with your dns server, you would need a key which will be used by nsupdate and your named daemon using ddns-confgen or dnssec-keygen
 Ohad Levy
-Ohad Levy
+h4. example using ddns-confgen
 Ohad Levy
-Koaps Freeman
+execute 'ddns-confgen -k foreman -a hmac-md5' - this should output something like the following:
-Ohad Levy
+<pre>
 # To activate this key, place the following in named.conf, and
 # in a separate keyfile on the system or systems from which nsupdate
 # will be run:
 key "foreman" {
-Koaps Freeman
+        algorithm hmac-md5;
         secret "GGd1oNCxaKsh8HA84sP1Ug==";
-Ohad Levy
+};
 # Then, in the "zone" statement for each zone you wish to dynamically
 # update, place an "update-policy" statement granting update permission
 # to this key.  For example, the following statement grants this key
 # permission to update any name within the zone:
 update-policy {
-Koaps Freeman
+        grant foreman zonesub ANY;
-Ohad Levy
+};
-Koaps Freeman
+# After the keyfile has been placed, the following command will
 # execute nsupdate using this key:
 nsupdate -k <keyfile>
-Ohad Levy
+</pre>
 You should create a new file (such as /etc/rndc.key or other) and store the key "foreman {...} in it.
 in the proxy Settings file you should point to this file location - make sure that the proxy have read permissions to this file.
 In your named file, you could add the update-policy statement or something like this [[named example file]] if you need more fine grained permissions.

Project

General

Profile

Foreman » Smart Proxy

Bind » History » Version 5