2 # Insert these snippets into your named.conf or bind.conf to configure
6 # If you have a very recent BIND, supporting GSS-TSIG,
7 # insert this into options {} (otherwise omit, it is not required if we don't accept updates)
8 tkey-gssapi-credential "DNS/${DNSDOMAIN}";
9 tkey-domain "${REALM}";
11 # You should always include the actual zone configuration reference:
12 zone "${DNSDOMAIN}." IN {
14 file "${DNSDOMAIN}.zone";
16 /* use ANY only for Domain controllers for now */
17 /* for normal machines A AAAA PTR is probbaly all is needed */
18 grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY;
22 # Also, you need to change your init scripts to set this environment variable
23 # for named: KRB5_KTNAME so that it points to the keytab generated.
24 # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
25 # line to the /etc/sysconfig/named file:
26 # export KRB5_KTNAME=${DNS_KEYTAB_ABS}
28 # Please note that most distributions have BIND configured to run under
29 # a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as
30 # the user "named" once the daemon relinquishes its rights. Therefore,
31 # the file "${DNS_KEYTAB}" must be readable by the user that BIND run as.
32 # If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its
33 # permissions altered to allow the daemon to read it. In the FC6
34 # example, execute the commands:
36 # chgrp named ${DNS_KEYTAB_ABS}
37 # chmod g+r ${DNS_KEYTAB_ABS}