# # Insert these snippets into your named.conf or bind.conf to configure # the BIND nameserver. # #insert this into options {} tkey-gssapi-credential "DNS/${DNSDOMAIN}"; tkey-domain "${REALM}"; #the zone file zone "${DNSDOMAIN}." IN { type master; file "${DNSDOMAIN}.zone"; update-policy { /* use ANY only for Domain controllers for now */ /* for normal machines A AAAA PTR is probbaly all is needed */ grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY; }; }; # Also, you need to change your init scripts to set this environment variable # for named: KRB5_KTNAME so that it points to the keytab generated. # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following # line to the /etc/sysconfig/named file: # export KRB5_KTNAME=${DNS_KEYTAB} # # Please note that most distributions have BIND configured to run under # a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as # the user "named" once the daemon relinquishes its rights. Therefore, # the file "dns.keytab" must be readable by the user that BIND run as. # If BIND is running as a non-root user, the "dns.keytab" file must have its # permissions altered to allow thge daemon to read it. In the FC6 # example, execute the commands: # # chgrp named /usr/local/samba/private/dns.keytab # chmod g+r /usr/local/samba/private/dns.keytab