Updating zone files

07-Jul-2017 13:51

The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var/named directory, the default location for master zone database files.SELinux policy overrules file access permissions - so even if all the files under /var/named have ownership named:named and mode rw-rw-r--, named will still not be able to write or create files except in the directories above, with SELinux in Enforcing mode.A zone file may be either a DNS master file, authoritatively describing a zone, or it may be used to list the contents of a DNS cache.The format of a zone file is defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). This means that if you have just added an entry in your zone file, you will then have between 0 and 20 minutes to wait before your addition is reflected in the zone. This time is necessary because we regenerate the entire zone each time, and it takes a while to replicate it on all the servers.To edit a zone, you need to be logged in under the zonefile' owner.The solution is to proceed by creating a copy of the zone and then following the instructions here to go through with the normal zonefile edit process.

updating zone files-16updating zone files-20

NSD, Power DNS) are using the zone files only as a starting point to compile them into database format, see also Microsoft DNS with Active Directory-database integration.These servers are responsible for processing or forwarding mail within the domain.A Domain Name System (DNS) zone file is a text file that describes a DNS zone.Red Hat Security Enhanced Linux (SELinux) policy security protections : Red Hat have adopted the National Security Agency's SELinux security policy (see and recommendations for security , which are more secure than running named in a chroot and make use of the bind-chroot environment unnecessary .By default, named is not allowed by the SELinux policy to write, create or delete any files EXCEPT in these directories: $ROOTDIR/var/named/slaves$ROOTDIR/var/named/data$ROOTDIR/var/tmp where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.

NSD, Power DNS) are using the zone files only as a starting point to compile them into database format, see also Microsoft DNS with Active Directory-database integration.

These servers are responsible for processing or forwarding mail within the domain.

A Domain Name System (DNS) zone file is a text file that describes a DNS zone.

Red Hat Security Enhanced Linux (SELinux) policy security protections : Red Hat have adopted the National Security Agency's SELinux security policy (see and recommendations for security , which are more secure than running named in a chroot and make use of the bind-chroot environment unnecessary .

By default, named is not allowed by the SELinux policy to write, create or delete any files EXCEPT in these directories: $ROOTDIR/var/named/slaves$ROOTDIR/var/named/data$ROOTDIR/var/tmp where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.

So, to allow named to update slave or DDNS zone files, it is best to locate them in $ROOTDIR/var/named/slaves, with zone statements such as: zone "" IN ; zone "" IN ; To allow named to create its cache dump and statistics files, for example, you could use options statements such as: options ; You can also tell SELinux to allow named to update any zone database files, by setting the SELinux tunable boolean parameter 'named_write_master_zones=1', using the system-config-securitylevel GUI, using the 'setsebool' command, or in /etc/selinux/targeted/booleans.