diff options
author | Martin Nagy <mnagy@redhat.com> | 2009-05-12 15:20:24 +0200 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2009-06-02 12:32:01 +0200 |
commit | 1bc786e379ed5575cf4dffaa23bf7d66f42e44d7 (patch) | |
tree | 88e2027f90907587f7138704776db8264441f966 /install/share | |
parent | 1893a802c78399c27c99523edcac4de0ab2a0ef0 (diff) | |
download | freeipa-1bc786e379ed5575cf4dffaa23bf7d66f42e44d7.tar.gz freeipa-1bc786e379ed5575cf4dffaa23bf7d66f42e44d7.tar.xz freeipa-1bc786e379ed5575cf4dffaa23bf7d66f42e44d7.zip |
Use LDAP instead of flat file for zone storage
Diffstat (limited to 'install/share')
-rw-r--r-- | install/share/Makefile.am | 1 | ||||
-rw-r--r-- | install/share/bind.named.conf.template | 15 | ||||
-rw-r--r-- | install/share/dns.ldif | 93 |
3 files changed, 99 insertions, 10 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 754da8ee2..511f8f3ab 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -13,6 +13,7 @@ app_DATA = \ caJarSigningCert.cfg.template \ default-aci.ldif \ default-keytypes.ldif \ + dns.ldif \ kerberos.ldif \ indices.ldif \ bind.named.conf.template \ diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template index c1d2817e0..a04fc1813 100644 --- a/install/share/bind.named.conf.template +++ b/install/share/bind.named.conf.template @@ -1,10 +1,4 @@ options { - /* make named use port 53 for the source of all queries, to allow - * firewalls to block all ports except 53: - */ - query-source port 53; - query-source-v6 port 53; - // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; @@ -34,8 +28,9 @@ zone "." IN { include "/etc/named.rfc1912.zones"; -zone "$DOMAIN" { - type master; - file "$DOMAIN.zone.db"; +dynamic-db "ipa" { + library "ldap.so"; + arg "uri ldap://$FQDN"; + arg "base cn=dns, $SUFFIX"; + arg "auth_method none"; }; - diff --git a/install/share/dns.ldif b/install/share/dns.ldif new file mode 100644 index 000000000..939f80dd2 --- /dev/null +++ b/install/share/dns.ldif @@ -0,0 +1,93 @@ +dn: cn=dns,$SUFFIX +changetype: add +objectClass: nsContainer +objectClass: top +cn: dns + +dn: idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: top +objectClass: idnsZone +objectClass: idnsRecord +idnsName: $DOMAIN +idnsZoneActive: True +idnsAllowDynUpdate: True +idnsUpdatePolicy: grant $REALM krb5-self * A; +idnsSOAmName: $HOST.$DOMAIN. +idnsSOArName: root.$HOST.$DOMAIN. +idnsSOAserial: 1 +idnsSOArefresh: 10800 +idnsSOAretry: 900 +idnsSOAexpire: 604800 +idnsSOAminimum: 86400 +NSRecord: $HOST + +dn: idnsName=$HOST,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: $HOST +ARecord: $IP + +dn: idnsName=_ldap._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _ldap._tcp +SRVRecord: 0 100 389 $HOST + +dn: idnsName=_kerberos,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kerberos +TXTRecord: $REALM + +dn: idnsName=_kerberos._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kerberos._tcp +SRVRecord: 0 100 88 $HOST + +dn: idnsName=_kerberos._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kerberos._udp +SRVRecord: 0 100 88 $HOST + +dn: idnsName=_kerberos-master._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kerberos-master._tcp +SRVRecord: 0 100 88 $HOST + +dn: idnsName=_kerberos-master._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kerberos-master._udp +SRVRecord: 0 100 88 $HOST + +dn: idnsName=_kpasswd._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kpasswd._tcp +SRVRecord: 0 100 464 $HOST + +dn: idnsName=_kpasswd._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _kpasswd._udp +SRVRecord: 0 100 464 $HOST + +dn: idnsName=_ntp._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: _ntp._udp +SRVRecord: 0 100 123 $HOST |