I'm also using ddns and have my zone files in
/var/named/chroot/var/named/dynamic.
are you using DDNS in DualStack (IPv4 and IPv6 together) or do you
have only DHCP or DHCPv6 and not both?
IPv4 only.
By default, SELinux prevents any role from modifying
named_zone_t
files; this means that files in the zone database directory
cannot be
modified by dynamic DNS (DDNS) updates or zone transfers.
The Red Hat BIND distribution and SELinux policy creates three
directories where named is allowed to create and modify files:
/var/named/slaves, /var/named/dynamic /var/named/data. By
placing files
you want named to modify, such as slave or DDNS updateable zone
files
and database / statistics dump files in these directories, named
will
work normally and no further operator action is required. Files
in
these directories are automatically assigned the ’named_cache_t’
file
context, which SELinux allows named to write."
That's probably why I have updateable zone files in chrooted
/var/named/dynamic.
Default targeted policy comes with necessary rules for chrooted bind.
See
# semanage fcontext -l | grep named_
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
