On 10.05.2016 21:36, Александр Кириллов wrote:
I'm also using ddns and have my zone files in
/var/named/chroot/var/named/dynamic.
are you using DDNS in DualStack (IPv4 and IPv6 together) or do you
have only DHCP or DHCPv6 and not both?
IPv4 only.
if a host has IPv4 only or IPv6 only this works fine, but when a host
has both - DualStack
somethimes it works sometimes only one - can be IPv4 or can be IPv6 works;
and in /var/log/messages I get something like
May 10 18:51:30 dnssrvr named[2526]: client 192.168.1.2#38618: view
wkst: updating zone 'ddns.local/IN': update unsuccessful:
WIN7HOST.ddns.local: 'name not in use' prerequisite not satisfied (YXDOMAIN)
for several times;
By default, SELinux prevents any role from modifying named_zone_t
files; this means that files in the zone database directory
cannot be
modified by dynamic DNS (DDNS) updates or zone transfers.
The Red Hat BIND distribution and SELinux policy creates three
directories where named is allowed to create and modify files:
/var/named/slaves, /var/named/dynamic /var/named/data. By
placing files
you want named to modify, such as slave or DDNS updateable
zone files
and database / statistics dump files in these directories,
named will
work normally and no further operator action is required.
Files in
these directories are automatically assigned the
’named_cache_t’ file
context, which SELinux allows named to write."
That's probably why I have updateable zone files in chrooted
/var/named/dynamic.
Default targeted policy comes with necessary rules for chrooted bind. See
# semanage fcontext -l | grep named_
I have them in /var/named/dynamic
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
