summaryrefslogtreecommitdiffstats
path: root/source4/setup/named.conf
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source4/setup/named.conf39
-rw-r--r--source4/setup/named.conf.dlz37
-rw-r--r--source4/setup/named.conf.update4
3 files changed, 80 insertions, 0 deletions
diff --git a/source4/setup/named.conf b/source4/setup/named.conf
new file mode 100644
index 0000000..a36f781
--- /dev/null
+++ b/source4/setup/named.conf
@@ -0,0 +1,39 @@
+# This file should be included in your main BIND configuration file
+#
+# For example with
+# include "${NAMED_CONF}";
+
+zone "${DNSDOMAIN}." IN {
+ type master;
+ file "${ZONE_FILE}";
+ /*
+ * the list of principals and what they can change is created
+ * dynamically by Samba, based on the membership of the domain controllers
+ * group. The provision just creates this file as an empty file.
+ */
+ include "${NAMED_CONF_UPDATE}";
+
+ /* we need to use check-names ignore so _msdcs A records can be created */
+ check-names ignore;
+};
+
+# The reverse zone configuration is optional. The following example assumes a
+# subnet of 192.168.123.0/24:
+
+/*
+zone "123.168.192.in-addr.arpa" in {
+ type master;
+ file "123.168.192.in-addr.arpa.zone";
+ update-policy {
+ grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;
+ };
+};
+*/
+
+# Note that the reverse zone file is not created during the provision process.
+
+# The most recent BIND versions (9.8 or later) support secure GSS-TSIG
+# updates. If you are running an earlier version of BIND, or if you do not wish
+# to use secure GSS-TSIG updates, you may remove the update-policy sections in
+# both examples above.
+
diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
new file mode 100644
index 0000000..cbe7d80
--- /dev/null
+++ b/source4/setup/named.conf.dlz
@@ -0,0 +1,37 @@
+# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
+#
+# This file should be included in your main BIND configuration file
+#
+# For example with
+# include "${NAMED_CONF}";
+
+#
+# This configures dynamically loadable zones (DLZ) from AD schema
+# Uncomment only single database line, depending on your BIND version
+#
+dlz "AD DNS Zone" {
+ # For BIND 9.8.x
+ ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
+
+ # For BIND 9.9.x
+ ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
+
+ # For BIND 9.10.x
+ ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
+
+ # For BIND 9.11.x
+ ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
+
+ # For BIND 9.12.x
+ ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
+
+ # For BIND 9.14.x
+ ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
+
+ # For BIND 9.16.x
+ ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
+ #
+ # For BIND 9.18.x
+ ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
+};
+
diff --git a/source4/setup/named.conf.update b/source4/setup/named.conf.update
new file mode 100644
index 0000000..13cb29e
--- /dev/null
+++ b/source4/setup/named.conf.update
@@ -0,0 +1,4 @@
+/*
+ this file will be automatically replaced with the correct
+ 'grant' rules by samba at runtime
+*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-25 02:55:35 +0000