diff options
Diffstat (limited to '')
-rw-r--r-- | source4/setup/named.conf | 39 | ||||
-rw-r--r-- | source4/setup/named.conf.dlz | 37 | ||||
-rw-r--r-- | source4/setup/named.conf.update | 4 |
3 files changed, 80 insertions, 0 deletions
diff --git a/source4/setup/named.conf b/source4/setup/named.conf new file mode 100644 index 0000000..a36f781 --- /dev/null +++ b/source4/setup/named.conf @@ -0,0 +1,39 @@ +# This file should be included in your main BIND configuration file +# +# For example with +# include "${NAMED_CONF}"; + +zone "${DNSDOMAIN}." IN { + type master; + file "${ZONE_FILE}"; + /* + * the list of principals and what they can change is created + * dynamically by Samba, based on the membership of the domain controllers + * group. The provision just creates this file as an empty file. + */ + include "${NAMED_CONF_UPDATE}"; + + /* we need to use check-names ignore so _msdcs A records can be created */ + check-names ignore; +}; + +# The reverse zone configuration is optional. The following example assumes a +# subnet of 192.168.123.0/24: + +/* +zone "123.168.192.in-addr.arpa" in { + type master; + file "123.168.192.in-addr.arpa.zone"; + update-policy { + grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR; + }; +}; +*/ + +# Note that the reverse zone file is not created during the provision process. + +# The most recent BIND versions (9.8 or later) support secure GSS-TSIG +# updates. If you are running an earlier version of BIND, or if you do not wish +# to use secure GSS-TSIG updates, you may remove the update-policy sections in +# both examples above. + diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz new file mode 100644 index 0000000..cbe7d80 --- /dev/null +++ b/source4/setup/named.conf.dlz @@ -0,0 +1,37 @@ +# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. +# +# This file should be included in your main BIND configuration file +# +# For example with +# include "${NAMED_CONF}"; + +# +# This configures dynamically loadable zones (DLZ) from AD schema +# Uncomment only single database line, depending on your BIND version +# +dlz "AD DNS Zone" { + # For BIND 9.8.x + ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so"; + + # For BIND 9.9.x + ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; + + # For BIND 9.10.x + ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so"; + + # For BIND 9.11.x + ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so"; + + # For BIND 9.12.x + ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so"; + + # For BIND 9.14.x + ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so"; + + # For BIND 9.16.x + ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; + # + # For BIND 9.18.x + ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so"; +}; + diff --git a/source4/setup/named.conf.update b/source4/setup/named.conf.update new file mode 100644 index 0000000..13cb29e --- /dev/null +++ b/source4/setup/named.conf.update @@ -0,0 +1,4 @@ +/* + this file will be automatically replaced with the correct + 'grant' rules by samba at runtime +*/ |