config multi zone problem

Tim ignored_mailbox at yahoo.com.au
Tue Oct 19 19:03:02 UTC 2010


On Tue, 2010-10-19 at 23:28 +0800, Edward S.P. Leong wrote:
> Is there any solution for manage multi domain zone file ?

Your example isn't clear what's multi-domain about a zone file.  You
don't appear to be using one zone file for multiple domains, more like
multiple configuration files, one for each domain (which does look
perfectly feasible, to me).

What are you actually trying to do?  (Rather than how are you trying to
do it.)

> For example (original):
> 
> /etc/named.conf :
> 
> zone "abc.com" {
> type master;
> file "abc.com.db";
> };

...[snip]...  The usual fare, a conf file listing several different
files for the records for different domains.  One domain per file.
Looks fine.

> Now, can it to be :
> 
> /etc/named.conf :
> 
> include /home/dnaadmin/*.conf
> 
> /home/dnaadmin/abc_com.conf :
> zone "abc.com" {
> type master;
> file "abc.com.db";
> };

...[snip]...  More of the above, with each record having separate .conf
files, as well.  Also looks do-able, but...

I see problems, here.  You're, most likely, going to have SELinux issues
for trying to put things in /home.  There are various sub-directories
inside /var/named for putting multiple files.  The right (expected) ones
should be used.

However, once you've sorted out where to put all these files, or killed
off SELinux (which I advise against).  The "file" parameter of the
record points to the full file path of where the record will be (from
the DNS server's point of view of where / begins - it's chrooted,
usually).  Without a path, they're expected in the DNS server's root, as
the direction option in named.conf specifies; and with a path, in a
sub-directory.

Traditionally, you had:
  /etc/named.conf
  /var/named/   (zone record files went in here)

The chrooted BIND puts them all inside:
  /var/named/chroot/  (the / for BIND)

So, its:
  /etc/named.conf is in       /var/named/chroot/etc/named.conf
  /var/named/zonefiles are in /var/named/chroot/zonefiles

And you have some "data" and "slaves" sub-directories inside named/ that
can hold records, too (zone files).

For what it's worth, chrooting isn't necessary with a personal computer,
where nobody else is going to be able to get in and change things, but
is a good idea when others have access.  Whether you chroot will depend
on whether you're playing or doing...

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.





More information about the users mailing list