Favorite way of dealing with SeLinux and DDNS

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Sep 4 22:56:15 UTC 2006

Anthony Ewell wrote:

>     Anyone have a favorite way of dealing with
>SeLinux blocking your DDNS jnl updates?  I was
>pointed to this link
>       http://www.isc.org/sw/bind/FAQ.php
>by the bind mailing list (the last question
>deals with SeLinux), but am a bit overwhelmed
>by it.

It's not a DHCP issue, so I don't know why you got directed here.

The answer is in the FAQ you link to, the simplest method being to 
put your zone files in $ROOTDIR/var/named/slave, as per the example :

zone "ddns.zone." IN  {
	type master;
	allow-updates {...};
	file "slaves/ddns.zone.db";

As the FAQ explains, the security enhancements override the normal 
file permissions, so setting ownership and permissions in the normal 
way won't help.

If you really want to put your dynamic zones elsewhere then you'll 
need to do one of the other options suggested in the FAQ - either 
disable the security measure, or add a directory to the list of 
directories that Bind can update.

More information about the dhcp-users mailing list