On 10.05.2016 21:36, ????????? ???????? wrote:>>> I'm also using ddns and have my zone files in
>>> /var/named/chroot/var/named/dynamic.
>> are you using DDNS in DualStack (IPv4 and IPv6 together) or do you
>> have only DHCP or DHCPv6 and not both?
>
> IPv4 only.
>
if a host has IPv4 only or IPv6 only this works fine, but when a host
has both - DualStack
somethimes it works sometimes only one - can be IPv4 or can be IPv6 works;
and in /var/log/messages I get something like
May 10 18:51:30 dnssrvr named[2526]: client 192.168.1.2#38618: view
wkst: updating zone 'ddns.local/IN': update unsuccessful:
WIN7HOST.ddns.local: 'name not in use' prerequisite not satisfied
(YXDOMAIN)
for several times;>> By default, SELinux prevents any role from modifying
named_zone_t
>> files; this means that files in the zone database directory
>> cannot be
>> modified by dynamic DNS (DDNS) updates or zone transfers.
>>
>> The Red Hat BIND distribution and SELinux policy creates three
>> directories where named is allowed to create and modify files:
>> /var/named/slaves, /var/named/dynamic /var/named/data. By
>> placing files
>> you want named to modify, such as slave or DDNS updateable
>> zone files
>> and database / statistics dump files in these directories,
>> named will
>> work normally and no further operator action is required.
>> Files in
>> these directories are automatically assigned the
>> ?named_cache_t? file
>> context, which SELinux allows named to write."
>
> That's probably why I have updateable zone files in chrooted
> /var/named/dynamic.
> Default targeted policy comes with necessary rules for chrooted bind. See
>
> # semanage fcontext -l | grep named_
>
I have them in /var/named/dynamic