Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 469 — #495
i
i
i
i
i
i
i
i
21
Linux in the Network
21.7.8 Dynamic Update of Zone Data
The term dynamic update refers to operations by which entries in the zone
files of a master server are added, changed, or deleted. This mechanism is
described in RFC 2136. Dynamic update is configured individually for each
zone entry by adding an optional allow-update or update-policy
rule. Zones to update dynamically should not be edited by hand.
Transmit the entries to update to the server with the command nsupdate.
For the exact syntax of this command, check the manual page for nsupdate
(man 8 nsupdate). For security reasons, any such update should be per-
formed using TSIG keys as described in Section 21.7.7 on page 467.
21.7.9 DNSSEC
DNSSEC, or DNS security, is described in RFC 2535. The tools available for
DNSSEC are discussed in the BIND Manual.
A zone considered secure must have one or several zone keys associated
with it. These are generated with dnssec-keygen, just like the host keys.
Currently the DSA encryption algorithm is used to generate these keys.
The public keys generated should be included in the corresponding zone
file with an $INCLUDE rule.
With the command dnssec-makekeyset, all keys generated are pack-
aged into one set, which must then be transferred to the parent zone in a
secure manner. On the parent, the set is signed with dnssec-signkey.
The files generated by this command are then used to sign the zones with
dnssec-signzone, which in turn generates the files to include for each
zone in /etc/named.conf.
21.7.10 Configuration with YaST
You can use the DNS module of YaST to configure a DNS server for your
local network. The module can work in two different modes:
Wizard Configuration When starting the module for the first time, you
will be prompted to make just a few basic decisions concerning the
server administration. Completing this initial setup produces a very
basic server configuration that should be functioning in its essential
aspects.
Expert Configuration The expert mode can be used to deal with the more
advanced configuration tasks, such as setting up ACLs, logging, TSIG
keys, and other options.
469
SUSE LINUX Enterprise Server