Create a separate directory for dynamic zones which is owned by the bind

user (for creation of the zone journal file).  This is separate from the
master/ directory for security.  Give an example dynamic zone in the
sample named.conf.

Approved by:	dougb
Noticed by:	Eivind Olsen <eivind at aminor.no>
MFC after:	1 week

2 files changed, 16 insertions, 0 deletions

diff --git a/etc/mtree/BIND.chroot.dist b/etc/mtree/BIND.chroot.dist
index 2f828ee..e41a369 100644
--- a/etc/mtree/BIND.chroot.dist
+++ b/etc/mtree/BIND.chroot.dist
@@ -9,6 +9,8 @@
     ..
     etc
         namedb
+            dynamic uname=bind
+            ..
             master
             ..
             slave   uname=bind
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index d0d4449..94b6f3c 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -102,6 +102,20 @@ zone "example.com" {
 	};
 };
 
+// An example dynamic zone
+key "exampleorgkey" {
+        algorithm hmac-md5;
+        secret "sf87HJqjkqh8ac87a02lla==";
+};
+
+zone "example.org" {
+	type master;
+	allow-update {
+		key "exampleorgkey";
+	};
+	file "dynamic/example.org";
+};
+
 zone "0.168.192.in-addr.arpa" {
 	type slave;
 	file "slave/0.168.192.in-addr.arpa";