BIND allows hosts to update their records in DNS and zone files dynamically. This is used when a host computer's IP address changes frequently and the DNS record requires real-time modification.
/var/named/dynamic/ directory for zone files you want updated via dynamic DNS. Files created in or copied into
/var/named/dynamic/ inherit Linux permissions that allow
named to write to them. As such files are labeled with the
named_cache_t type, SELinux allows
named to write to them.
If a zone file in
/var/named/dynamic/ is labeled with the
named_zone_t type, dynamic DNS updates may not be successful for a certain period of time as the update needs to be written to a journal first before being merged. If the zone file is labeled with the
named_zone_t type when the journal attempts to be merged, an error such as the following is logged:
named[PID]: dumping master file: rename: /var/named/dynamic/zone-name: permission denied
Also, the following SELinux denial is logged:
setroubleshoot: SELinux is preventing named (named_t) "unlink" to zone-name (named_zone_t)
To resolve this labeling issue, run the
restorecon -R -v /var/named/dynamic command as the Linux root user.