BIND allows hosts to update their records in DNS and zone files dynamically. This is used when a host computer's IP address changes frequently and the DNS record requires real-time modification.

Use the /var/named/dynamic directory for zone files you want updated via dynamic DNS. Files created in or copied into /var/named/dynamic inherit Linux permissions that allow named to write to them. As such files are labeled with the named_cache_t type, SELinux allows named to write to them.

If a zone file in /var/named/dynamic is labeled with the named_zone_t type, dynamic DNS updates may not be successful for a certain period of time as the update needs to be written to a journal first before being merged. If the zone file is labeled with the named_zone_t type when the journal attempts to be merged, an error such as the following is logged to /var/log/messages:

named[PID]: dumping master file: rename: /var/named/dynamic/zone-name: permission denied

Also, the following SELinux denial is logged to /var/log/messages:

setroubleshoot: SELinux is preventing named (named_t) "unlink" to zone-name (named_zone_t)

To resolve this labeling issue, run the restorecon -R -v /var/named/dynamic command as the Linux root user.