managed-keys.bind's directory problem
fujiwara at wide.ad.jp
fujiwara at wide.ad.jp
Thu Dec 10 19:41:53 UTC 2009
> From: Mark Andrews <marka at isc.org>
> In message <20091210.162242.460114267490885968.fujiwara at pyon.org>, fujiwara at wid
> e.ad.jp writes:
>> I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
>>
>> The named tried to write "managed-keys.bind" file into the named's
>> working directory.
>>
>> The current BIND 9 requires the working directory is writable by named
>> (From ARM). But I think the working directory should not be writable
>> by named and some OSs' default configuration set the working directory
>> not writable.
>
> Then those OS's are misconfiguring named. This has been a requirement
> since the BIND 4 days. It's just named has not complained and there
> has been loss of functionality as a result. On some OS's this is the
> only way to get a core file for debugging as there is no way to specify
> anything other than the current working directory.
>
> Note there is no requirement for named's config files to be below the
> working directory.
>
> ../master-files/ or /master-files/ or /var/named/master-files could
> all be used instead of ./master-files
>
> The working directory does not have to be /var/named.
Thank you. I understand where I misunderstood.
Now, I changed the work directory as "/etc/namedb/var" and prepended "../"
to all relative path on my FreeBSD Box.
(and added " var uname=bind" into /etc/mtree/BIND.chroot.dist.)
It works well.
>> I'm very happy if I can change the managed-keys.bind path.
>
> We will look into that.
Regards,
--
Kazunori Fujiwara, JPRS
More information about the bind-users
mailing list