managed-keys.bind's directory problem

fujiwara at wide.ad.jp fujiwara at wide.ad.jp
Thu Dec 10 19:41:53 UTC 2009


> From: Mark Andrews <marka at isc.org>
> In message <20091210.162242.460114267490885968.fujiwara at pyon.org>, fujiwara at wid
> e.ad.jp writes:
>> I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
>> 
>> The named tried to write "managed-keys.bind" file into the named's
>> working directory.
>> 
>> The current BIND 9 requires the working directory is writable by named
>> (From ARM). But I think the working directory should not be writable
>> by named and some OSs' default configuration set the working directory
>> not writable.
> 
> Then those OS's are misconfiguring named.  This has been a requirement
> since the BIND 4 days.  It's just named has not complained and there
> has been loss of functionality as a result.  On some OS's this is the
> only way to get a core file for debugging as there is no way to specify
> anything other than the current working directory.
> 
> Note there is no requirement for named's config files to be below the
> working directory.
> 
> ../master-files/ or /master-files/ or /var/named/master-files could
> all be used instead of ./master-files
>  
> The working directory does not have to be /var/named.

Thank you. I understand where I misunderstood.

Now, I changed the work directory as "/etc/namedb/var" and prepended "../"
to all relative path on my FreeBSD Box.
(and added "            var uname=bind" into /etc/mtree/BIND.chroot.dist.)
It works well.

>> I'm very happy if I can change the managed-keys.bind path.
> 
> We will look into that.

Regards,

--
Kazunori Fujiwara, JPRS



More information about the bind-users mailing list