managed-keys.bind's directory problem

fujiwara at fujiwara at
Thu Dec 10 19:41:53 UTC 2009

> From: Mark Andrews <marka at>
> In message <20091210.162242.460114267490885968.fujiwara at>, fujiwara at wid
> writes:
>> I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
>> The named tried to write "managed-keys.bind" file into the named's
>> working directory.
>> The current BIND 9 requires the working directory is writable by named
>> (From ARM). But I think the working directory should not be writable
>> by named and some OSs' default configuration set the working directory
>> not writable.
> Then those OS's are misconfiguring named.  This has been a requirement
> since the BIND 4 days.  It's just named has not complained and there
> has been loss of functionality as a result.  On some OS's this is the
> only way to get a core file for debugging as there is no way to specify
> anything other than the current working directory.
> Note there is no requirement for named's config files to be below the
> working directory.
> ../master-files/ or /master-files/ or /var/named/master-files could
> all be used instead of ./master-files
> The working directory does not have to be /var/named.

Thank you. I understand where I misunderstood.

Now, I changed the work directory as "/etc/namedb/var" and prepended "../"
to all relative path on my FreeBSD Box.
(and added "            var uname=bind" into /etc/mtree/BIND.chroot.dist.)
It works well.

>> I'm very happy if I can change the managed-keys.bind path.
> We will look into that.


Kazunori Fujiwara, JPRS

More information about the bind-users mailing list