managed-keys.bind's directory problem

Doug Barton dougb at
Tue Dec 15 05:34:03 UTC 2009

fujiwara at wrote:
> I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).

FYI I recently committed the port for 9.7.0rc1. Hopefully this will
make it easier for you to continue testing. Please try the port and
let me know if you have any problems with it.

> The named tried to write "managed-keys.bind" file into the named's
> working directory.

I just committed the update I described in my previous message. If
you're not running -current and you'd like to experiment with it you
can grab the files from Put
the BIND.chroot.dist file in /etc/mtree and the new named.conf file in
/etc/namedb/. What I suggest to users (and do myself) is that they use
the default named.conf file and include customizations via the
"include" directive. That way you can easily pick up changes when the
default is updated. If you choose not to do that, no problem, the 2
key changes are 'directory "/etc/namedb/working";' and the need to
fully qualify all file and path names in named.conf.

Once your files are updated you can do '/etc/rc.d/named restart' and
the new working directory will be created for you with proper
permissions (assuming you don't have any of the chroot options
disabled in rc.conf).

I tested this configuration several different ways, including the use
of 'dnssec-lookaside auto;' and it worked fine. The managed-keys.bind
file was created and used as expected in /etc/namedb/working.

If you have any questions or problems please let me know. I will MFC
this change before the 7.3-RELEASE, but I will likely give it some
time to settle in -current before I do.

Thanks for bringing this issue to our attention.



	Improve the effectiveness of your Internet presence with
	a domain name makeover!

More information about the bind-users mailing list