managed-keys.bind's directory problem

Chris Buxton cbuxton at menandmice.com
Tue Dec 15 06:57:29 UTC 2009


On Dec 14, 2009, at 6:28 PM, Doug Barton wrote:

> Chris Buxton wrote:
> 
>> The options { directory ""; }; statement specifies named's working
>> directory (its 'cwd'), not the location of the configuration
>> directory.
> 
> I continue to assert that both the code and long custom say that it
> specifies both, and further continue to assert that this is a mistake.
> However it's clear at this point that there is no consensus that this
> behavior should be changed, so I'll make the changes on my end.

Long custom on FreeBSD might say that, but the example I gave of putting config files in /etc and zone files in /var/named is actually quite well established. That has generally been the default setup that I've seen on Linux, Solaris, and Mac OS X, going back to the mid-90's.

Things have gotten more complicated recently as chroot jails become more common, and as security becomes more of a concern. Debian Linux (and Ubuntu by inheritance), for example, specifically suggests putting nothing but slave/stub zone files into the working directory, /var/cache/bind. Master zone data (and any other data that must be writable by named) is intended to go into /var/lib/bind, while config data (including default zone data) goes into /etc/bind. The documentation makes specific mention of using full paths as needed.

I can't speak to what the code says. I'm not fluent at reading source code.

Chris Buxton
Professional Services
Men & Mice




More information about the bind-users mailing list