bind configuration/setup question
mm_half3 at yahoo.com
Wed Aug 28 16:53:15 UTC 2013
Setup bind-9.9.2-P2 on a solaris 10 system using zones (an oracle implementation of OS virtualization), with a dns data/configuration zone and a dns zone. The dns data zone is on a private network and has the dns data tables for bind (directory where data files stored in named.conf options area), the bind installation, and bind configuration file, named.conf. The dns zone is on the internet routable public network, and has the dns data, bind installation, and bind configuration file available to it in a read only file system. Figured that since we have successfully run earlier versions of bind on dns servers with the data directory and data files as read only to the userid bind runs as, this would also work, and provide the added benefit of preventing the OS of the zone running bind on the public network from being able modify the data area at all.
The dns server using this configuration seems to be running fine, but each time bind re-reads the named.conf file these messages appear in named.log :
28-Aug-2013 12:12:37.565 general: info: reloading zones succeeded
28-Aug-2013 12:12:37.572 general: notice: all zones loaded
28-Aug-2013 12:12:37.573 general: notice: running
28-Aug-2013 12:12:37.573 general: error: file.c:300: unexpected error:
28-Aug-2013 12:12:37.573 general: error: unable to convert errno to isc_result: 30: Read-only file system
28-Aug-2013 12:12:39.279 general: error: file.c:300: unexpected error:
28-Aug-2013 12:12:39.279 general: error: unable to convert errno to isc_result: 30: Read-only file system
Is this error something to be worried about, or is it more of an info message? Also, is much even gained security wise by disallowing the OS to write to the dns data area? This particular error can be fixed by separating the dns data directory from the bind configuration and bind installation, and putting it on a writable file system for the public dns zone, but if the above error is only a warning thinking of keeping the data as read only also. Any suggestions are appreciated.
*****The content of this message is my personal opinion only, and should not be construed as anything that has been through rigorous scrutiny of the professional groups who devote their life and work to the topics being discussed********
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users