bind configuration/setup question
alan at clegg.com
Wed Aug 28 17:29:18 UTC 2013
On Aug 28, 2013, at 12:53 PM, mm half <mm_half3 at yahoo.com> wrote:
> 28-Aug-2013 12:12:37.565 general: info: reloading zones succeeded
> 28-Aug-2013 12:12:37.572 general: notice: all zones loaded
> 28-Aug-2013 12:12:37.573 general: notice: running
> 28-Aug-2013 12:12:37.573 general: error: file.c:300: unexpected error:
> 28-Aug-2013 12:12:37.573 general: error: unable to convert errno to isc_result: 30: Read-only file system
> 28-Aug-2013 12:12:39.279 general: error: file.c:300: unexpected error:
> 28-Aug-2013 12:12:39.279 general: error: unable to convert errno to isc_result: 30: Read-only file system
> Is this error something to be worried about, or is it more of an info message? Also, is much even gained security wise by disallowing the OS to write to the dns data area? This particular error can be fixed by separating the dns data directory from the bind configuration and bind installation, and putting it on a writable file system for the public dns zone, but if the above error is only a warning thinking of keeping the data as read only also. Any suggestions are appreciated.
When I see the words "unexpected error" coming out of software, I'm always concerned.
I believe that what you are seeing is the result of BIND 9.9 doing more things "automatically", including bringing in a set of DNSSEC trust anchors (root and DLV) and not being able to create the file.
You should be able to use the option "bindkeys-file" to set a location that is writable for this file.
It's also going to happen if you use managed-keys, as there is a "keystone" created that needs to be updated. See the "managed-keys-directory" option.
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the bind-users