bind configuration/setup question
alan at clegg.com
Wed Aug 28 17:34:36 UTC 2013
On Aug 28, 2013, at 1:29 PM, Alan Clegg <alan at clegg.com> wrote:
> I believe that what you are seeing is the result of BIND 9.9 doing more things "automatically", including bringing in a set of DNSSEC trust anchors (root and DLV) and not being able to create the file.
> You should be able to use the option "bindkeys-file" to set a location that is writable for this file.
And as soon as I sent this I realized that I'd goofed. bind.keys is created on install (it is part of the problem, however).
This file contains "managed-keys" statements that I refer to below (and it was supposed to be "keystore" not "keystone" -- spellcheck will be the death of the computer industry).
> It's also going to happen if you use managed-keys, as there is a "keystone" created that needs to be updated. See the "managed-keys-directory" option.
This is where the problem lies. The fact that you have managed-keys requires BIND to create a journal of updates made to the trust-anchor material. Set "managed-keys-directory" to a writable directory and copy the managed-keys.bind and managed-keys.bind.jnl files there.
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the bind-users