Allow only temporary zone updates without making them permanent

Lefteris Tsintjelis lefty at spes.gr
Wed Jun 26 18:30:25 UTC 2019


On 26/6/2019 20:25, Grant Taylor via bind-users wrote:
> On 6/26/19 10:46 AM, Lefteris Tsintjelis via bind-users wrote:
>> Yes, exactly this. That is the reason I changed the actual zone disk
>> file permissions to root thinking that files would not be modifiable,
>> but bind surprised me there. I did not expect to change the file
>> ownership from root to bind!
> 
> I'm surprised at the ownership change too.
> 
> It may be dependent on your OS init scripts, perhaps they are changing
> them.
> 
> The only way that I see that BIND, running as something other than root,
> could change them is if the user it's running as has write on the
> directory and deletes & recreates new zone files as itself.  But that
> would surprise me too.
> 
>> The problem started with ACME actually as it always messes up my disk
>> zone files and have to always restore them.
> 
> Is the ACME client modifying the zone file(s) directly?  Or is it using
> dynamic DNS (possibly via nsupdate) to request that BIND update the
> zone(s)?

ACME is through net and not directly. I have checked and tripled checked
that a few times, as well as the init/startup scripts. It is not ACME,
it is named that modifies the file and it happens right after the
dynamic ACME update.

Lefteris


More information about the bind-users mailing list