Allow only temporary zone updates without making them permanent

Lefteris Tsintjelis lefty at spes.gr
Wed Jun 26 20:15:48 UTC 2019


On 26/6/2019 22:04, Anderson, Charles R wrote:
> On Wed, Jun 26, 2019 at 07:46:20PM +0300, Lefteris Tsintjelis via bind-users wrote:
>> On 26/6/2019 17:39, Grant Taylor via bind-users wrote:
>>> Or are you wanting to update the zone contents without actually updating
>>> the zone file on disk?
>>
>> Yes, exactly this. That is the reason I changed the actual zone disk
>> file permissions to root thinking that files would not be modifiable,
>> but bind surprised me there. I did not expect to change the file
>> ownership from root to bind! The problem started with ACME actually as
>> it always messes up my disk zone files and have to always restore them.
>> I would still like to use something like that in small DDNS zones also,
>> serving just a few IPs only. Non disk writable/modifiable zones could
>> perhaps add a small layer of extra security as well.
> 
> If Linux:
> 
> chattr +i filename
> 
> If FreeBSD:
> 
> chflags schg filename

Or chmod +t <directory> I had totally forgotten about that one.


More information about the bind-users mailing list