The signed domain file rewritten

Jim Popovitch jimpop at
Tue Nov 12 12:39:30 UTC 2019

On 11/12/19 4:42 AM, Alessandro Vesely wrote:
> Hi,
> I have a signed domain, with inline-signing yes and auto-dnssec maintain.
> Although the domain is static, the .signed and .signed.jnl files are being
> rewritten without apparent reason.  They are about a month newer than the
> corresponding .jbk and base files.
> I notice that because of tripwire complaints.  I guess I have to tweak that
> config, unless there's a way to prevent or foresee those rewritings.

I use this in twpol.txt:

         /etc    -> $(SEC_BIN) (recurse=true) ;
                 !/etc/bind/zone ;


> Why does bind rewrite that file?

Because someone forgot to put dynamic files in /var ?  :P

-Jim P.

More information about the bind-users mailing list