The signed domain file rewritten

Jim Popovitch jimpop at domainmail.org
Tue Nov 12 12:39:30 UTC 2019


On 11/12/19 4:42 AM, Alessandro Vesely wrote:
> Hi,
> 
> I have a signed domain, with inline-signing yes and auto-dnssec maintain.
> 
> Although the domain is static, the .signed and .signed.jnl files are being
> rewritten without apparent reason.  They are about a month newer than the
> corresponding .jbk and base files.
> 
> I notice that because of tripwire complaints.  I guess I have to tweak that
> config, unless there's a way to prevent or foresee those rewritings.
>

I use this in twpol.txt:

{
         /etc    -> $(SEC_BIN) (recurse=true) ;
                 !/etc/bind/zone ;

         ....


> Why does bind rewrite that file?
>

Because someone forgot to put dynamic files in /var ?  :P

https://en.wikipedia.org/wiki/Unix_filesystem


-Jim P.



More information about the bind-users mailing list