The signed domain file rewritten

Alessandro Vesely vesely at
Tue Nov 12 18:21:21 UTC 2019

On Tue 12/Nov/2019 13:39:30 +0100 Jim Popovitch via bind-users wrote:
> On 11/12/19 4:42 AM, Alessandro Vesely wrote:
>> Hi,
>> I have a signed domain, with inline-signing yes and auto-dnssec maintain.
>> Although the domain is static, the .signed and .signed.jnl files are being
>> rewritten without apparent reason.  They are about a month newer than the
>> corresponding .jbk and base files.
>> I notice that because of tripwire complaints.  I guess I have to tweak that
>> config, unless there's a way to prevent or foresee those rewritings.
> I use this in twpol.txt:
> {
>         /etc    -> $(SEC_BIN) (recurse=true) ;
>                 !/etc/bind/zone ;
>         ....

Yeah, that's a possibility.

Not that I rely on tripwire more than I should, but leaving the zone outside
the controlled area means to blindly sign whatever happens to be in the zone.


More information about the bind-users mailing list