DNSSEC policy using wrong directory?
Ondřej Surý
ondrej at isc.org
Sun Aug 24 08:56:47 UTC 2025
And the corresponding option:
https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-journal
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 24. 8. 2025, at 10:53, Ondřej Surý <ondrej at isc.org> wrote:
>
> https://bind9.readthedocs.io/en/stable/chapter6.html#the-journal-file
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>
>>> On 24. 8. 2025, at 3:54, Mike <debian at good-with-numbers.com> wrote:
>>>
>> I just set up `dnssec-policy default;` in my zones. Now I'm seeing error
>> messages like:
>>
>> general: error: /etc/bind/good-with-numbers.com.signed.jnl: create: permission denied
>>
>> Well, yeah, that's a read-only file system.
>>
>> options {
>> directory "/var/cache/bind";
>>
>> is set, so that's the working directory, so it should be writing into there.
>> Instead, it seems to be choosing the directory where the zone file is:
>>
>> zone "good-with-numbers.com" {
>> file "/etc/bind/good-with-numbers.com";
>>
>> Is there an override?
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250824/68fae5ce/attachment-0001.htm>
More information about the bind-users
mailing list