DNSSEC policy using wrong directory?
Mark Andrews
marka at isc.org
Sun Aug 24 22:17:16 UTC 2025
When you use dnssec-policy named updates the zone content. It then wants to write the updated zone content back out. It does this by writing a temporary file and when that is complete atomically switching that file with the old zone file. Just put the zone file somewhere named can do that.
--
Mark Andrews
> El 25 ago 2025, a las 1:39, Mike <debian at good-with-numbers.com> escribió:
>
> I should have mentioned that `managed-keys.bind{,.jnl}` are written
> (correctly) to /var/cache/bind. So the `directory` option is doing its job,
> just not for the `dnssec-policy` journals.
>
> But `Kgood-with-numbers.com.*` *are* going into /var/cache/bind, so
> `dnssec-policy` is getting that part correct.
>
> I just saw
>
> general: error: dumping master file: /etc/bind/tmp-...: open: permission denied
>
> as well. So this seems to go beyond just setting the `journal` option.
>
>> general: error: /etc/bind/good-with-numbers.com.signed.jnl: create: permission denied
>
>> directory "/var/cache/bind";
>>
>> is set, so that's the working directory, so it should be writing into there.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list