Hello Mike, Le samedi 9 à 12:01, Mike Cloaked a écrit :
So doing:
[root@lapmike3 ~]# chmod 770 /var/named
But the question is whether or not this is a good thing to do? Does anyone know if there are any bad consequences to resolving this problem by changing the permissions of /var/named as I have done above? If this is a good solution shouldn't that permission be set that way when the bind package (bind 9.9.2.P1-1) is initially installed, so that it does not then need changing after the install?
I'm not familiar with Arch's bind installation, but if /var/named contains anything not generated by bind as part of its operation you probably don't want to do that. The only reference to the necessity of a writable directory I've found is in chapter 6 of the Admin Manual :
The managed-keys statement, like trusted-keys, defines DNSSEC security roots. The difference is that managed-keys can be kept up to date automatically, without intervention from the resolver operator. ... So, whenever named is using automatic key maintenance, those two files [managed-keys.bind and managed-keys.bind.jnl] can be expected to exist in the working directory. (For this reason among others, the working directory should be always be writable by named.)
I've not find those "amongst others". For the record, under FreeBSD that I'm more familiar with, the default config file contains: options { directory "/etc/namedb/working"; // more options... http://svnweb.freebsd.org/base?view=revision&revision=200563 And /etc/namedb/working belongs to used bind, is 0755 and empty until named writed its key files. Note that with an explicite directory option, you will want to have fully-qualified paths for the other directives that specify paths. -- Fred