On 12/08/2010 11:51, Martin McCormick wrote:
I wrote:
Who is supposed to own /var/named?
I received a response from a kind soul from this list
who reminded me of a directive new to bind9.7.1 that lets you
determine where the managed-keys.bind file lives. I set up
managed-keys-directory "/etc/namedb/working";
That looks like a FreeBSD install. If you let it, /etc/rc.d/named will
use mtree to update the permissions on all relevant directories at each
startup, chroot, drop root privs, etc.
and all is now well with that zone. This appears to be a logical
place for the file and there is nothing else in that directory
which is already under bind ownership.
Yes, that is the purpose of the /working directory on FreeBSD installs.
In the default conf there is this:
directory "/etc/namedb/working";
I have set up DNSSEC validation on my personal workstation and using the
managed keys directive it creates the files there.
If you're using FreeBSD I strongly suggest that you use the named.conf
file provided as your starting point.
hth,
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
