hostmas...@g-net.be <hostmas...@g-net.be> wrote: > > The reason I ask is because I'm setting up a DNS sec server and for easy > key rollover and manageability I have created several new directories on > a usb stick for example. Key files and zone files now all have 774 > permissions , owned by bind:bind , but I was wondering from a security > point of view if this is correct ?
Zone files that are managed by bind need to be writable by BIND (mode 644 and owned by BIND). BIND does not (yet) create keys itself so the key files only need to be readable by BIND. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5 or 6 later. Rough or very rough. Occasional rain. Moderate or good, occasionally poor. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
