On 07/01/13 14:31, Michael W. Lucas wrote:
Hi,
Running BIND 9.9 on FreeBSD.
named wants to write managed-keys.bind & the journal file in named's
root directory. I can change that with the "directory" option, but
then I have to move all the other directories. Company security policy
is that named may not do that.
Is there an option that tells named to "write your internal key &
journal files to location X, but don't change where I've put
everything else."
For the managed keys:
managed-keys-directory "/var/named/data/dynamic";
As for journal files, they are usually written "next" to the zone; often
the zone is in a sub-directory of the working dir:
zone "foo" {
type master;
# journal will be $NAMED_ROOT/data/zones/foo/zone.jnl
file "data/zones/foo/zone";
};
I've never tried it but there's a "journal" option on the zone; maybe
this takes paths, like so:
zone "foo" {
type master;
# zone lives outside working dir
file "/etc/zones/foo";
# ...but journal lives inside it
journal "data/journals/foo";
};
Note: I've never tested this; it is a wild guess.
This is an older install with lots of zones and lots of integration
with older systems, so I would rather not pick up the whole directory
structure and stuff it under the working directory. Yet I'd really
like to use auto DNSSec and DLV.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
