On Aug 28, 2013, at 1:29 PM, Alan Clegg <a...@clegg.com> wrote: > > I believe that what you are seeing is the result of BIND 9.9 doing more > things "automatically", including bringing in a set of DNSSEC trust anchors > (root and DLV) and not being able to create the file. > > You should be able to use the option "bindkeys-file" to set a location that > is writable for this file.
And as soon as I sent this I realized that I'd goofed. bind.keys is created on install (it is part of the problem, however). This file contains "managed-keys" statements that I refer to below (and it was supposed to be "keystore" not "keystone" -- spellcheck will be the death of the computer industry). > It's also going to happen if you use managed-keys, as there is a "keystone" > created that needs to be updated. See the "managed-keys-directory" option. This is where the problem lies. The fact that you have managed-keys requires BIND to create a journal of updates made to the trust-anchor material. Set "managed-keys-directory" to a writable directory and copy the managed-keys.bind and managed-keys.bind.jnl files there. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
