,--- You/Stefan (Mon, 1 Sep 2008 16:20:29 +0200) ----* | | Am 01.09.2008 um 15:58 schrieb Alex Goncharov: | | > | There's no reason that the named process needs write access | > | to the master directory. If you use dynamic zone updates, | > | you should use the "dynamic" directory for those zones, | > | which is writable by bind. | > | > I just tried a simplistic change: | > | > a. Changed "type master" to "type dynamic" in named.conf. | > | > b. cp master/* dynamic | | There no "dynamic" type. You need to change the file path for the | zone from 'file "master/foo.bar"' to 'file "dynamic/foo.bar"'. Oh thank you -- why didn't I think of doing that?.. | Maybe reading the Bind Admin Guide or one of the books might be in There is no question about it: I think I've done adequate reading and will likely take a look at the Guide again, to see if this situation and your resolution are described there. By my recollection, it is not (BIND FAQ discusses permissions for `sl' -- the slave directory, but this is not the same as "master".) Do you think it is? Now, how does the argument that master zones should not be dynamically updatable, and `bind' must not have write permissions over the directory keeping the master zone files -- how does this live with your resolution to my problem? I am quite happy to accept it (if down the road nothing is going to "chown root dynamic") but I don't see much sense in doing this trick -- my master zone files are as vulnerable now as if they lived under `master' and the conceptual structure of the system seems worse to me: after all, what now lives under `dynamic' is a "master" zone (marked as such in `named.conf'). Thanks a lot for the help, anyway! -- Alex -- alex-goncharov_at_comcast.net --Received on Mon Sep 01 2008 - 13:14:21 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:34 UTC