From owner-freebsd-current@FreeBSD.ORG Mon Sep 1 15:14:21 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 878D4106566B for ; Mon, 1 Sep 2008 15:14:21 +0000 (UTC) (envelope-from alex-goncharov@comcast.net) Received: from QMTA08.westchester.pa.mail.comcast.net (qmta08.westchester.pa.mail.comcast.net [76.96.62.80]) by mx1.freebsd.org (Postfix) with ESMTP id 312E28FC17 for ; Mon, 1 Sep 2008 15:14:20 +0000 (UTC) (envelope-from alex-goncharov@comcast.net) Received: from OMTA03.westchester.pa.mail.comcast.net ([76.96.62.27]) by QMTA08.westchester.pa.mail.comcast.net with comcast id 9Qfc1a00D0bG4ec58TELuN; Mon, 01 Sep 2008 15:14:20 +0000 Received: from daland.home ([24.61.21.4]) by OMTA03.westchester.pa.mail.comcast.net with comcast id 9TEK1a00H05H7zL3PTELsj; Mon, 01 Sep 2008 15:14:20 +0000 X-Authority-Analysis: v=1.0 c=1 a=aVV7_ef_2ZQA:10 a=y3Be58pVqgkA:10 a=rITDv7nW5hcA:10 a=W39awwjPDwUKrvW531MA:9 a=OiDF6X2pRF-60hE7uNKU5btG2GgA:4 a=si9q_4b84H0A:10 a=mhQ4J5QMNLoA:10 Received: from algo by daland.home with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KaB6h-0006LK-Hu; Mon, 01 Sep 2008 11:14:19 -0400 From: Alex Goncharov To: Stefan Bethke In-reply-to: <597586F2-3D3E-4B16-8E20-C3D2B69D25BD@lassitu.de> (message from Stefan Bethke on Mon, 1 Sep 2008 16:20:29 +0200) References: <200809011331.m81DV7pq094904@lurza.secnetix.de> <597586F2-3D3E-4B16-8E20-C3D2B69D25BD@lassitu.de> Message-Id: Sender: Alex Goncharov Date: Mon, 01 Sep 2008 11:14:19 -0400 Cc: freebsd-current@freebsd.org Subject: Re: named mystery -- error: dumping master file: master/tmp-wTjhUzoix6 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alex Goncharov List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2008 15:14:21 -0000 ,--- You/Stefan (Mon, 1 Sep 2008 16:20:29 +0200) ----* | | Am 01.09.2008 um 15:58 schrieb Alex Goncharov: | | > | There's no reason that the named process needs write access | > | to the master directory. If you use dynamic zone updates, | > | you should use the "dynamic" directory for those zones, | > | which is writable by bind. | > | > I just tried a simplistic change: | > | > a. Changed "type master" to "type dynamic" in named.conf. | > | > b. cp master/* dynamic | | There no "dynamic" type. You need to change the file path for the | zone from 'file "master/foo.bar"' to 'file "dynamic/foo.bar"'. Oh thank you -- why didn't I think of doing that?.. | Maybe reading the Bind Admin Guide or one of the books might be in There is no question about it: I think I've done adequate reading and will likely take a look at the Guide again, to see if this situation and your resolution are described there. By my recollection, it is not (BIND FAQ discusses permissions for `sl' -- the slave directory, but this is not the same as "master".) Do you think it is? Now, how does the argument that master zones should not be dynamically updatable, and `bind' must not have write permissions over the directory keeping the master zone files -- how does this live with your resolution to my problem? I am quite happy to accept it (if down the road nothing is going to "chown root dynamic") but I don't see much sense in doing this trick -- my master zone files are as vulnerable now as if they lived under `master' and the conceptual structure of the system seems worse to me: after all, what now lives under `dynamic' is a "master" zone (marked as such in `named.conf'). Thanks a lot for the help, anyway! -- Alex -- alex-goncharov@comcast.net --