From owner-freebsd-questions  Fri Nov  1  8:10:55 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 73F8037B40D
	for <freebsd-questions@freebsd.org>; Fri,  1 Nov 2002 08:10:54 -0800 (PST)
Received: from bast.unixathome.org (bast.unixathome.org [216.187.105.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 52EB143E7B
	for <freebsd-questions@freebsd.org>; Fri,  1 Nov 2002 08:10:50 -0800 (PST)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP id 21DBC3F53
	for <freebsd-questions@freebsd.org>; Fri,  1 Nov 2002 11:10:44 -0500 (EST)
From: "Dan Langille" <dan@langille.org>
To: freebsd-questions@freebsd.org
Date: Fri, 01 Nov 2002 11:10:44 -0500
MIME-Version: 1.0
Subject: TSIG with BIND requires chmod+chgrp /etc/namedb
Message-ID: <3DC26134.27868.57480335@localhost>
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

It appears that using TSIG with BIND for secondary domains requires a 
chmod and chgrp of /etc/namedb.

I've been adding TSIG to varioius domains.  But I've found that on my 
slave servers, I've had to set the directory permissions as this:

$ ls -ld /etc/namedb/
drwxrwxr-x  4 root  bind  512 Oct 15 09:26 /etc/namedb/
$ ls -ld /etc/namedb/secondary/
drwxr-x---  2 bind  bind  512 Oct 15 09:25 /etc/namedb/secondary/

The original permissions on /etc/namedb are:
drwxr-xr-x  2 root  wheel  512 Mar  9  2002 /etc/namedb

named is running as:  /usr/sbin/named -u bind -g bind

Some bits from /etc/namedb/named.conf:

options {
        directory "/etc/namedb";


I don't really liked having to change the permission of /etc/namedb 
especially as that will be necessary for people runnning secondary 
DNS for me.

Any comments/suggestions?
-- 
Dan Langille


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message