Date: Mon, 01 Sep 2008 11:14:19 -0400 From: Alex Goncharov <alex-goncharov@comcast.net> To: Stefan Bethke <stb@lassitu.de> Cc: freebsd-current@freebsd.org Subject: Re: named mystery -- error: dumping master file: master/tmp-wTjhUzoix6 Message-ID: <E1KaB6h-0006LK-Hu@daland.home> In-Reply-To: <597586F2-3D3E-4B16-8E20-C3D2B69D25BD@lassitu.de> (message from Stefan Bethke on Mon, 1 Sep 2008 16:20:29 %2B0200) References: <200809011331.m81DV7pq094904@lurza.secnetix.de> <E1Ka9v7-0007oh-Re@daland.home> <597586F2-3D3E-4B16-8E20-C3D2B69D25BD@lassitu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
,--- You/Stefan (Mon, 1 Sep 2008 16:20:29 +0200) ----* | | Am 01.09.2008 um 15:58 schrieb Alex Goncharov: | | > | There's no reason that the named process needs write access | > | to the master directory. If you use dynamic zone updates, | > | you should use the "dynamic" directory for those zones, | > | which is writable by bind. | > | > I just tried a simplistic change: | > | > a. Changed "type master" to "type dynamic" in named.conf. | > | > b. cp master/* dynamic | | There no "dynamic" type. You need to change the file path for the | zone from 'file "master/foo.bar"' to 'file "dynamic/foo.bar"'. Oh thank you -- why didn't I think of doing that?.. | Maybe reading the Bind Admin Guide or one of the books might be in There is no question about it: I think I've done adequate reading and will likely take a look at the Guide again, to see if this situation and your resolution are described there. By my recollection, it is not (BIND FAQ discusses permissions for `sl' -- the slave directory, but this is not the same as "master".) Do you think it is? Now, how does the argument that master zones should not be dynamically updatable, and `bind' must not have write permissions over the directory keeping the master zone files -- how does this live with your resolution to my problem? I am quite happy to accept it (if down the road nothing is going to "chown root dynamic") but I don't see much sense in doing this trick -- my master zone files are as vulnerable now as if they lived under `master' and the conceptual structure of the system seems worse to me: after all, what now lives under `dynamic' is a "master" zone (marked as such in `named.conf'). Thanks a lot for the help, anyway! -- Alex -- alex-goncharov@comcast.net --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1KaB6h-0006LK-Hu>