I am running a small system with dynamic dhcpd updates to bind for local hosts and encountered the following error when trying to hide my update keys:
Oct 29 08:36:17 maplepark named[14767]: starting BIND 9.5.0-P2 -u named Oct 29 08:36:17 maplepark named[14767]: found 1 CPU, using 1 worker thread Oct 29 08:36:17 maplepark named[14767]: loading configuration from '/etc/named.conf' Oct 29 08:36:17 maplepark named[14767]: /etc/named.conf:14: open: /etc/update-keys: permission denied Oct 29 08:36:17 maplepark named[14767]: loading configuration: permission denied Oct 29 08:36:17 maplepark named[14767]: exiting (due to fatal error) In order to correct the error, I made /etc/update-keys owned by named, but am concerned that a breach of bind would allow an intruder to read the secrets from the keyfile. This kind of defeats a reason for running bind as user named. As I only update my "internal" view, is this a valid concern as my "external" view only has pubic dns information and is not dynamically updated? David Forrest e-mail: drf @ maplepark.com Maple Park Development Corporation http://www.maplepark.com St. Louis, Missouri
