I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). The named tried to write "managed-keys.bind" file into the named's working directory.
The current BIND 9 requires the working directory is writable by named (From ARM). But I think the working directory should not be writable by named and some OSs' default configuration set the working directory not writable. It is usable to avoid named's unknown BUG which may break the working directory. For example, FreeBSD changes the working directory's owner/group/permission configured by /etc/mtree/BIND.chroot.dist and it sets the working directory not writable by named. I changed /etc/mtree/BIND.chroot.dist in my FreeBSD box, but I don't like this solution. I'm very happy if I can change the managed-keys.bind path. ------------------------------------------------------------------------------ >From BIND 9.7.0b3 ARM: In the current implementation, the managed keys database is stored as a master-format zone file called managed-keys.bind. When the key database is changed, the zone is updated. As with any other dynamic zone, changes will be written into a journal file, managed-keys.bind.jnl. They are committed to the master file as soon as possible afterward; in the case of the managed key database, this will usually occur within 30 seconds. So, whenever named is using automatic key maintenace, those two files can be expected to exist in the working directory. (For this reason among others, the working directory should be always be writable by named.) If the dnssec-lookaside option is set to auto, named will automatically initialize a managed key for the zone dlv.isc.org. The key that is used to initialize the key maintenance process is built into named, and can be overridden from bindkeys-file. --------------------------------------------------------------------------- -- Kazunori Fujiwara, JPRS _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users