On Aug 28, 2013, at 12:53 PM, mm half <mm_ha...@yahoo.com> wrote: > 28-Aug-2013 12:12:37.565 general: info: reloading zones succeeded > 28-Aug-2013 12:12:37.572 general: notice: all zones loaded > 28-Aug-2013 12:12:37.573 general: notice: running > 28-Aug-2013 12:12:37.573 general: error: file.c:300: unexpected error: > 28-Aug-2013 12:12:37.573 general: error: unable to convert errno to > isc_result: 30: Read-only file system > 28-Aug-2013 12:12:39.279 general: error: file.c:300: unexpected error: > 28-Aug-2013 12:12:39.279 general: error: unable to convert errno to > isc_result: 30: Read-only file system > > Is this error something to be worried about, or is it more of an info > message? Also, is much even gained security wise by disallowing the OS to > write to the dns data area? This particular error can be fixed by > separating the dns data directory from the bind configuration and bind > installation, and putting it on a writable file system for the public dns > zone, but if the above error is only a warning thinking of keeping the data > as read only also. Any suggestions are appreciated.
When I see the words "unexpected error" coming out of software, I'm always concerned. I believe that what you are seeing is the result of BIND 9.9 doing more things "automatically", including bringing in a set of DNSSEC trust anchors (root and DLV) and not being able to create the file. You should be able to use the option "bindkeys-file" to set a location that is writable for this file. It's also going to happen if you use managed-keys, as there is a "keystone" created that needs to be updated. See the "managed-keys-directory" option. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
