I've been adding TSIG to varioius domains. But I've found that on my
slavee servers, I've had to set the directory permissions as this:
$ ls -ld /etc/namedb/
drwxrwxr-x 4 root bind 512 Oct 15 09:26 /etc/namedb/
$ ls -ld /etc/namedb/secondary/
drwxr-x--- 2 bind bind 512 Oct 15 09:25 /etc/namedb/secondary/
named is running as: /usr/sbin/named -u bind -g bind
Some bits from /etc/namedb/named.conf:
options {
directory "/etc/namedb";
...
An example TSIG'd domain is:
key 2002100400.katy.com.tsigkey. {
algorithm "hmac-md5";
secret "DpTh3OpfpeZrbvV6kwDKcDaPIOeWn0b5MmUc/kqD57Q=";
};
zone "example.org" {
type slave;
file "secondary/example.org.db";
masters { 192.168.0.98 key 2002100400.katy.com.tsigkey.; };
};
Without setting the chmod, I will get these errors upon ndc reload:
named[89]: write_tsig_info: mkstemp(tsigs.RTdOEg) for TSIG info
failed
named[89]: unable to write tsig info: 'example.org'
I don't like having to put change the permissions on /etc/namedb.
Any other ideas?
--
Dan Langille
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
