Mark Andrews wrote:
> Just put the zone file somewhere named can do that.
OK, thanks, that works. I see you answer this every few years.
For secured environments, it'd be better if BIND copied the file over to the
working directory itself. In a typical OCI/Docker image, the configuration
will b
When you use dnssec-policy named updates the zone content. It then wants to
write the updated zone content back out. It does this by writing a temporary
file and when that is complete atomically switching that file with the old zone
file. Just put the zone file somewhere named can do that.
--
I should have mentioned that `managed-keys.bind{,.jnl}` are written
(correctly) to /var/cache/bind. So the `directory` option is doing its job,
just not for the `dnssec-policy` journals.
But `Kgood-with-numbers.com.*` *are* going into /var/cache/bind, so
`dnssec-policy` is getting that part corr
And the corresponding option:
https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-journal
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 8. 2025, at
https://bind9.readthedocs.io/en/stable/chapter6.html#the-journal-file
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 8. 2025, at 3:54, Mike wrote:
>
> I just set up `dnss
Mike skrev den 2025-08-24 03:50:
I just set up `dnssec-policy default;` in my zones. Now I'm seeing
error
messages like:
general: error: /etc/bind/good-with-numbers.com.signed.jnl: create:
permission denied
Well, yeah, that's a read-only file system.
options {
directory "/var/cache
6 matches
Mail list logo
