Mark Andrews wrote: > Just put the zone file somewhere named can do that.
OK, thanks, that works. I see you answer this every few years. For secured environments, it'd be better if BIND copied the file over to the working directory itself. In a typical OCI/Docker image, the configuration will be in the image, unmodifiable; but the state-carrying directories will be on a storage server. I hacked it by creating an entrypoint script to do just that. But I don't see it modifying or replacing the zone file anyway. Is it expected to do that? The file is owned by root and isn't modifiable by the `bind` user, but BIND has write permission on the directory. BIND seems to be keeping its own recollection of the zone's serial number, incrementing it with every restart or key signing. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
