Quoth Robert Bihlmeyer: > I claim ignorance in how bind works. But I don't see a problem with it > opening zone cache files r/w, and keeping them open until termination. > > Opening is done while still owning privileges (maybe root), so on the > next start it is still possible to r/w.
Making bind do this should be trivial, yes. I believe, though, that you have the possibility in bind to add more zones without actually _restarting_ the whole program (you just reload the config). If so, this would be broken in the setup you propose, but then again, this should be a minor problem. (I don't guarantee that bind can add zones without restarting, but we can say it can for arguments sake :) Oystein -- When in doubt: Recompile.
