Re: managed-keys.bind's directory problem

2009-12-14 Thread Chris Buxton
On Dec 13, 2009, at 5:40 PM, Doug Barton wrote: On Fri, 11 Dec 2009, Mark Andrews wrote: To repeat my primary objection, if the named user can write to the configuration directory it can change the contents of named.conf. That's a security problem.\ So don't put named.conf inside the

Re: managed-keys.bind's directory problem

2009-12-14 Thread Doug Barton
Chris Buxton wrote: On Dec 13, 2009, at 5:40 PM, Doug Barton wrote: On Fri, 11 Dec 2009, Mark Andrews wrote: To repeat my primary objection, if the named user can write to the configuration directory it can change the contents of named.conf. That's a security problem.\ So don't put

Re: managed-keys.bind's directory problem

2009-12-14 Thread Doug Barton
fujiw...@wide.ad.jp wrote: I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). FYI I recently committed the port for 9.7.0rc1. Hopefully this will make it easier for you to continue testing. Please try the port and let me know if you have any problems with it. The named tried to write

Re: managed-keys.bind's directory problem

2009-12-14 Thread Chris Buxton
On Dec 14, 2009, at 6:28 PM, Doug Barton wrote: Chris Buxton wrote: The options { directory ; }; statement specifies named's working directory (its 'cwd'), not the location of the configuration directory. I continue to assert that both the code and long custom say that it specifies

Re: managed-keys.bind's directory problem

2009-12-13 Thread Doug Barton
On Fri, 11 Dec 2009, Mark Andrews wrote: In message 20091210.162242.460114267490885968.fujiw...@pyon.org, fujiw...@wid e.ad.jp writes: I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). The named tried to write managed-keys.bind file into the named's working directory. The current BIND 9

Re: managed-keys.bind's directory problem

2009-12-13 Thread Mark Andrews
In message alpine.bsf.2.00.0912131720060.1...@qbhto.arg, Doug Barton writes: On Fri, 11 Dec 2009, Mark Andrews wrote: In message 20091210.162242.460114267490885968.fujiw...@pyon.org, fujiwara @wid e.ad.jp writes: I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). The named tried to

Re: managed-keys.bind's directory problem

2009-12-10 Thread Mark Andrews
In message 20091210.162242.460114267490885968.fujiw...@pyon.org, fujiw...@wid e.ad.jp writes: I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). The named tried to write managed-keys.bind file into the named's working directory. The current BIND 9 requires the working directory is

Re: managed-keys.bind's directory problem

2009-12-10 Thread fujiwara
From: Mark Andrews ma...@isc.org In message 20091210.162242.460114267490885968.fujiw...@pyon.org, fujiw...@wid e.ad.jp writes: I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). The named tried to write managed-keys.bind file into the named's working directory. The current BIND 9