on 04/08/2011 11:33, Jos Chrispijn wrote:
I latety face an issue with BIND 9.4.-ESV-R4-P1.
I deduce that you are running FreeBSD 7.x
According to my log file, I get the following error:
Aug 4 12:00:03 triton named[93266]: starting BIND 9.4.-ESV-R4-P1 -c
/etc/namedb/named.conf -t /var/named -u bind
Aug 4 12:00:03 triton named[93266]: command channel listening on
127.0.0.1#953
Aug 4 12:00:03 triton named[93266]: command channel listening on ::1#953
Aug 4 12:00:03 triton named[93266]: _the working directory is not
writable_
Aug 4 12:00:03 triton named[93266]: running
I tried to chmod w+g the respecive directory, but it is set to default
again by bind itself.
Can someone tell me how I can resolve the +w on the working directory?
By default, the permissions on and location of Bind's working directory
should be:
% ls -lad /etc/namedb/working
drwxr-xr-x 2 bind wheel 6 Aug 4 11:26 /etc/namedb/working/
Now, as you're clearly running named under the bind user ID, this
suggests that perhaps you have some other directory defined as your
working directory in named.conf Check the 'directory' setting in the
options {}; block.
The location of the working directory was changed not so long ago --
http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/namedb/named.conf#rev1.30
-- due to the requirement for named to track various data to do with
DNSSEC. Previously, the working directory was /etc/namedb but simply
making this writable by named would have meant a process with the
credentials that named runs as could re-write named's configuration
file; an unacceptable security risk for a daemon exposed to the internet.
One unfortunate consequence is that any relative paths within named.conf
have to be altered accordingly.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
