Problem with RELENG_5_3, BIND9 and dynamic updates
Gregory Neil Shapiro
gshapiro at freebsd.org
Wed Nov 3 10:50:42 PST 2004
> It looks like BIND9, as delivered in the base, has problems when zones
> are using dynamic DNS updates.
>
> This is because it runs as user "bind", but that user doesn't have write
> access to /var/named/etc/namedb/master - the script /etc/rc.d/named uses
> mtree to set that directory as follows:
>
> Nov 2 22:40:31 vimes kernel: Nov 2 22:40:31 vimes named[98525]:
> master/aminor.no.zone.jnl: create: permission denied
Perhaps this patch will help:
Index: mtree/BIND.chroot.dist
===================================================================
RCS file: /src/FreeBSD/ncvs/src/etc/mtree/BIND.chroot.dist,v
retrieving revision 1.5
diff -u -r1.5 BIND.chroot.dist
--- mtree/BIND.chroot.dist 29 Sep 2004 03:43:10 -0000 1.5
+++ mtree/BIND.chroot.dist 3 Nov 2004 18:45:06 -0000
@@ -9,6 +9,8 @@
..
etc
namedb
+ dynamic uname=bind
+ ..
master
..
slave uname=bind
Index: namedb/named.conf
===================================================================
RCS file: /src/FreeBSD/ncvs/src/etc/namedb/named.conf,v
retrieving revision 1.19
diff -u -r1.19 named.conf
--- namedb/named.conf 30 Sep 2004 09:57:36 -0000 1.19
+++ namedb/named.conf 3 Nov 2004 18:48:06 -0000
@@ -102,6 +102,22 @@
};
};
+// An example dynamic zone
+key "exampleorgkey"
+{
+ algorithm hmac-md5;
+ secret "sf87HJqjkqh8ac87a02lla==";
+};
+
+zone "example.org" {
+ type master;
+ allow-update
+ {
+ key "exampleorgkey";
+ };
+ file "dynamic/example.org";
+};
+
zone "0.168.192.in-addr.arpa" {
type slave;
file "slave/0.168.192.in-addr.arpa";
More information about the freebsd-current
mailing list