who/what is touching my DNS directory???

Aleksandr Miroslav alexmiroslav at gmail.com
Tue May 31 17:37:04 UTC 2016

I'm running nsd for my DNS. My /usr/local/etc/nsd is managed as a git repo.
In addition, I have aide running for file integrity detection.

Here's the issue I am seeing:

Every couple of day, aide tells me that the mtime/ctime on
/usr/local/etc/nsd/.git has been updated by a few hours. Nothing else, just
the git directory. Nothing inside it is touched, nothing in the nsd
directory is touched.

I'm pretty sure it is nsd doing this, but I'm not sure why. I'm fairly
certain the box has not been hacked, (I think) the box is locked down
fairly tightly.

How can I verify what is updating the git directory? This box is running
10.3, fwiw.


