bind update keeps messing up write-rights

Tim ignored_mailbox at
Sun Jul 20 06:16:14 UTC 2008

On Sat, 2008-07-19 at 10:11 -0700, Ed Warner wrote:
> Othe than my zone files, what else goes
> into /var/named/chroot/var/named/dynamic ?

Nothing.  Assuming we're already in the chroot, or we're not chrooting:

zone files that are set once, or manually altered.

zone files that are automatically managed, such as by a DHCP server 
(NB:  The DNS server manages them, communicating with the DHCP server,
the DHCP server doens't directly manipulate the files).

zone files that will be externally managed by a master DNS server.

I seem to recall the data subdirectory being a location that the server
may dump data to (e.g. statistics).

Protective software, like SELinux, enforces the use of some of those
directories (the DNS server will not be allowed to write slave zone
files to anything other than the slaves subdirectory, etc.).  You'll
probably find more and more segregation of things, as program authors
get more stringent about security, seeing as things like SELinux make
use of file location for setting rules, but zone files have variable
names depending on the zones, but directory names for all of them do not

Have a look at <>, skip down
to the part that mentions SELinux.

[tim at localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the fedora-list mailing list