From owner-freebsd-net@FreeBSD.ORG  Sun Oct 12 17:59:57 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B4852F5E
 for <freebsd-net@freebsd.org>; Sun, 12 Oct 2014 17:59:57 +0000 (UTC)
Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com
 [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 9AFD1374
 for <freebsd-net@freebsd.org>; Sun, 12 Oct 2014 17:59:56 +0000 (UTC)
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
 by segfault.tristatelogic.com (Postfix) with ESMTP id 1168B3AF26
 for <freebsd-net@freebsd.org>; Sun, 12 Oct 2014 10:59:56 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: freebsd-net@freebsd.org
Subject: Re: A couple of trivial BIND (dynamic update) questions
In-Reply-To: <543A4244.1000401@FreeBSD.org>
Date: Sun, 12 Oct 2014 10:59:56 -0700
Message-ID: <28907.1413136796@server1.tristatelogic.com>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2014 17:59:57 -0000


In message <543A4244.1000401@FreeBSD.org>, 
Matthew Seaman <matthew@FreeBSD.org> wrote:

>On 12/10/2014 02:05, Ronald F. Guilmette wrote:
>...
>>     /var/named/var/run/named/session.key
>>
>> So, um, how come?  The default location wasn't good enough?
>
>You're running chrooted to /var/named.  All paths will have /var/named
>tacked onto the front.

Ah!  OK.  It makes sense now.

>> So, um, what is the Right Solution here?  Do I need to re-jigger
>> the permissions on /var/named/etc/namedb/master to 0775 and then
>> add user-ID "bind" to the wheel group in /etc/groups?
>
>/var/named/etc/namedb/master is for zones where the data is managed by
>means other than dynamic update.
>
>If you're using dynamic update, then create a new directory
>/ver/named/etc/namedb/dynamic and make it mode 755 but owned by the bind
>UID and GID (similar to the slave directory).  Use that for storing the
>data for all your dynamic update zones.

OK, thanks much.  I will certainly do that.

(In fact, that is so obviously the correct solution that I am a bit
embarassed that I didn't just think of it myself.)