From owner-freebsd-questions@FreeBSD.ORG Thu Aug 4 11:34:50 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 186401065675 for ; Thu, 4 Aug 2011 11:34:50 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 76B3E8FC20 for ; Thu, 4 Aug 2011 11:34:49 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id p74BYiR7005987 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 4 Aug 2011 12:34:44 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk p74BYiR7005987 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1312457684; bh=WA23hDl6NbXD65aSHh+GbsYSXOQPrVHQT9iLnpMLwDg=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4E3A83CB.8020009@infracaninophile.co.uk>|Date:=20T hu,=2004=20Aug=202011=2012:34:35=20+0100|From:=20Matthew=20Seaman= 20|User-Agent:=20Mozilla/5.0=20(M acintosh=3B=20Intel=20Mac=20OS=20X=2010.6=3B=20rv:5.0)=20Gecko/201 10624=20Thunderbird/5.0|MIME-Version:=201.0|To:=20Jos=20Chrispijn= 20|CC:=20freebsd-questions@freebsd.org|Subject:= 20Re:=20Named=20|=20Annoying=20behaviour|References:=20<4E3A7575.8 060901@webrz.net>|In-Reply-To:=20<4E3A7575.8060901@webrz.net>|X-En igmail-Version:=201.2|OpenPGP:=20id=3D60AE908C|Content-Type:=20mul tipart/signed=3B=20micalg=3Dpgp-sha1=3B=0D=0A=20protocol=3D"applic ation/pgp-signature"=3B=0D=0A=20boundary=3D"------------enigD82CD9 14B8705608F7F19509"; b=yKo+nRA2Y0a5IvVkbFknDkb5Xu9k1+6RE6HCByFp62/RNU3ufOiClhoo11xfq4jTe rUm4AItfZI/prC0+/6+1gfJlwr98iKBi9QOrBi8NfWLbJ96hDqkJW/sUCZDpt7F/8e 6xa7VzNewLBrCNSNSR8eVlTe8hWNbo8H82mP58L8= Message-ID: <4E3A83CB.8020009@infracaninophile.co.uk> Date: Thu, 04 Aug 2011 12:34:35 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: Jos Chrispijn References: <4E3A7575.8060901@webrz.net> In-Reply-To: <4E3A7575.8060901@webrz.net> X-Enigmail-Version: 1.2 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD82CD914B8705608F7F19509" X-Virus-Scanned: clamav-milter 0.97.2 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: Named | Annoying behaviour X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2011 11:34:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD82CD914B8705608F7F19509 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable on 04/08/2011 11:33, Jos Chrispijn wrote: > I latety face an issue with BIND 9.4.-ESV-R4-P1. I deduce that you are running FreeBSD 7.x .... > According to my log file, I get the following error: > Aug 4 12:00:03 triton named[93266]: starting BIND 9.4.-ESV-R4-P1 -c > /etc/namedb/named.conf -t /var/named -u bind > Aug 4 12:00:03 triton named[93266]: command channel listening on > 127.0.0.1#953 > Aug 4 12:00:03 triton named[93266]: command channel listening on ::1#9= 53 > Aug 4 12:00:03 triton named[93266]: _the working directory is not > writable_ > Aug 4 12:00:03 triton named[93266]: running >=20 > I tried to chmod w+g the respecive directory, but it is set to default > again by bind itself. > Can someone tell me how I can resolve the +w on the working directory? By default, the permissions on and location of Bind's working directory should be: % ls -lad /etc/namedb/working drwxr-xr-x 2 bind wheel 6 Aug 4 11:26 /etc/namedb/working/ Now, as you're clearly running named under the bind user ID, this suggests that perhaps you have some other directory defined as your working directory in named.conf Check the 'directory' setting in the options {}; block. The location of the working directory was changed not so long ago -- http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/namedb/named.conf#rev1.30 -- due to the requirement for named to track various data to do with DNSSEC. Previously, the working directory was /etc/namedb but simply making this writable by named would have meant a process with the credentials that named runs as could re-write named's configuration file; an unacceptable security risk for a daemon exposed to the internet.= One unfortunate consequence is that any relative paths within named.conf have to be altered accordingly. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigD82CD914B8705608F7F19509 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAk46g9MACgkQ8Mjk52CukIxbeQCeIjglmbZyLzjbZAY8hewWXkDW W8EAmIQRL1JPC6sCiUCMI1O6SywVxp8= =5YHN -----END PGP SIGNATURE----- --------------enigD82CD914B8705608F7F19509--