Date: Tue, 15 Oct 2002 14:35:49 -0400 From: "Dan Langille" <dan@langille.org> To: freebsd-questions@freebsd.org Subject: bind with TSIG needs chgrp bind /etc/namedb Message-ID: <3DAC27C5.23526.3E9077@localhost>
next in thread | raw e-mail | index | archive | help
I've been adding TSIG to varioius domains. But I've found that on my
slavee servers, I've had to set the directory permissions as this:
$ ls -ld /etc/namedb/
drwxrwxr-x 4 root bind 512 Oct 15 09:26 /etc/namedb/
$ ls -ld /etc/namedb/secondary/
drwxr-x--- 2 bind bind 512 Oct 15 09:25 /etc/namedb/secondary/
named is running as: /usr/sbin/named -u bind -g bind
Some bits from /etc/namedb/named.conf:
options {
directory "/etc/namedb";
...
An example TSIG'd domain is:
key 2002100400.katy.com.tsigkey. {
algorithm "hmac-md5";
secret "DpTh3OpfpeZrbvV6kwDKcDaPIOeWn0b5MmUc/kqD57Q=";
};
zone "example.org" {
type slave;
file "secondary/example.org.db";
masters { 192.168.0.98 key 2002100400.katy.com.tsigkey.; };
};
Without setting the chmod, I will get these errors upon ndc reload:
named[89]: write_tsig_info: mkstemp(tsigs.RTdOEg) for TSIG info
failed
named[89]: unable to write tsig info: 'example.org'
I don't like having to put change the permissions on /etc/namedb.
Any other ideas?
--
Dan Langille
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DAC27C5.23526.3E9077>