On Wed, 2004-04-07 at 08:37, Alexander Dalloz wrote: > [ again, but unsigned - thank you mailman ] > > Am Mi, den 07.04.2004 schrieb Christopher K. Johnson um 17:36: > > > Wouldn't it be preferable to have a subdirectory /var/named/slave that > > is 770 and define the slave zone files in named.conf to be placed > > there? I suspect the point of the mode 750 with root:named ownership > > was to reduce the risk of a compromised named modifying master zone > files. > > I agree and just had a look at my Fedora machine running bind (in > chrooted mode) and found following directories: > > $ ls -ld /var/named/chroot/var/named/slaves > drwxr-x--- 2 named named 4096 11. Dez 15:56 > /var/named/chroot/var/named/slaves > > $ ls -ld /var/named/slaves/ > drwxrwx--- 2 named named 4096 17. Okt 18:02 /var/named/slaves/ > > That are default permissions. I did not change anything. Unfortunately > my bind is actually only master zone manager and I have no chance to > test it running with slave zones. > > Feedback by others is appreciated. > > Alexander > > > -- > Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 > Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl > Sirendipity 18:37:01 up 19 days, 2:18, load average: 1.45, 1.33, 1.19 > [ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ] > my life is a planetarium - and you are the stars > > The zonefiles on the master need to have a newer (higher) serial number than the slave or the automatic zone refresh will time out. Try running dig @master.domain.com. domain.com. axfr from the slave as user named to force a zone refresh and if it runs, the permissions are correct. Stephen
