On Tue, Jul 04, 2006 at 01:12:28AM -0400, Todd Zullinger wrote: > Charles Curley wrote: > >> That's one solution I found for someone having the same problem and > >> it makes sense, as right now your secondary is trying to write the > >> localdomain file to /var/named, which it won't have permission to > >> write to by default. > > > > Well, it *should*. The files there are root:named. But that explains > > it, doh. The files have permissions of -rw-r-----, so all I needed > > to do was change that. > > The files have those permissions, but the directory itself isn't > writable by named. > > > Is this a bug in bind, or rather in the bind RPM package? I'm > > running this in the chroot jail provided by the bind-chroot package. > > Neither, AFAICT. It's by design. Slaves are meant to go in the > slaves subdir, with is writable by named. This is for security. It > limits the amount of damage someone can do with a bind exploit by > limiting the permissions the named user/group has. (Not that bind has > ever had remote exploits. ;) Good enough. > > I think you'll want to fiddle with the settings for notify and/or > also-notify[1]: > > It seems to me that if you set notify to no in the zone config for > localdomain on the slave, that would prevent it from trying to notify > itself. But I'm going on reading the manual, not on having done this > within a reasonable period of time in the past. Yep. In the options stanza, I added "notify no;" and the error message went away. > > >> Relying on government to protect your privacy is like asking a peeping > >> tom to install your window blinds. > >> -- John Barlow, co-founder of EFF > > > > > > Good one. From whom do they think I want to protect my privacy, > > anyway. > > Yourself? Isn't that who the government is always protecting you > from? Oh, yeah, thanks. I had forgotten how noble and selfless our lords and masters are. -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
Attachment:
pgpIrBOpBpoOb.pgp
Description: PGP signature