set directory for "auto" key files
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 7 14:57:16 UTC 2013
On 07/01/13 14:31, Michael W. Lucas wrote:
> Hi,
>
> Running BIND 9.9 on FreeBSD.
>
> named wants to write managed-keys.bind & the journal file in named's
> root directory. I can change that with the "directory" option, but
> then I have to move all the other directories. Company security policy
> is that named may not do that.
>
> Is there an option that tells named to "write your internal key &
> journal files to location X, but don't change where I've put
> everything else."
For the managed keys:
managed-keys-directory "/var/named/data/dynamic";
As for journal files, they are usually written "next" to the zone; often
the zone is in a sub-directory of the working dir:
zone "foo" {
type master;
# journal will be $NAMED_ROOT/data/zones/foo/zone.jnl
file "data/zones/foo/zone";
};
I've never tried it but there's a "journal" option on the zone; maybe
this takes paths, like so:
zone "foo" {
type master;
# zone lives outside working dir
file "/etc/zones/foo";
# ...but journal lives inside it
journal "data/journals/foo";
};
Note: I've never tested this; it is a wild guess.
> This is an older install with lots of zones and lots of integration
> with older systems, so I would rather not pick up the whole directory
> structure and stuff it under the working directory. Yet I'd really
> like to use auto DNSSec and DLV.
More information about the bind-users
mailing list