question on minimal file permissions
John Bond
jbond at ripe.net
Mon Apr 18 13:04:36 UTC 2011
On 4/18/11 2:17 PM, hostmaster at g-net.be wrote:
>
> and when I configure my zone like this in named.conf.local :
>
> zone "zone.be" {
> type master;
> file "/dnszones/db.zone.be.signed";
> auto-dnssec maintain;
> key-directory "/dnskeys/";
> sig-validity-interval 1;
>
> I get the following message in my logs :
>
> Apr 18 15:00:53 nssec named[3508]: /etc/bind/named.conf.local:25:
> 'auto-dnssec maintain;' requires dynamic DNS to be configured in the
> zone
> Apr 18 15:00:53 nssec named[3508]: loading configuration: failure
> Apr 18 15:00:53 nssec named[3508]: exiting (due to fatal error)
>
> ( by the way , I have disabled apparmor globally on my Ubuntu server for
> now )
>
> Is this due to my mistake ? Or permission related ?
Hello,
As the message states if you are using 'auto-dnssec maintain;' then the
zone needs to be configured as a dynamic zone.
"Using the auto-dnssec option requires the zone to be configured to
allow dynamic updates, by adding an allow-update or update-policy
statement to the zone configuration. If this has not been done, the
configuration will fail."[1]
[1]http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.ch04.html#id2563529
More information about the bind-users
mailing list