Allow only temporary zone updates without making them permanent
Anderson, Charles R
cra at wpi.edu
Wed Jun 26 19:04:05 UTC 2019
On Wed, Jun 26, 2019 at 07:46:20PM +0300, Lefteris Tsintjelis via bind-users wrote:
> On 26/6/2019 17:39, Grant Taylor via bind-users wrote:
> > Or are you wanting to update the zone contents without actually updating
> > the zone file on disk?
>
> Yes, exactly this. That is the reason I changed the actual zone disk
> file permissions to root thinking that files would not be modifiable,
> but bind surprised me there. I did not expect to change the file
> ownership from root to bind! The problem started with ACME actually as
> it always messes up my disk zone files and have to always restore them.
> I would still like to use something like that in small DDNS zones also,
> serving just a few IPs only. Non disk writable/modifiable zones could
> perhaps add a small layer of extra security as well.
If Linux:
chattr +i filename
If FreeBSD:
chflags schg filename
More information about the bind-users
mailing list