Bug#788159: bind9 tries to write temporary DNSSEC files to /etc/bind instead of /var/cache/bind

Mon, 08 Jun 2015 15:51:53 -0700 

Package: bind9
Version: 1:9.9.5.dfsg-9
Severity: important

Dear Maintainer,

I have enabled inline signing in bind9, but even though I have set "directory 
/var/cache/bind"
it tries to write temporary files into /etc/bind (which fails because the 
debian file ownerships
are sensible and don't allow that sort of thing).


Jun  8 23:44:39 xen named[7604]: zone andrewg.com/IN (signed): reconfiguring 
zone keys
Jun  8 23:44:39 xen named[7604]: zone web/IN (signed): reconfiguring zone keys
Jun  8 23:44:39 xen named[7604]: /etc/bind/db.andrewg.signed.jnl: create: 
permission denied
Jun  8 23:44:39 xen named[7604]: zone andrewg.com/IN (signed): 
zone_rekey:dns_journal_open -> unexpected error


I have to break policy and set /etc/bind to group-writable to get this to work.

Andrew Gallagher.

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.0.4-x86-linode75 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9 depends on:
ii  adduser                3.113+nmu3
ii  bind9utils             1:9.9.5.dfsg-9
ii  debconf [debconf-2.0]  1.5.56
ii  init-system-helpers    1.22
ii  libbind9-90            1:9.9.5.dfsg-9
ii  libc6                  2.19-18
ii  libcap2                1:2.24-8
ii  libcomerr2             1.42.12-1.1
ii  libdns100              1:9.9.5.dfsg-9
ii  libgssapi-krb5-2       1.12.1+dfsg-19
ii  libisc95               1:9.9.5.dfsg-9
ii  libisccc90             1:9.9.5.dfsg-9
ii  libisccfg90            1:9.9.5.dfsg-9
ii  libk5crypto3           1.12.1+dfsg-19
ii  libkrb5-3              1.12.1+dfsg-19
ii  liblwres90             1:9.9.5.dfsg-9
ii  libssl1.0.0            1.0.1k-3
ii  libxml2                2.9.1+dfsg1-5
ii  lsb-base               4.1+Debian13+nmu1
ii  net-tools              1.60-26+b1
ii  netbase                5.3

bind9 recommends no packages.

Versions of packages bind9 suggests:
pn  bind9-doc   <none>
ii  dnsutils    1:9.9.5.dfsg-9
pn  resolvconf  <none>
pn  ufw         <none>

-- Configuration Files:
/etc/bind/named.conf.local changed:
//
// Add local zone definitions here.
include "/etc/bind/zones.andrewg";

/etc/bind/named.conf.options 0367900f381d5c83cf34009440f3d211 [Errno 2] No such 
file or directory: u'/etc/bind/named.conf.options 
0367900f381d5c83cf34009440f3d211'

-- debconf information:
  bind9/run-resolvconf: true
  bind9/different-configuration-file:
  bind9/start-as-user: bind


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to