Possible BIND setup bugs

Fri Oct 17 00:44:12 UTC 2003

Hi there,

Just two items with the bind install on a fresh fedora test 3 install
(minimal with bind installed later).

a) unlike previous fresh installs of bind with earlier fedora tests the
/etc/rndc.key file does not seem to contain a pregenerated secret key with
the suppled file containing:

key "rndckey" {
        algorithm       hmac-md5;
        secret "@KEY@";
};

It would seem as part of the generation process the key is not being made.
I'm not sure if this is a delibrate move to foce users to make their own
key or an actual issue. It does however prevent named from working
"out-of-the-box".

b) Once a key is generated named then works fine, however the default
permissions on the /var/named directory do prevent the commands:

rndc dumpdb
rndc stats

>From outputing their results (as they dump files into /var/named)

The default permissions set on /var/named are:

drwxr-x---    2 root     named        4096 Oct 16 22:27 named

Since when using the rndc commans above the output is run as the named
users (regardless of which local user ran the command) it can not write to
the directory. However I have a funny feeling that these permissions are
set for security reasons. Can anyone clear these two issues up for me?

Cheers

Daniel

--------------------------------------------------
           Sent from Code Fish Web Mail           
           Code Fish - Fishing for clues          
           http://www.codefish.net.au             
--------------------------------------------------