The nixCraft newsletter, http://www.cyberciti.biz , has some really handy tips. Today's was a BIND 9 'feature' that I didn't have disabled, but should have. BIND 9 allows you to update master zones on a nameserver with the allow-updates command. Bad idea for many reasons, even if you specify allowed addresses. So for security's sake, put
allow-update { none; };
into each of your zone files.
When I'd done this, and done a 'rndc reload', I noticed the following in my log file:
Dec 15 09:02:05 challenger named[3127]: the working directory is not writable
Hmm. A little googling told me that the named directory had to be group writable, and mine wasn't. So:
chmod g+w /var/named/chroot/var/named/
Of course, we're running chroot'ed. If you're not, you should be.
NixSPAM blocklist shuts down
1 day ago
Posts
No comments:
Post a Comment