[Opendnssec-user] Announcement on OpenDNSSEC 1.3.6

Matthijs Mekking matthijs at nlnetlabs.nl
Wed Feb 29 10:49:15 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi users,

This announcement is made to make you aware that the OpenDNSSEC signer
engine needs write permissions for the signed directory, otherwise it
might be unable to output signed zones.

As you might know, the OpenDNSSEC signer engine writes signed zonefiles
in the /var/opendnssec/signed directory (or another location if
configured otherwise). Therefore, the signer daemon should have write
permissions to this directory.

It is possible that prior (to 1.3.6) versions of OpenDNSSEC does not
require this in some cases, namely if the files within the signed
directory have different file mode bits than the directory, and can be
overwritten. However, with OpenDNSSEC 1.3.6, signed files are first
written out to a temporary file in the signed directory and, in success,
renamed [OPENDNSSEC-209]. So, from now on, the signer should have write
permissions to the signed directory in all cases.

Best regards,
  Matthijs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPTgKrAAoJEA8yVCPsQCW5ekUIAL2J8LY35BC5uL/T8H8eZAV7
z0c+Pup/U/e+133bdqhUnOP30x0XnVEsgHkFLyPMybDAvb8BxQBxNiotzILwSTmE
dQNkezSTwObnRCzWLgCFLjQjcHEeoBwyW5MWPXdTzOm724pTSxuXsJKYDBSNADNJ
1JceoW7SH/P4y+3IfoMI15rH0avJTryCkNPFQgRVFuTsAlEG56EQR/oQwVm0T95A
3qsfrtliy706SWSUg0hpOuJmwGbyitZb68XSyavNKOzA9F0LNLp9rDNUTJiDXR1X
Uo952etCkF3FKXNHOb6qmz63emI+78S5oAHTklFURvO3zhcwCtniGZFsybuRiVU=
=//PB
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list