[Opendnssec-user] Announcement on OpenDNSSEC 1.3.6
matthijs at nlnetlabs.nl
Wed Feb 29 10:49:15 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
This announcement is made to make you aware that the OpenDNSSEC signer
engine needs write permissions for the signed directory, otherwise it
might be unable to output signed zones.
As you might know, the OpenDNSSEC signer engine writes signed zonefiles
in the /var/opendnssec/signed directory (or another location if
configured otherwise). Therefore, the signer daemon should have write
permissions to this directory.
It is possible that prior (to 1.3.6) versions of OpenDNSSEC does not
require this in some cases, namely if the files within the signed
directory have different file mode bits than the directory, and can be
overwritten. However, with OpenDNSSEC 1.3.6, signed files are first
written out to a temporary file in the signed directory and, in success,
renamed [OPENDNSSEC-209]. So, from now on, the signer should have write
permissions to the signed directory in all cases.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user