content-type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Content-Length: 1500

Hi,

we are Red Hat and Fedora have bind directory /var/named not writeable by named process.

It is possible to configure managed-keys-directory to write dynamic data into other (sub)directory.
I think it would make sense to configure also different dynamic content in similar way.
Currently it is impossible to change directory of dynamic zones added via rndc addzone.
It blocks our packaging and requires manual work from admin. I would like to use
/var/named/dynamic subdirectory that is already used for managed keys.

I think it makes sense for most installations to have read-only access to zone files.
We want that for master zones by default. But we would like possibility to addzone
from default configuration at the same time. It is not easy with the current bind.

I have prepared patch that allows "new-zones-directory" option in configuration,
very similar to "managed-keys-directory". Is that approach acceptable by you?

I modified logic in dns_view_setnewzones(), so that it is always used only to reset current
settings. And moved case when new zones are enabled to bin/named/server.c, where it is
easier to obtain directory from configuration. It is not used from any other place with
real values anyway. I made it to reuse the similar hashing like managed-keys-directory
in bind 9.9. I attached that patch more for a reference.

Are you willing to include such feature?
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik@redhat.com  PGP: 65C6C973