MIME-Version: 1.0
In-Reply-To: <rt-4.2.8-81185-1490032719-911.44853-0-0@isc.org>
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Disposition: inline
X-RT-Interface: Web
References: <RT-Ticket-44853@isc.org>
 <317307465.487433.1489162746275.JavaMail.zimbra@redhat.com>
 <960257277.509834.1489165546786.JavaMail.zimbra@redhat.com>
 <rt-4.2.8-22120-1489165551-1685.44853-3-0@isc.org>
 <20170310174641.GB92236@isc.org>
 <rt-4.2.8-35031-1489168002-1134.44853-5-0@isc.org>
 <1dee09e0-c1a7-3d7f-0c71-9368e04ae1be@redhat.com>
 <rt-4.2.8-81185-1490032719-911.44853-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.2.8-39100-1490423317-705.44853-0-0@isc.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC:
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 958


> I think there are only dynamic zones with their journal. But they use
> temporary files in the same directory as themselves, aren't they?
> What other problems can it make? I can think only automatic DNSSEC
> resigning. Such zones are updated using dynamic updates anyway, aren't
> they? Selinux will log any access violation. The only problem reported
> by users was .nzf files. If you know any potential problems, I would
> really like to hear them.

The most significant problem that's hard to correct with careful configuration
of named is that most platforms write core dumps to the working directory by
default, and changing that is usually a system-wide setting rather than something
that can be corrected specifically for named. It makes for difficult
debugging.

But I do think you're correct that the files named has direct control over can
be configured to write elsewhere (with the exception of NZF and NZDB files,
which your patch addresses).