I am running a small system with dynamic dhcpd updates to bind for local
hosts and encountered the following error when trying to hide my update
keys:

Oct 29 08:36:17 maplepark named[14767]: starting BIND 9.5.0-P2 -u named
Oct 29 08:36:17 maplepark named[14767]: found 1 CPU, using 1 worker thread
Oct 29 08:36:17 maplepark named[14767]: loading configuration from
'/etc/named.conf'
Oct 29 08:36:17 maplepark named[14767]: /etc/named.conf:14: open:
/etc/update-keys: permission denied
Oct 29 08:36:17 maplepark named[14767]: loading configuration: permission
denied
Oct 29 08:36:17 maplepark named[14767]: exiting (due to fatal error)

In order to correct the error, I made /etc/update-keys owned by named, but
am concerned that a breach of bind would allow an intruder to read the
secrets from the keyfile. This kind of defeats a reason for running
bind as user named. As I only update my "internal" view, is this a valid
concern as my "external" view only has pubic dns information and is not
dynamically updated?

David Forrest e-mail: drf @ maplepark.com
Maple Park Development Corporation http://www.maplepark.com
St. Louis, Missouri