Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9

To: Michael Paoli <michael.paoli@berkeley.edu>
Cc: debian-user@lists.debian.org
Subject: Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
From: jeremy ardley <jeremy.ardley@gmail.com>
Date: Mon, 15 Sep 2025 16:58:54 +0800
Message-id: <[🔎] c0c0cd2d-88ec-4896-b857-a2dcc8d778e4@gmail.com>
In-reply-to: <[🔎] CAPU_E+domi0Mo=vnbvqo=AhakSrz0nsYXwmNBwPufktnY23yDA@mail.gmail.com>
References: <[🔎] CAPU_E+f6nvioWnZhUpYSrU+x7Y1wP7NN3YK81sNBi-23bG_1-A@mail.gmail.com> <[🔎] 1e037a71-94b8-4a4d-a435-e47399d65f67@gmail.com> <[🔎] CAPU_E+domi0Mo=vnbvqo=AhakSrz0nsYXwmNBwPufktnY23yDA@mail.gmail.com>


On 15/9/25 16:40, Michael Paoli wrote:

There is an alternative location for primary zone files in /var/lib/bind
but it does not seem common either.

Actually, as far as I can tell, that's what's most commonly intended
for primary zones in the case of dynamic (DDNS, etc.) content.

FYI I investigated further on the location of primary files and there isno real standard but I did see default debian installs create adirectory /var/lib/bind

It seems on first principles that /var/lib/bind is the correct locationfor primary DNS files and associated keys in a subdirectory


named.conf.options:        directory "/var/lib/bind";

named.conf.options:        key-directory "keys";

That is the primary zone directory is /var/lib/bind and "keys" is arelative path to the primary zone directory so /var/lib/bind/keys

The reasoning is that /var/cache should be only for stuff that can bedeleted and /var/lib should be stuff that is unique to the system but ismaintained by a package

Other directories in /usr/local are from packages that are compiled fromsource and need local permanent storage independent anything in thedistro. So distro packages won't use /usr/local


so /usr/local/etc, /usr/local/lib etc.

I have just moved my primary domains and keys to /var/lib/bind and itall seems to be working correctly given the config file changes.

My other issue, and this may be only Trixie, is the use of extended filenames in /etc/bind. The one I still use are


-rw-r--r--. 1 root bind 2928 Jan 25  2025 bind.keys
-rw-r--r--. 1 root bind  237 Sep 21  2023 db.0
-rw-r--r--. 1 root bind  271 Mar 23  2022 db.127
-rw-r--r--. 1 root bind  237 Mar 23  2022 db.255
-rw-r--r--. 1 root bind  353 Mar 23  2022 db.empty
-rw-r--r--. 1 root bind  270 Mar 23  2022 db.local
drwxr-s---. 2 root bind 4096 Mar 23  2022 master
-rw-r--r--. 1 root bind  938 May  4  2024 named.conf
-rw-r--r--. 1 root bind  498 Sep 22  2023 named.conf.default-zones
-rw-r--r--. 1 root bind 3141 Sep 15 13:13 named.conf.local
-rw-r--r--. 1 root bind 1557 Sep 15 12:50 named.conf.options
-rw-r--r--. 1 root bind 3311 May  2  2024 named.root
-rw-r-----. 1 bind bind  107 Sep 30  2023 rndc.key
-rw-r--r--. 1 root bind 1317 Mar 23  2022 zones.rfc1918

Reply to:

Follow-Ups:
- Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
  - From: jeremy ardley <jeremy.ardley@gmail.com>

References:
- BIND 9: substantially updated: https://wiki.debian.org/BIND9
  - From: Michael Paoli <michael.paoli@berkeley.edu>
- Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
  - From: Michael Paoli <michael.paoli@berkeley.edu>

Prev by Date: Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
Next by Date: Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
Previous by thread: Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
Next by thread: Re: BIND 9: substantially updated: https://wiki.debian.org/BIND9
Index(es):
- Date
- Thread