rndc delzone {zonename}:权限被拒绝

系统是:

Debian GNU/Linux 8.2 (jessie)

BIND 9.9.5-9+deb8u3-Debian (Extended Support Version)

named.conf.options:

 options { directory "/var/cache/bind"; key-directory "/etc/bind/keys"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; dnssec-dnskey-kskonly yes; sig-validity-interval 21 16; inline-signing yes; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; // permit lookup of unknown dns names recursion no; // allow dynamicly new zones allow-new-zones yes; }; 

caching文件/var/cache/bind/3bf305731dd26307.nzf具有权限0744并由bind:bind拥有

一切按预期工作,我可以添加区域,统计,加载键和一切 – 除了:

rndc delzone {ZoneName}

如果我触发这个命令(作为控制台中的root),我得到一个rndc: 'delzone' failed: permission denied

在日志中没有显示

我真的被困在这里 – 任何人都有一个线索为什么这个权限错误发生?

问题是,我正在修改原始caching文件/var/cache/bind/3bf305731dd26307.nzf

我把rndc addzone之后的所有条目都删除到了我自己的named.conf文件中的文件结构中。 在rndc reload ,当条目不再位于原始caching文件中时,无法通过rndc delzone删除该区域。 要获得权限,当触发rndc reload时,区域文件的configurationstring必须位于原始caching文件/var/cache/bind/3bf305731dd26307.nzf 。 似乎绑定需要这个内部..

因此,当/var/cache/bind/3bf305731dd26307.nzf的内容/var/cache/bind/3bf305731dd26307.nzf说 – 不要手动编辑这个文件,只能通过rndc