Should I use /etc/bind/zones/ or /var/cache/bind/?

Each tutorial seems to have a different opinion on this. For my ISC BIND zones, should I use /etc/bind/zones/ or /var/cache/bind/? In the last install, I used /var/cache/bind/ but only because I was guided to do so; however I just spotted a pid file in there for this new Debian install, so I figured that using the "working directory" to store zone files probably wasn't the best idea. It seems that many admins use this so they don't have to type the full path when declaring a new zone.

For example:

file "/etc/bind/zones/db.foobar.com";

Instead of:

file "db.foobar.com";

Is obviously easier to type, but is it good or bad practice?

Some may also suggest setting the working directory to /etc/bind/zones:

options {
    // directory "/var/cache/bind";
    directory "/etc/bind/zones";
}

... but something tells me this isn't good practice, since the pid file would be created there I assume (unless it's just in /var/cache/bind by coincidence).

I took a look at the manpage but it didn't seem to say what the directory option was for, any ideas exactly what it was design for?


Solution 1:

For your master zones, they should go in /etc/bind/zones because they're config. Secondary (slave) zones should be in /var/cache/bind/secondary or similar, because it's just cached data that can be retrieved from the master if the data is lost.

Solution 2:

/var/lib/bind/ - master and dynamic zones

/var/cache/bind/ - secondary zones

/etc/bind/ - zones that should not change for the lifetime of the server.

Solution 3:

Just like womble, I agree with the fact that /var/cache/bind is good for secondary (slave) zones. On the other hand, I don't think that master zones should be under /etc. They are configuration files just as much as content served by Apache is, so they should be stored somewhere under /var, but not under /var/cache.

Just for the record, Red Hat based systems store zones under /var/named (from where they might be copied automatically to /var/named/chroot/var/named). The configuration file is /etc/named.conf.

Solution 4:

A short answer is that it doesn't matter and either will work.

I used to use /var/cache/bind, but now I always use /etc/bind as /var/cache is usually excluded from backups (per the FHS /var/cache must be able to be recreated automatically).

Any secondary or dynamic zones still live in /var/cache.