<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 08/05/2021 14:54, Steven Garner
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJNrfiYWmJkfDah0yhSErJr0BX5c3oc_bm_u-v8+7kAAH0BZdQ@mail.gmail.com">Thank
you for your continued support and patience. That did it:
<div><br>
</div>
<div>Followed the installation steps, and then:</div>
<div>=> Job for pdns.service failed because the control process
exited with error code.<br>
=> journalctl -xe: Unable to open
/etc/powerdns/pdns.d/pdns.local.gmysql.conf<br>
=> chmod 666 /etc/powerdns/pdns.d/pdns.local.gmysql.conf<br>
</div>
</blockquote>
<p>That was bad advice. With mode 666, all system users can see
(and edit!) your SQL passwords.<br>
</p>
<p>For better security, make this mode 640 and owned by root:pdns,
so ls -l output looks like this:<br>
</p>
<p>-rw-r----- 1 root pdns 17720 Mar 15 09:42 pdns.conf<br>
</p>
<br>
<blockquote type="cite"
cite="mid:CAJNrfiYWmJkfDah0yhSErJr0BX5c3oc_bm_u-v8+7kAAH0BZdQ@mail.gmail.com">
<div><br>
</div>
<div>What is the best practice for keeping PDNS up to date? (apt
update && apt -y upgrade ?</div>
</blockquote>
<p>Yes.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAJNrfiYWmJkfDah0yhSErJr0BX5c3oc_bm_u-v8+7kAAH0BZdQ@mail.gmail.com">
<div> or does the fact that I have the <span
style="color:rgb(51,51,51);font-family:"Helvetica
Neue",Helvetica,Arial,sans-serif;font-size:14px">/etc/apt/sources.list.d/pdns.list
and </span><span
style="color:rgb(51,51,51);font-family:"Helvetica
Neue",Helvetica,Arial,sans-serif;font-size:14px">/etc/apt/preferences.d/pdns
files set to </span>version 4.4.X keep it constrained to that
version?)</div>
</blockquote>
<p>That is correct as well. The XXXX-auth-44 repos will only ever
give you 4.4.x packages, so you'll get patch releases on that
branch. When the time comes to move to 4.5.X, then you'll point
to a different repo.</p>
</body>
</html>