[dnsdist] Permission denied - SSL certificates

Mark Smith Mark.Smith at dataip.co.uk
Fri May 15 12:14:33 UTC 2020

Hi Remi,

Thanks for the quick reply.
I should have spotted the change to running under another user.
I have now moved a copy of the server.key file in to the /etc/dnsdist
directory, and set permissions for the _dnsdist group.
Obviously, I updated the config file to point to the new location of
the .key file.
All now runs fine.

A bit odd as the permissions for the server.key file were previously
666 which I thought would be okay. It should have been 'world'

Note.. the group on mine is _dnsdist rather than dnsdist  ... I assume
this is as it should be.
Thanks again for your help

That comes from dnsdist 1.5‑rc2 not being started as root anymore, and
therefore likely not being able to enter the /etc/ssl/private
Please read the upgrade guide at [1].

Several options exist there, you could copy the necessary files in
/etc/dnsdist and set the ownership of these files to dnsdist, or
the dnsdist user could be added to the group owning the
directory (ssl‑cert on Debian, if I'm not mistaken), for example.

[1]: https://dnsdist.org/upgrade_guide.html#to‑1‑5‑x 

Best regards,
Remi Gacogne
PowerDNS.COM BV ‑ https://www.powerdns.com/ 

Mark Smith
dataIP Limited                       
tel. +44(0)1785 609520
smtp:Mark.Smith at dataIP.co.uk

More information about the dnsdist mailing list