A few days ago, while reloading DNS on a server, I noticed an issue in the log:

Jul 31 11:29:50 admin named[6098]: the working directory is not writable

First, let's talk about how this error was caught. When doing various tasks, I often tail the log to watch the process do its thing. In this case, here's what I did:

$ sudo ls
$ rndc reload; sudo tail -f /var/log/messages

Why start off with the sudo ls? Essentially, all I'm doing is getting my password issues out of the way so that when I issue the sudo tail command, I won't be bothered with password stuff. If you don't do this, then you'll be asked for your password before the tail, and you'll likely miss seeing the messages that pop up pertaining to your rndc reload.

So, after doing that, I saw the aforementioned log message. Based on the log message, I assumed that there was some sort of permissions issue here. However, we've been using BIND for a while, so it would surprise me that we have a basic permissions issue. But in my investigation (yea for Google), that was exactly the problem: the named directory was not group writable and needed to be.

Changing the named directory's permissions was an easy trick. After changing into named's parent directory (in our case, that's a rather complicated deal: /var/named/chroot/var/), I simply issued this command:

$ sudo chmod g+w named

This command makes the directory writable by the group and not just the owner (the permissions should look something like this: "drwxrwx–––"). I reloaded, and the error no longer popped up in the logs.