Dynamic DNS on Bind

I’m trying to configure Dynamic DNS (RFC2136) on my bind server, but can’t understand how should i manage the zonefiles.
Actually the zonefiles are in the /nix/store, and obv they’re read-only files, but dynDNS needs to dynamically edit those zonefiles (let’s encrypt, through lego-acme, for examples).
I managed to setup dynDNS, but when i try to test it using nsupdate i got those errors:

stdio.c:29: unexpected error:
Aug 30 16:58:39 kelpie.garr.cloud.pa. named[969906]: unable to convert errno to isc_result: 30: Read-only file system
Aug 30 16:58:39 kelpie.garr.cloud.pa. named[969906]: /nix/store/xgxi3vkw0gsqw68bj5vqhfj3brbs5ymg-foo.me.zone.jnl: create: unexpected error

And i guess that those are related to the zonefile in the /nix/store being read-only…

Any ideas?

i solved this by using a writable directory in /etc/bind/zones, write the zone file to that and point bind at that file for this zone.

here’s an incomplete snippet and i’m happy to add more details or explain if something’s not understandable.

  system.activationScripts.bind-zones.text = ''
    mkdir -p /etc/bind/zones
    chown named:named /etc/bind/zones
  '';

  environment.etc."bind/zones/${fqdn}.zone" = {
    enable = true;
    user = "named";
    group = "named";
    mode = "0644";
    text = ''
      $ORIGIN .
      $TTL 86400      ; 1 day
      (...)
    '';
  };

  services.bind = {
    enable = true;
    extraConfig = ''
      include "/var/lib/secrets/*-dnskeys.conf";
    '';
    zones = [
      {
        name = fqdn;
        allowQuery = [ "any" ];
        file = "/etc/bind/zones/${fqdn}.zone";
        master = true;
        extraConfig = "allow-update { key rfc2136key.${fqdn}.; };";
      }
    ];
  };

I’d love to see more. I am trying to move my named server from Ubuntu to my local Nix server. I am trying to switch everything to a Nix base, and the DNS server is one of the last things I need to get working.

sorry somehow i missed your notification so far. you can find the whole services.bind config here.