We were having issues with slave zones configuration on Ubuntu Server 14.04. Our slave zone was configured like this:
zone "example.com" {
type slave;
file "/etc/bind/zones/slaves/example.com";
masters {
1.2.3.4;
};
};
Upon bind9 service restart we were experimenting permission denied issues after zone transfer. System logs showed this:
May 5 09:34:20 server named[1163]: dumping master file: /etc/bind/zones/slaves/tmp-uPqJQyCpIG: open: permission denied
May 5 09:34:20 server kernel: [149149.868459] type=1400 audit(1430832860.217:27): apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/zones/slaves/tmp-uPqJQyCpIG" pid=1165 comm="named" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
We couldn't fix this by changing file & folder permissions, and then we realised that apparmor was the one denying us write access to /etc/bind/zones/slaves folder.
We fix this by placing our slave files folder somewhere else. We ended up picking /var/cache/bind/slaves folder.
No comments:
Post a Comment