Tuesday, May 5, 2015

bind9 - permission denied problems with slave zones

We were having issues with slave zones configuration on Ubuntu Server 14.04. Our slave zone was configured like this:

zone "example.com" {
type slave;
file "/etc/bind/zones/slaves/example.com";
masters {;

Upon bind9 service restart we were experimenting permission denied issues after zone transfer. System logs showed this:

May  5 09:34:20 server named[1163]: dumping master file: /etc/bind/zones/slaves/tmp-uPqJQyCpIG: open: permission denied

May  5 09:34:20 server kernel: [149149.868459] type=1400 audit(1430832860.217:27): apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/zones/slaves/tmp-uPqJQyCpIG" pid=1165 comm="named" requested_mask="c" denied_mask="c" fsuid=103 ouid=103

We couldn't fix this by changing file & folder permissions, and then we realised that apparmor was the one denying us write access to /etc/bind/zones/slaves folder.

We fix this by placing our slave files folder somewhere else. We ended up picking /var/cache/bind/slaves folder.

No comments:

Post a Comment