Small Stories from the trenches

Sometimes it’s funny – you have a server that is totally not behaving well, and when you finally find it out you’ll be like “I need to put this somewhere so I can find it again. “

Well, and where do I find these tricks most of the time? On other blogs – so lets start by sometimes putting out small stories from the trenches.


So, what happend yesterday was an interesting story. We are providing a businesspartner of ours a small VM in our network, so they can actually have a redundant DNS Server (DNS Servers are the phonebook of the internet, so they are quite important still) – and there was the issue the DNS Server wasn’t replicating properly.

Regardless of the permissions I set, DNS kept complaining /etc/bind/zones/tmp-something: open: permission denied

I checked permissions, everything checks out. restart the box, change permissions, check out again, restart. Works when I do it as root, doesn’t when run as bind user

check out again, permissions, very fine, still can’t write.


now, unlike me, my friend has setup his DNS Server to keep the slave replicas in /etc/bind/slave – doesn’t matter where, but within /etc/bind.

And you’re not allowed to write there.

What’s the trick?
change:

/etc/apparmor.d/usr.sbin.named

from:
/etc/bind/** r,
to
/etc/bind/** rw,

restart the Services:
service apparmor restart
service bind9 restart



References/Credits:
https://askubuntu.com/questions/926113/zone-afxr-fails-on-permission-error-dumping-master-file-etc-bind-zones-tmp-y

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on email