Sometimes it’s funny – you have a server that is totally not behaving well, and when you finally find it out you’ll be like “I need to put this somewhere so I can find it again. “
Well, and where do I find these tricks most of the time? On other blogs – so lets start by sometimes putting out small stories from the trenches.
So, what happend yesterday was an interesting story. We are providing a businesspartner of ours a small VM in our network, so they can actually have a redundant DNS Server (DNS Servers are the phonebook of the internet, so they are quite important still) – and there was the issue the DNS Server wasn’t replicating properly.
Regardless of the permissions I set, DNS kept complaining /etc/bind/zones/tmp-something: open: permission denied
I checked permissions, everything checks out. restart the box, change permissions, check out again, restart. Works when I do it as root, doesn’t when run as bind user
check out again, permissions, very fine, still can’t write.
now, unlike me, my friend has setup his DNS Server to keep the slave replicas in /etc/bind/slave – doesn’t matter where, but within /etc/bind.
And you’re not allowed to write there.
What’s the trick?
change:
/etc/apparmor.d/usr.sbin.named
from: /etc/bind/** r,
to
/etc/bind/** rw,
restart the Services:service apparmor restart
service bind9 restart
References/Credits:
https://askubuntu.com/questions/926113/zone-afxr-fails-on-permission-error-dumping-master-file-etc-bind-zones-tmp-y