rndc addzone isn't working. fix available
Bug #1247148 reported by
Pavel Piatruk
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
OS: Ubuntu 12.04,
Bind package:
ii bind9 1:9.8.1.
Bind folder:
drwxr-s--- 3 bind bind 4096 Nov 1 20:46 /etc/bind
* Steps to reproduce the issue
rndc -s localhost addzone 'zzz.com { type master; file "/etc/bind/
rndc: 'addzone' failed: permission denied
* Steps to fix
Edit /etc/init.d/bind9 , add "-d /etc/bind" to start-stop-daemon in start) section
* Explanation
Named tries to store *.nzf (zones created by rndc zoneadd) in a directory from where it started. By default it is not /etc/bind
Changed in bind9 (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
To post a comment you must log in.
snippet of /etc/apparmor. d/usr.sbin. named doc/bind9/ README. Debian. gz cache/bind/ ** lrw,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/
/etc/bind/** r,
/var/lib/bind/** rw,
/var/lib/bind/ rw,
/var/
/var/cache/bind/ rw,
Pavel's proposed solution could cause other issues with apparmor. Furthermore Pavel should place the zone files in /var/lib/bind/.
$ ls -ld /var/lib/ bind/master/ bind/master/
drwxrws--- 3 root bind 4096 Jun 30 23:08 /var/lib/
A directory from a hidden master containing one of my DNSSEC enabled zones, a zone which is configured to automatically rotate the ZSK or zone signing key: bind/master/ tuxedo. net net.hosts. jbk net.hosts. signed net.hosts. signed. jnl
$ sudo ls -la /var/lib/
total 104
drwxrws--- 2 bind bind 4096 Nov 8 18:03 .
drwxrws--- 3 root bind 4096 Jun 30 23:08 ..
-rw-r--r-- 1 root bind 1858 Sep 24 18:51 tuxedo.net.hosts
-rw-r--r-- 1 bind bind 512 Sep 24 18:51 tuxedo.
-rw-r--r-- 1 bind bind 7509 Nov 8 18:03 tuxedo.
-rw-r--r-- 1 bind bind 76419 Nov 8 17:48 tuxedo.