[Bug 1247148] Re: rndc addzone isn't working. fix available
Charles Peters II
chuck.peters at gmail.com
Mon Nov 11 19:30:34 UTC 2013
snippet of /etc/apparmor.d/usr.sbin.named
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
/etc/bind/** r,
/var/lib/bind/** rw,
/var/lib/bind/ rw,
/var/cache/bind/** lrw,
/var/cache/bind/ rw,
Pavel's proposed solution could cause other issues with apparmor.
Furthermore Pavel should place the zone files in /var/lib/bind/.
$ ls -ld /var/lib/bind/master/
drwxrws--- 3 root bind 4096 Jun 30 23:08 /var/lib/bind/master/
A directory from a hidden master containing one of my DNSSEC enabled zones, a zone which is configured to automatically rotate the ZSK or zone signing key:
$ sudo ls -la /var/lib/bind/master/tuxedo.net
total 104
drwxrws--- 2 bind bind 4096 Nov 8 18:03 .
drwxrws--- 3 root bind 4096 Jun 30 23:08 ..
-rw-r--r-- 1 root bind 1858 Sep 24 18:51 tuxedo.net.hosts
-rw-r--r-- 1 bind bind 512 Sep 24 18:51 tuxedo.net.hosts.jbk
-rw-r--r-- 1 bind bind 7509 Nov 8 18:03 tuxedo.net.hosts.signed
-rw-r--r-- 1 bind bind 76419 Nov 8 17:48 tuxedo.net.hosts.signed.jnl
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1247148
Title:
rndc addzone isn't working. fix available
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1247148/+subscriptions
More information about the Ubuntu-server-bugs
mailing list