Ubuntu 10.04 bind9 local zone include files and apparmor

Posted by Gilgongo on Server Fault See other posts from Server Fault or by Gilgongo
Published on 2012-04-15T22:09:06Z Indexed on 2012/04/15 23:32 UTC
Read the original article Hit count: 262

Filed under:

ubuntu-10.04

|

bind

|

apparmor

|

domaindnszones

Rather than putting all my zones in one named.conf.local file, I'd like to have them in groups that I can manage as separate files. So, I've tried putting the following into named.conf.local:

include "/home/zones/group1.conf";
include "/home/zones/group2.conf";
include "/home/zones/group3.conf";

However, when I restart named, I see "permission denied" errors in the logs. Ubuntu uses apparmor for bind, so I also added the following in /etc/apparmor.d/usr.sbin.named:

/home/zones/group1.conf r,
/home/zones/group1.conf r,
/home/zones/group1.conf r,

Now, when I re-start named, all appears to be well. Zones are loaded (I think). However, a day or two later, I see my secondary name server complaining that the primary is telling it that it's not authoritative for those domains. I then have to put all the domains back into the named.conf.local file again.

How can I get bind9 to use include files in this way? I don't know much about apparmor, so that may or may not be the issue here, but I've used include files in this way on Debian OK.

© Server Fault or respective owner

Related posts about ubuntu-10.04

Cannot access Ubuntu 10/04 after reinstalling Windows

as seen on Super User - Search for 'Super User'
I had Windows Vista Home Premium on HP pavilion desktop. I partitioned the disk for Ubuntu and a swap disk partition and then I installed Ubuntu 10.04. When I would start my computer, I would be given a choice to start Windows or Ubuntu. Today I reinstalled Windows, and now the menu has disappeared… >>> More
Dual head setup for Ubuntu 10.04.1 and Windows XP Pro with same hardware configuration

as seen on Super User - Search for 'Super User'
Hello. I have a Dell OptiPlex 360 workstation at work, with 2 x ATI RV280 [Radeon 9200 PRO] graphics cards installed, which are attached to two identical 19" HII flat panel monitors. I'm using the open source Radeon driver with Ubuntu, and the proprietary drivers with Windows. The good news is that… >>> More
ifup eth0 failed in Ubuntu 11.10 and Ubuntu 10.04.3

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
ifup eth0 failed to bring up eth0 First, I have set static ip using the below commands: Commands: ifdown eth0 ifconfig eth0 X.X.X.X netmask 255.255.252.0 up route add default gw X.X.X.X I was successful in setting up static ip X.X.X.X and I could see the same in the output of command "ifconfig"… >>> More
very long boot up with Ubuntu 10.04.4

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed Ubuntu 10.04.3 on Atom. Then I do the update and upgrade with: #apt-get update #apt-get upgrade #apt-get dist-upgrade The system can boot up now but in almost 2 minutes. After power on and system test, it will stop at "Verifying DMI pool data" for 10 seconds before the GRUB menu comes… >>> More
configuring two network interfaces in ubuntu 10.04.1

as seen on Server Fault - Search for 'Server Fault'
I have got two NICs configured on a VM - each is tied to a specific network, one is a DMZ, the other is an internal network. I want MySQL to listen on the internal network only and Apache on the DMZ listening for HTTP and HTTPS. But as soon as I add the second interface I run into trouble. I can… >>> More

Related posts about bind

ubuntu bind9 AppArmor read permission denied (chroot jail)

as seen on Server Fault - Search for 'Server Fault'
I am trying to run bind9 with chroot jail. I followed the steps mentioned at : http://www.howtoforge.com/debian_bind9_master_slave_system I am getting the following errors in my syslog: Jul 27 16:53:49 conf002 named[3988]: starting BIND 9.7.3 -u bind -t /var/lib/named Jul 27 16:53:49 conf002 named[3988]:… >>> More
setting up bind to work with nsupdate (SERVFAIL)

as seen on Server Fault - Search for 'Server Fault'
I'm trying to update my DNS-Server dynamically using nsupdate. Prerequisite I'm using Debian 6 on my DNS-Server and Debian 4 on my client. I created a public/private key pair using: dnssec-keygen -C -a HMAC-MD5 -b 512 -n USER sub.example.com. I then edited my named.conf.local to contain my public… >>> More
BIND DNS Master with Zerigo Slaves - BIND won't update the slave servers

as seen on Server Fault - Search for 'Server Fault'
I've tried to resolve this myself and have looked through Google and Stack but haven't found the answer I'm looking for. Currently on a VPS server I have BIND DNS installed as a MASTER DNS Server. I use Zerigo's DNS service as SLAVE servers for public use: The Master doesn't receive queries - It's… >>> More
How do I prevent directories mounted with 'bind' from appearing on 'Devices' on nautilus?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have these lines in the fstab # binds /media/DataNtfs/Music /home/can/Music none rw,bind /media/DataNtfs/Pictures /home/can/Pictures none rw,bind /media/DataNtfs/Downloads /home/can/Downloads none rw,bind /media/DataNtfs/Documents… >>> More
C++ question: boost::bind receive other boost::bind

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to make this code work properly, what should I do? giving this error on the last line. what am I doing wrong? i know boost::bind need a type but i'm not getting. help class A { public: template <class Handle> void bindA(Handle h) { h(1, 2); } }; class B { public: void… >>> More