Ubuntu 10.04 bind9 local zone include files and apparmor
Posted
by
Gilgongo
on Server Fault
See other posts from Server Fault
or by Gilgongo
Published on 2012-04-15T22:09:06Z
Indexed on
2012/04/15
23:32 UTC
Read the original article
Hit count: 273
Rather than putting all my zones in one named.conf.local file, I'd like to have them in groups that I can manage as separate files. So, I've tried putting the following into named.conf.local:
include "/home/zones/group1.conf";
include "/home/zones/group2.conf";
include "/home/zones/group3.conf";
However, when I restart named, I see "permission denied" errors in the logs. Ubuntu uses apparmor for bind, so I also added the following in /etc/apparmor.d/usr.sbin.named:
/home/zones/group1.conf r,
/home/zones/group1.conf r,
/home/zones/group1.conf r,
Now, when I re-start named, all appears to be well. Zones are loaded (I think). However, a day or two later, I see my secondary name server complaining that the primary is telling it that it's not authoritative for those domains. I then have to put all the domains back into the named.conf.local file again.
How can I get bind9 to use include files in this way? I don't know much about apparmor, so that may or may not be the issue here, but I've used include files in this way on Debian OK.
© Server Fault or respective owner