On Sat, 2018-05-26 at 22:45 +0100, André Rodier via bind-users wrote: > On 2018-05-26 22:16, Anand Buddhdev wrote: > > On 26/05/2018 19:47, André Rodier via bind-users wrote: > > > > Hi André > > > > > I need to precise, I have also added this option > > > in named.conf.options: > > > > > > directory "/var/cache/bind"; > > > > > > And bind is creating the journal files inside: > > > > > > -rw-r--r-- 1 bind bind 1.4K May 26 18:36 managed-keys.bind > > > -rw-r--r-- 1 bind bind 512 May 26 18:36 managed-keys.bind.jnl > > > > > > However, when started, bind is apparently trying to write in /etc/bind > > > anyway: > > > > > > > May 26 18:36:01 homebox named[1298]: managed-keys-zone: journal file > > > > is out of date: removing journal file > > > > May 26 18:36:01 homebox named[1298]: managed-keys-zone: loaded serial > > > > 2 > > > > May 26 18:36:01 homebox named[1298]: zone 0.in-addr.arpa/IN: loaded > > > > serial 1 > > > > May 26 18:36:01 homebox named[1298]: zone auto.in-addr.arpa/IN: > > > > loaded serial 1527352056 > > > > May 26 18:36:01 homebox named[1298]: zone 127.in-addr.arpa/IN: loaded > > > > serial 1 > > > > May 26 18:36:01 homebox named[1298]: zone 255.in-addr.arpa/IN: loaded > > > > serial 1 > > > > May 26 18:36:01 homebox named[1298]: zone localhost/IN: loaded serial > > > > 2 > > > > May 26 18:36:01 homebox named[1298]: zone homebox.space/IN > > > > (unsigned): loaded serial 1527352055 > > > > May 26 18:36:01 homebox named[1298]: all zones loaded > > > > May 26 18:36:01 homebox named[1298]: running > > > > May 26 18:36:01 homebox named[1298]: zone homebox.space/IN (signed): > > > > loaded serial 1527352055 > > > > May 26 18:36:01 homebox named[1298]: zone auto.in-addr.arpa/IN: > > > > sending notifies (serial 1527352056) > > > > May 26 18:36:01 homebox named[1298]: > > > > /etc/bind/forward.homebox.space.jbk: create: permission denied > > > > You've told BIND to load zones from /etc/bind, so it will try to create > > the journal files in the same directory, despite the "directory" > > option. > > > > You'll need to move your zones into /var/cache/bind, or a subdirectory > > thereof. > > > > Regards, > > Anand > > Thank you, Anand, > > It is something I am reluctant to do, I have already started to explore > other servers. > > Kind regards, > André
Hello again, Anand and everyone. Thanks for your help, sorry for the answer yesterday, I was pretty upset by this limitation. In the end, I finally used /var/cache/bind as the directory for bind9, and I do not have the error from AppArmor any more. Also, I did not want to loose the time I invested in the configuration. However, I kept my domain definition file in /etc/bind, with read only permissions, and used a symbolic link in /var/cache/bind. This is the safest way I found to keep apart configuration and dynamic data. However, PowerDNS seems a good server I am willing to explore the option. Kind regards, André -- HomeBox: https://github.com/progmaticltd/homebox _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
