Hi Bernhard, > Le 22 déc. 2017 à 17:20, Bernhard Schmidt <[email protected]> a écrit : > > Am 22.12.2017 um 16:51 schrieb Noury: > > Hello Noury, > > thanks for your report. > >> When starting bind9, I have error messages and bind doesn't start> Other >> packages are unusable because they need it (ex exim4 as it's my MTA) >> Dec 22 16:28:39 colibri named[26358]: isc_stdio_open '/var/log/bind.log' >> failed: permission denied >> Dec 22 16:28:39 colibri named[26358]: isc_stdio_open '/var/log/bind.log' >> failed: permission denied >> Dec 22 16:28:39 colibri named[26358]: configuring logging: permission denied > [...] >> Dec 22 16:28:39 colibri kernel: [288377.634631] audit: type=1400 >> audit(1513956519.915:16): apparmor="DENIED" operation="mknod" >> profile="/usr/sbin/named" name="/var/log/bind.log" pid=26358 >> comm="isc-worker0000" requested_mask="c" denied_mask="c" fsuid=110 ouid=110 >> Dec 22 16:28:39 colibri systemd[1]: bind9.service: Main process exited, >> code=exited, status=1/FAILURE >> Dec 22 16:28:39 colibri systemd[1]: bind9.service: Failed with result >> 'exit-code'. > > named does not log to /var/log/bind.log by default, is this somewhere in > your configuration ("grep /var/log/bind.log /etc/bind/*")? AppArmor > policy for named forbids writing logfiles except for /var/log/named/
grep gives: /etc/bind/named.conf.options: file "/var/log/bind.log" size 10m; > > # some people like to put logs in /var/log/named/ instead of having > # syslog do the heavy lifting. > /var/log/named/** rw, > /var/log/named/ rw, > > Please check the AppArmor documentation in the Debian Wiki > (https://wiki.debian.org/AppArmor) on how to allow custom paths in the > AppArmor profile. I’m going to read this. Do you have an idea why this begun two days ago. I’ve been informed by a monitoring on secondary dns. Zones have not been transferred fir two days. Noury > > Bernhard
