I also have a similar problem accessing /run/named. bind can't create the
directory or any files in it. The error messages:
couldn't mkdir '//run/named': Permission denied
could not create //run/named/session.key
Apparmor problems can be fixed by running aa-logprof and selecting the best
"fix" for your system. I have done that if needed over the months since
apparmor was installed. The other problem is that /run is a type tmpfs so it is
created after each boot so any manual fixes are lost after a reboot. I also
have the same problem for the apt-cacher-ng program. Since this machine is my
router for my home network it is rarely rebooted so I have a temporary fix by
running the following script manually:
cd /run
mkdir named
chown bind.bind named
systemctl restart bind9
mkdir apt-cacher-ng
chown apt-cacher-ng.apt-cacher-ng apt-cacher-ng
systemctl restart apt-cacher-ng
My /etc/bind config directory has no reference to /run. I do see a
/run/resolvconf directory which has resolv.conf in it pointing to localhost and
search domain. This seems correct since bind is listening on localhost and you
want to actually use bind to get and cache dns requests.
My bind is version 9.11.5.P4+dfsg-5.
--
*...Bob*