[Bug 999324] Re: DDNS dynamic file creation permission denied
** Changed in: bind9 (Ubuntu) Status: New = Confirmed ** Changed in: bind9 (Ubuntu) Importance: Undecided = High ** Tags added: apparmor -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
Thanks for reporting this bug. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
Actually I'm not quite sure why it would have tried to create that file. Can you tell us which release you are on, and post your /etc/bind/named.conf and /etc/bind/named.conf.local files? (We don't want to risk opening permissions for what turns out to be a bug in bind9 itself) ** Changed in: bind9 (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
Create file because updating zonefile from dhcpd
root@intra:/etc/bind# cat named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include /etc/bind/zones.rfc1918;
include /etc/bind/ddns.key;
zone example.com {
type master;
file /etc/bind/db.example.com;
allow-update { key DHCP_UPDATER; };
};
zone 1.10.in-addr.arpa {
type master;
file /etc/bind/db.1.10;
allow-update { key DHCP_UPDATER; };
};
root@intra:/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
include /etc/bind/named.conf.default-zones;
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/999324
Title:
DDNS dynamic file creation permission denied
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
root@intra:/etc/bind# apt-cache policy bind9 bind9: Installiert: 1:9.8.1.dfsg.P1-4 Kandidat:1:9.8.1.dfsg.P1-4 Versionstabelle: *** 1:9.8.1.dfsg.P1-4 0 500 http://de.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages 100 /var/lib/dpkg/status -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
** Changed in: bind9 (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
Thanks for the info, Axel. I was at first wondering whether the 'file' should point to another location to which bind9 already has write access, but the file locations you are using match what is in the server guide (https://help.ubuntu.com/12.04/serverguide/dns-configuration.html). Marking this confirmed. Thanks again. ** Changed in: bind9 (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
Hm, then again, the apparmor policy file says: # /etc/bind should be read-only for bind # /var/lib/bind is for dynamically updated zone (and journal) files. # /var/cache/bind is for slave/stub data, since we're not the origin of it. # See /usr/share/doc/bind9/README.Debian.gz Does this mean that the server guide should be updated? ** Changed in: bind9 (Ubuntu) Status: Triaged = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
So - IIUC either the server guide or the apparmor policy needs to be updated. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: DDNS dynamic file creation permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
The server guide is wrong-- the bind9 packaging has specified /var/lib/bind for journal files and DDNS for a long time. From README.Debian: Zones subject to automatic updates (such as via DHCP and/or nsupdate) should be stored in /var/lib/bind, and specified with full pathnames. This path was added to the apparmor profile in Ubuntu 8.04 LTS and was added to the package during the 8.04 LTS development cycle: bind9 (1:9.4.2-2) unstable; urgency=low ... * bind9: deliver /var/lib/bind directory, and document. Closes: #248771, #200253, #202981, #209022 This separation is by design so that named does not have write access to /etc/bind/* such that a flaw in bind9 doesn't result in writes to authoritative zone data (which is found in /etc/bind). I suggest the server guide documentation be updated to use the paths as specified in the package. In the meantime, people can update /etc/apparmor.d/local/usr.bin.named to add write access to /etc/bind if they desire (or adjust their configuration). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: Server guide gives wrong examples for bind9 (was: DDNS dynamic file creation permission denied) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 999324] Re: DDNS dynamic file creation permission denied
** Changed in: bind9 (Ubuntu) Assignee: (unassigned) = Serge Hallyn (serge-hallyn) ** Summary changed: - DDNS dynamic file creation permission denied + Server guide gives wrong examples for bind9 (was: DDNS dynamic file creation permission denied) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/999324 Title: Server guide gives wrong examples for bind9 (was: DDNS dynamic file creation permission denied) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/999324/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
