Getting the following error on the secondary ispconfig server with the secondary dns. Code: Aug 06 22:02:54 be named[1388172]: dumping master file: /etc/bind/slave/tmp-R9GY7UEWfR: open: permission denied While searching for a solution, found the following one suggesting to create a symlink from /etc/bind/slave to /var/cache/bind/slave. https://forum.howtoforge.com/thread...-permission-problem-on-ns2.86471/#post-418877 The solution is about four years old. Is this still a valid solutiond?
The solution is to change permissions of the /etc/bind/slave/ folder so that the user that runs the BIND daemon (typically the user is named "named") has write permissions in that folder.
I am using Debian 12.11. I checked for all users using "compgen -u", there is no named user. Also check for all groups using "compgen -g", there is named group. It seems bind is running under bind user. Here is the permissions of /etc/bind Code: drwxr-sr-x 3 root bind 4.0K Aug 6 21:55 bind Here is the permission of the files in /etc/bind/ Code: root@be:/etc/bind# ls -lh total 64K -rw-r--r-- 1 root root 2.9K Jan 25 2025 bind.keys -rw-r--r-- 1 root root 255 Jan 25 2025 db.0 -rw-r--r-- 1 root root 271 Jan 25 2025 db.127 -rw-r--r-- 1 root root 237 Jan 25 2025 db.255 -rw-r--r-- 1 root root 353 Jan 25 2025 db.empty -rw-r--r-- 1 root root 270 Jan 25 2025 db.local -rw-r--r-- 1 root bind 458 Jan 25 2025 named.conf -rw-r--r-- 1 root bind 498 Jan 25 2025 named.conf.default-zones -rw-r--r-- 1 root bind 8.3K Aug 6 21:52 named.conf.local -rw-r--r-- 1 root bind 907 Jul 31 22:30 named.conf.options -rw-r--r-- 1 root bind 846 Jul 31 22:30 named.conf.options~ -rw-r----- 1 bind bind 100 Jul 31 22:25 rndc.key drwxrws--- 2 root bind 4.0K Jul 31 22:30 slave -rw-r--r-- 1 root root 1.3K Jan 25 2025 zones.rfc1918 Need advice on how to move forward.
Code: root@be:/etc/bind# ls -lh total 64K -rw-r--r-- 1 root root 2.9K Jan 25 2025 bind.keys -rw-r--r-- 1 root root 255 Jan 25 2025 db.0 -rw-r--r-- 1 root root 271 Jan 25 2025 db.127 -rw-r--r-- 1 root root 237 Jan 25 2025 db.255 -rw-r--r-- 1 root root 353 Jan 25 2025 db.empty -rw-r--r-- 1 root root 270 Jan 25 2025 db.local -rw-r--r-- 1 root bind 458 Jan 25 2025 named.conf -rw-r--r-- 1 root bind 498 Jan 25 2025 named.conf.default-zones -rw-r--r-- 1 root bind 8.3K Aug 6 21:52 named.conf.local -rw-r--r-- 1 root bind 907 Jul 31 22:30 named.conf.options -rw-r--r-- 1 root bind 846 Jul 31 22:30 named.conf.options~ -rw-r----- 1 bind bind 100 Jul 31 22:25 rndc.key drwxrws--- 2 bind bind 4.0K Jul 31 22:30 slave -rw-r--r-- 1 root root 1.3K Jan 25 2025 zones.rfc1918 The dump error is still there. Tried restarting bind and unfortunately the error is still there.
Try to run: chmod 775 /etc/bind/slave If this still does not help, then you have maybe AppArmor enabled with a policy that does not allow writing to this directory.
chmod to 775 did not work. Checked AppArmor and it is enabled. Did the following. Code: mv /etc/bind/slave /etc/bind/slave.org mkdir /var/cache/bind/slave chown bind:bind /var/cache/bind/slave chmod 2770 /var/cache/bind/slave ln -s /var/cache/bind/slave /etc/bind/slave Restarted bind and files are successfully generated in /var/cache/bind/slave Can I leave it like this? Safe?
Alternatively, you could have edited the apparmor profile /etc/apparmor.d/usr.sbin.named and add: Code: /etc/bind/slave/** rw, and then reload apparmor and restart bind. But using a symlink and /var/cache/bind/* folder is ok too.
