File permission error with bind on Ubuntu 8.04

Starting with Ubuntu 8.04 slave zones under bind9 may not work as well as you may think – depending on where you believe you should save your zone files. The syslog shows permission error when bind tries to write to any folder under /etc/bind. That is where I had kept such files before – I realise now that this was a mistake – or at least not in line with common best practice.

This is the error you may see:


dumping master file: /etc/bind/slave/tmp-31s25Singg: open: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: failed while receiving responses: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: end of transfer

Starting with Ubuntu 8.04, apparmor is included by default in the installation. This was a new feature for me. In short, apparmor prevents unauthorised file activities and the reason for my file permission problem with bind was that I tried to write slave zone files to /etc/bind/slave. But, by definition, the local host does not hold the master copy of a slave zone. Such data should instead be saved in /var/cache/bind. Once I changed my zone definition and restarted bind it went well.

One thought on “File permission error with bind on Ubuntu 8.04”

  1. Hi

    Thanks for the tip. I was crazy not to find why I had this permission error…

    Could you tell how you found out it was AppArmor and where you read it was better to write those files into /var/cache/bind (which sounds better after this explanation) ? Did I miss some man page…?

Comments are closed.