Bind 9 not starting

[onycro]

Hello there,

I have a very common issue with bind. I am using plesk 12. It is not starting due to permission issues.

/var/log/syslog

Jan 27 10:37:31 h1862523 named[2646]: loading configuration from '/etc/named.conf'
Jan 27 10:37:31 h1862523 named[2646]: open: /etc/named.conf: permission denied
Jan 27 10:37:31 h1862523 kernel: [8647637.080835] type=1400 audit(1453891051.441:68): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=2647 comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
Jan 27 10:37:31 h1862523 named[2646]: loading configuration: permission denied
Jan 27 10:37:31 h1862523 named[2646]: exiting (due to fatal error)

So I took a look at the file permissions:

ls -l /etc/named.conf
lrwxrwxrwx 1 root root 34 Oct 19 14:56 /etc/named.conf -> /var/named/run-root/etc/named.conf

Which seems fine to me. Can someone help me please?

Best wishes,
onycro

 

[onycro]

Ok I apparently just found a working solution:
http://kb.odin.com/en/120026

EDIT:
I found out, when using apt-get upgrade it is installing apparmor again. So I had to remove it from installed packages list:

dpkg -r apparmor

 

[Lloyd_mcse]

Or you can add the file...

/etc/apparmor.d/local/usr.sbin.named

Containing...

# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/var/named/run-root/** rwm,

And that will also get bind working again.
Kind regards

Lloyd

 

[trialotto]

@onycro and @Lloyd_mcse

Actually, on a normal Ubuntu system (and various derivatives thereof):

a) the /etc/apparmor.d/local/usr.sbin.named file can be empty, (and)

b) the /etc/apparmor.d/usr.sbin.named file should contain the following lines

/var/log/named/** rw,
/var/log/named/ rw,

and this should be set by default, otherwise a manual edit is possible to allow bind with apparmor.

Regards....