Updating zone file in bind
Now I can't even restart bind due to this error Nov 12 ps133045 named: loading configuration from '/etc/bind/named.conf' Nov 12 ps133045 named: /etc/bind/local:9: open: /var/named/dnskeys.conf: permission denied Nov 12 ps133045 named: loading configuration: permission denied Nov 12 ps133045 named: exiting (due to fatal error) drw-rw-rw- 2 root bind 121 Nov 12 . it doesn't resolve in my browser yet but I gotta update my ns4 server first I assume. If you're dynamically updating your DNS, you should store your zone files in /var/lib/bind instead - https://help.ubuntu.com/14.04/serverguide/dns-configuration.html#dns-primarymaster-configuration Apt installer should have already created this directory with the correct permissions and App Armor context.
157.17183.private -rw------- 1 root bind 126 Nov 12 drwxrwsrwx 3 root bind 4.0K Nov 11 . -rw-r--r-- 1 root root 2.5K Oct 20 -rw-r--r-- 1 root root 237 Oct 20 db.0 -rw-r--r-- 1 root root 271 Oct 20 db.127 -rw-r--r-- 1 root root 237 Oct 20 db.255 -rw-r--r-- 1 root root 353 Oct 20 db.empty -rw-r--r-- 1 root root 270 Oct 20 db.local -rw-r--r-- 1 root root 3.0K Oct 20 -r--r--r-- 1 root bind 3 Nov 10 -rw-r--r-- 1 root bind 463 Nov 11 -rw-r--r-- 1 root bind 490 Oct 20 default-zones -rwxr-xr-x 1 root bind 503 Nov 12 local -rwxr-xr-x 1 root bind 462 Nov 11 -rw-r--r-- 1 root bind 572 Oct 20 options -rw-r----- 1 bind bind 77 Nov 10 drw-rw Srw- 2 root bind 109 Nov 12 zones -rw-r--r-- 1 root root 1.3K Oct 20 zones.rfc1918 drw-rw Srw- 2 root bind 109 Nov 12 . -r--r--r-- 1 root bind 402 Nov 11 zone -rw-rw-rw- 1 bind bind 0 Nov 12 -r--r--r-- 1 root bind 377 Nov 11 rev.241.2.You're absolutely right, I didn't set the permissions correctly for /etc/bind/zones which made the permissions for the file in it rather useless.
There are two main options to BIND9 logging the channel option configures where logs go, and the category option determines what to log.
In a chroot enviroment, BIND9 has access to all the files and hardware devices it needs, but is unable to access anything it should not need.
App Armor is installed by default on recent Ubuntu releases.
These are effectively the same as Primary and Secondary DNS servers, but with a slight organizational difference.
If you configure your registered domain to use A and B as your domain's DNS servers, then C is a Stealth Secondary.
Unless you've explicitly disabled App Armor, you might want to read this before you decide to attempt a chrooted bind.
If you still want to go forward with it, you'll need this information, which isn't covered in the instructions that follow here.
A secondary master DNS server is used to complement a primary master DNS server by serving a copy of the zone(s) configured on the primary server.
Secondary servers are recommended in larger setups.
Remember that this path is relative to the root set by -t.