0

I am experiencing issues getting Bind9 to start.

Output from "tail /var/log/messages":

Aug 15 06:50:30 iceweb kernel: [125973.964184] type=1400 audit(1313409030.779:50): 
    apparmor="DENIED" operation="open" parent=7227 profile="/usr/sbin/named" 
    name="/var/lib/named/etc/bind/named.conf" pid=7229 comm="named" 
    requested_mask="r" denied_mask="r" fsuid=103 ouid=0

Also here is the output from "/etc/init.d/bind9/restart:

* Stopping domain name service... bind9 

rndc: connect failed: 127.0.0.1#953: connection refused [OK]

* Starting domain name service... bind9     [fail}

What could be wrong?

SmallClanger
  • 9,127
  • 1
  • 32
  • 47
Phill Fernandes
  • 103
  • 1
  • 1
  • 8
  • That looks like an audti log entry from AppArmor. Something in your apparmor configuration is preventing named reading the named.conf file from its current location (Is it perhaps configured to allow it from a different path, perhaps?) – SmallClanger Aug 15 '11 at 12:10

2 Answers2

1

cmiiw, check you named.conf and make sure the zones directory, log, etc allowed (rw) on /etc/apparmor.d/usr.sbin.named

chocripple
  • 2,109
  • 14
  • 9
1

You're trying to use a non-standard path for the config file (/var/lib/named/etc/bind/named.conf), which is in turn prevented by the (default) apparmor profile for BIND9 und your box.

Options include:

  • disable apparmor entirely
  • make the profile for "named" change to complain mode
  • use a default path for the config
Ralf Hildebrandt
  • 489
  • 1
  • 3
  • 12