Package: bind9 Version: 1:9.18.16-1~deb12u1 Severity: normal
-- System Information: Debian Release: 12.1 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8), LANGUAGE=en_US.utf8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bind9 depends on: ii adduser 3.134 ii bind9-libs 1:9.18.16-1~deb12u1 ii bind9-utils 1:9.18.16-1~deb12u1 ii debconf [debconf-2.0] 1.5.82 ii dns-root-data 2023010101 ii init-system-helpers 1.65.2 ii iproute2 6.1.0-3 ii libc6 2.36-9+deb12u1 ii libcap2 1:2.66-4 ii libfstrm0 0.6.1-1 ii libjson-c5 0.16-2 ii liblmdb0 0.9.24-1 ii libmaxminddb0 1.7.1-1 ii libnghttp2-14 1.52.0-1 ii libprotobuf-c1 1.4.1-1+b1 ii libssl3 3.0.9-1 ii libsystemd0 252.12-1~deb12u1 ii libuv1 1.44.2-1 ii libxml2 2.9.14+dfsg-1.3~deb12u1 ii lsb-base 11.6 ii netbase 6.4 ii sysvinit-utils [lsb-base] 3.06-4 ii zlib1g 1:1.2.13.dfsg-1 bind9 recommends no packages. Versions of packages bind9 suggests: pn bind-doc <none> ii bind9-dnsutils [dnsutils] 1:9.18.16-1~deb12u1 ii dnsutils 1:9.18.16-1~deb12u1 ii systemd-resolved [resolvconf] 252.12-1~deb12u1 pn ufw <none> -- Configuration Files: /etc/apparmor.d/usr.sbin.named changed: /usr/sbin/named flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/nameservice> capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_resource, # /etc/bind should be read-only for bind # /var/lib/bind is for dynamically updated zone (and journal) files. # /var/cache/bind is for slave/stub data, since we're not the origin of it. # See /usr/share/doc/bind9/README.Debian.gz /etc/bind/** rw, /var/lib/bind/** rw, /var/lib/bind/ rw, /var/cache/bind/** lrw, /var/cache/bind/ rw, # Database file used by allow-new-zones /var/cache/bind/_default.nzd-lock rwk, # gssapi /etc/krb5.keytab kr, /etc/bind/krb5.keytab kr, # ssl /etc/ssl/openssl.cnf r, # root hints from dns-data-root /usr/share/dns/root.* r, # GeoIP data files for GeoIP ACLs /usr/share/GeoIP/** r, # dnscvsutil package /var/lib/dnscvsutil/compiled/** rw, # Allow changing worker thread names owner @{PROC}/@{pid}/task/@{tid}/comm rw, @{PROC}/net/if_inet6 r, @{PROC}/*/net/if_inet6 r, @{PROC}/sys/net/ipv4/ip_local_port_range r, /usr/sbin/named mr, /{,var/}run/named/named.pid w, /{,var/}run/named/session.key w, # support for resolvconf /{,var/}run/named/named.options r, # some people like to put logs in /var/log/named/ instead of having # syslog do the heavy lifting. /var/log/named/** rw, /var/log/named/ rw, /var/log/bind/** rw, /var/log/bind/ rw, # gssapi /var/lib/sss/pubconf/krb5.include.d/** r, /var/lib/sss/pubconf/krb5.include.d/ r, /var/lib/sss/mc/initgroups r, /etc/gss/mech.d/ r, # ldap /etc/ldap/ldap.conf r, /{,var/}run/slapd-*.socket rw, # dynamic updates /var/tmp/DNS_* rw, # dyndb backends /usr/lib/bind/*.so rm, # Samba DLZ /{usr/,}lib/@{multiarch}/samba/bind9/*.so rm, /{usr/,}lib/@{multiarch}/samba/gensec/*.so rm, /{usr/,}lib/@{multiarch}/samba/ldb/*.so rm, /{usr/,}lib/@{multiarch}/ldb/modules/ldb/*.so rm, /var/lib/samba/bind-dns/dns.keytab rk, /var/lib/samba/bind-dns/named.conf r, /var/lib/samba/bind-dns/dns/** rwk, /var/lib/samba/private/dns.keytab rk, /var/lib/samba/private/named.conf r, /var/lib/samba/private/dns/** rwk, /etc/samba/smb.conf r, /dev/urandom rwmk, owner /var/tmp/krb5_* rwk, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.named> } /etc/bind/bind.keys [Errno 13] Permission denied: '/etc/bind/bind.keys' /etc/bind/db.0 [Errno 13] Permission denied: '/etc/bind/db.0' /etc/bind/db.127 [Errno 13] Permission denied: '/etc/bind/db.127' /etc/bind/db.255 [Errno 13] Permission denied: '/etc/bind/db.255' /etc/bind/db.empty [Errno 13] Permission denied: '/etc/bind/db.empty' /etc/bind/db.local [Errno 13] Permission denied: '/etc/bind/db.local' /etc/bind/db.root [Errno 13] Permission denied: '/etc/bind/db.root' /etc/bind/named.conf [Errno 13] Permission denied: '/etc/bind/named.conf' /etc/bind/named.conf.default-zones [Errno 13] Permission denied: '/etc/bind/named.conf.default-zones' /etc/bind/named.conf.local [Errno 13] Permission denied: '/etc/bind/named.conf.local' /etc/bind/named.conf.options [Errno 13] Permission denied: '/etc/bind/named.conf.options' /etc/bind/zones.rfc1918 [Errno 13] Permission denied: '/etc/bind/zones.rfc1918' -- debconf information: bind9/start-as-user: bind bind9/run-resolvconf: false bind9/different-configuration-file: Possible workaround: replace "lo" with default NIC in the offending service file / ExecStart invocation.