Hello, Thank you all for replying !
Thanks to your suggestions, creating an /etc/bind/subdir directory, and tweaking /etc/apparmor.d/usr.sbin.named allowed me to let ISC DHCP update Bind9 entries. 1. I'm hesitant to file a bug on Debian about this. As this both involves Bind9 and AppArmor, would you say it deserves to be implemented and documented in default Bind9 installation or that it is too specific for this ? 2. If it deserves to to be implemented, how would you name this /etc/bind/subdir directory ? I personally used "/etc/bind/ddns-zones" but surely there exist alternatives that better describe the purpose of this directory (hosting config that bind9 needs to rewrite) such as : writable_conf rw_conf rwconf Detailed steps I followed on Debian Buster to work around the issue were: mkdir /etc/bind/ddns-zones chown root:bind /etc/bind/ddns-zones # I don't know if plain 775 better fits. Comments welcome chmod 2775 /etc/bind/ddns-zones Adding into /etc/apparmor.d/usr.sbin.named, a line: /etc/bind/ddns-zones/** rw, before line /etc/bind/** r, Best regards
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
