Oops. A tutorial made me put dynamically updated zones in
/var/cache/bind (See: https://wiki.debian.org/DDNS ), and it is now
working. I could stop the BIND, move directories, and update
named.conf.local ...
Probably I would feel safer if BIND is confined in an entirely separate
namespace (at
Mirsad Goran Todorovac writes:
> Apparently, APPARMOR denied opening of the journal file in
> /etc/bind/zones even when the directory hand bind group write
> permissions.
Looking at the default policy in /etc/apparmor.d/usr.sbin.named in the
Debian bind9 package, I see that /etc/bind/ only have
Hello Matthijs,
Apparently, APPARMOR denied opening of the journal file in
/etc/bind/zones even when the directory hand bind group write
permissions. Also, I tried to move the zone to /var/cache/bind and
upgrade DNSSEC policy at the same time, which appears to have been too
much for good old
Hello Mirsad,
You changed to dnssec-policy with different key algorithms than you used
for manual signing:
Jun 1 21:46:06 domac named[46537]: keymgr: retire DNSKEY
alu.hr/RSASHA256/46119 (ZSK)
Jun 1 21:46:06 domac named[46537]: keymgr: retire DNSKEY
alu.hr/RSASHA256/34042 (KSK)
Jun 1 21:4
Dear All,
I have tried to switch from manually signed DNSSEC zone to dnssec-policy
"standard", and BIND9 server started
behaving odd. Here is the manual signing conf:
include "/etc/bind/keys/domac.alu.hr-tsig.key";
zone "alu.hr" in {
type master;
file "/etc/bind/zones/alu.hr.d
5 matches
Mail list logo
