Updating zone files
These servers are responsible for processing or forwarding mail within the domain.
A Domain Name System (DNS) zone file is a text file that describes a DNS zone.
To create a CNAME record, follow these steps: MX records identify mail exchange servers for the domain.
Nov 12 ps133045 named: client .42#50135: signer " approved Nov 12 ps133045 named: client .42#50135: updating zone 'mydomain.com/IN': adding an RR at 'client$ Nov 12 ps133045 named: /etc/bind/zones/zone.jnl: create: permission denied Nov 12 ps133045 named: client .42#50135: updating zone 'mydomain.com/IN': error: journal open fai$ So I figured it was permissions, so to test I gave both /var/named and /etc/bind chmod 666 Didn't help, so I created the file and chmod 600 it and thought that would do, I also did chown bind:bind and root:bind, but I still get the same error in both cases. Now it actually seems to work, here is the DNS chart for resolving client1.currently, which is a A record I just added with nsupdate ip.seveas.net/dnsgraph/png/client1.epnddns.com/… Therefore, the nsupdate process cannot write to them either.
Now I can't even restart bind due to this error Nov 12 ps133045 named: loading configuration from '/etc/bind/named.conf' Nov 12 ps133045 named: /etc/bind/local:9: open: /var/named/dnskeys.conf: permission denied Nov 12 ps133045 named: loading configuration: permission denied Nov 12 ps133045 named: exiting (due to fatal error) drw-rw-rw- 2 root bind 121 Nov 12 . it doesn't resolve in my browser yet but I gotta update my ns4 server first I assume. If you're dynamically updating your DNS, you should store your zone files in /var/lib/bind instead - https://help.ubuntu.com/14.04/serverguide/dns-configuration.html#dns-primarymaster-configuration Apt installer should have already created this directory with the correct permissions and App Armor context.
So, to allow named to update slave or DDNS zone files, it is best to locate them in $ROOTDIR/var/named/slaves, with zone statements such as: zone "" IN ; zone "" IN ; To allow named to create its cache dump and statistics files, for example, you could use options statements such as: options ; You can also tell SELinux to allow named to update any zone database files, by setting the SELinux tunable boolean parameter 'named_write_master_zones=1', using the system-config-securitylevel GUI, using the 'setsebool' command, or in /etc/selinux/targeted/booleans.
You can disable SELinux protection for named entirely by setting the 'named_disable_trans=1' SELinux tunable boolean parameter.
A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS.