I'm having trouble with Bind9 where I'm getting a 'permission denied' error when trying to create a DNS record using `nsupdate`. I checked the permissions and it looks like the `bind` user has the rights to read and write in the `/etc/bind` directory. However, I'm still seeing the error: `/etc/bind/db.example.com.jnl: create: permission denied`. Could there be something else going on that I should check?
5 Answers
Lastly, make sure your configuration allows updates from that source. Sometimes it's not just about file permissions but also about what the config permits.
Double-check if you're running Bind in a chroot environment. If another instance of Bind is already up, that could also cause permission issues. It might help to add your configuration details to your post for more clarity.
Have you checked if SELinux could be interfering? Sometimes it gets in the way even if you think everything is set up correctly. It might be worth running `sestatus` to see if it's enabled.
I don't think SELinux is an issue here; it doesn't come pre-enabled on Debian by default. Just checking with `sestatus` gave me a 'command not found' response.
Which process is generating the log message on the server? You can check that by running `journalctl -fu named.service`. It can provide more insight into what's happening.
You might also want to verify your systemd unit settings. Options like `ProtectSystem=strict` can cause issues too.
Thanks for the tip! It turns out that it is indeed an AppArmor issue. I found logs showing AppArmor denied access to create the journal file.