• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Bind 9 not starting

onycro

onycro

Basic Pleskian
Hello there,

I have a very common issue with bind. I am using plesk 12. It is not starting due to permission issues.

/var/log/syslog
Code: 
Jan 27 10:37:31 h1862523 named[2646]: loading configuration from '/etc/named.conf'
Jan 27 10:37:31 h1862523 named[2646]: open: /etc/named.conf: permission denied
Jan 27 10:37:31 h1862523 kernel: [8647637.080835] type=1400 audit(1453891051.441:68): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=2647 comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
Jan 27 10:37:31 h1862523 named[2646]: loading configuration: permission denied
Jan 27 10:37:31 h1862523 named[2646]: exiting (due to fatal error)

So I took a look at the file permissions:
Code: 
ls -l /etc/named.conf
lrwxrwxrwx 1 root root 34 Oct 19 14:56 /etc/named.conf -> /var/named/run-root/etc/named.conf

Which seems fine to me. Can someone help me please?

Best wishes,
onycro
 
Ok I apparently just found a working solution:
http://kb.odin.com/en/120026

EDIT:
I found out, when using apt-get upgrade it is installing apparmor again. So I had to remove it from installed packages list:

Code: 
dpkg -r apparmor
 
Last edited:
Or you can add the file...
Code: 
/etc/apparmor.d/local/usr.sbin.named


Containing...
Code: 
# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/var/named/run-root/** rwm,


And that will also get bind working again.
Kind regards

Lloyd
 
@onycro and @Lloyd_mcse

Actually, on a normal Ubuntu system (and various derivatives thereof):

a) the /etc/apparmor.d/local/usr.sbin.named file can be empty, (and)

b) the /etc/apparmor.d/usr.sbin.named file should contain the following lines

/var/log/named/** rw,
/var/log/named/ rw,

and this should be set by default, otherwise a manual edit is possible to allow bind with apparmor.

Regards....
 
You must log in or register to reply here.

Similar threads

M
Question kenrnel audit messages in syslog
Replies
2
Views
550
Kaspar@Plesk
Kaspar@Plesk
M
Resolved Failed to start The Apache HTTP Server: SELinux impedisce a /usr/sbin/httpd un accesso open su file /var/log/modsec_audit.log. -- SOLVED --
Replies
0
Views
2K
mmcomputers
M
E
Resolved /etc/named.conf: permission denied
Replies
1
Views
4K
Erwan
E
K
Issue Apparmor denied named
Replies
5
Views
5K
LarsenD
L
S
Question Fehler audit: type=1400 audit(1701591128.869:160162): apparmor="ALLOWED" operation="sendmsg" profile="php-fpm" name="/run/systemd/notify" pid=448788
Replies
1
Views
1K
Flachzange
F
Back
Top