ubuntu and bind acting as slave

While installing a slave dns server with bind, I went into trouble. I could not understand why my slave zone would not synchronize. Actually I found these entries in /var/log/daemon.log:

named[24309]: dumping master file: /etc/bind/tmp-b0KyuKU5pG: open: permission denied
named[24309]: transfer of '' from w.x.y.z#53: failed while receiving responses: permission denied

It appears that since hardy, ubuntu doesn’t allow the named process to write in /etc/bind/ while it’s running.
Ubuntu is configured to allow slave zone to stay in /var/cache/bind/

So your slave zone will look like:

zone "" IN {
        type slave;
        file "/var/cache/bind/";
        masters { w.x.y.z; };

For the details, it’s due to apparmor, and precisely the file /etc/apparmor.d/usr.sbin.named.
As shipped with ubuntu, this file contains the authorizations for the named process that restricts where bind can write its zones, and reserves /var/cache/bind/ as the directory where bind is supposed to put its slave zones.
This seems to me technically good because /etc is pretty much supposed to be “read-only able” (beside /etc/mtab and /etc/resolv.conf that you can put in /dev/shm or link from /var/etc). This makes me wonder where to put master zones that you want to change ? Probably in /var/lib/bind because it’s where dynamically updated zone are.

Hardy (ubuntu 8.04) Xen images

I have found Ubuntu Hardy Heron (8.04) XEN images.
It’s here and If you want a 64bit version, you have one here. Use this if you are lazy (I’m usually making my own images from scratch, but it’s not really necessary, using these images is faster and you get pretty much the same result).

