Ubuntu
ubuntu-docs package

Misleading/Incorrect DNS configuration in the Ubuntu Server Docs regaurding DNS setup/install

Bug #393649 reported by daxm
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Won't Fix
Undecided
Unassigned
ubuntu-docs (Ubuntu)
Fix Released
Wishlist
Adam Sommer

Bug Description

Binary package hint: ubuntu-docs

I'm running Ubuntu Workstation 9.04 (with lots of "server" applications installed). My Cisco ASA is performing the DHCP while this computer is doing DNS.

In the DNS section of the Ubuntu Server docs (http://doc.ubuntu.com/ubuntu/serverguide/C/dns.html) you show setting up the new DNS zone files in the /etc/bind directory. This works all well and good until you try to do DDNS (which tries to create/write to journal files). Apparmor blocks the ability to write to the /etc/bind directory no matter what you set the file access to. However, while reading the forums someone mentioned modifying the apparmor config relating to BIND. While editing /etc/apparmor.d/usr.sbin.named I came across this:
<snip>
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
 </snip>

I think there should be a note about putting zone files in /var/lib/bind instead of /etc/bind IF you want DDNS setup. (It only took me 1/2 a day to figure this out.) :-P

Maybe even put all "local" zone files in /var/lib/bind?

Matthew East (mdke)
tags: added: serverguide
Revision history for this message
Adam Sommer (asommer) wrote :

Thank you for reporting this bug, and helping make Ubuntu better. I agree that dynamic DNS zones should be placed in /var/lib/bind, and it has been on my TODO list to add instructions for setting up Dynamic DNS to the Server Guide.

However, I don't agree that all zone files should be placed in /var/lib/bind because by default zone configuration files are placed in /etc/bind. Also, I imagine most admins would look to /etc/ first for configuration files.

Thanks again,
Adam

Changed in ubuntu-docs (Ubuntu):
assignee: nobody → Adam Sommer (asommer)
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
daxm (daxm) wrote : Re: [Bug 393649] Re: Misleading/Incorrect DNS configuration in the Ubuntu Server Docs regaurding DNS setup/install

Honestly I don't care where they are put BUT there should be notes about
how AppArmour blocks the writing to /etc/bind (and has a note about this
in their config file). I think that info should be in the BIND section
of the Ubuntu Server doc too. That is what I'm trying to say.

Adam Sommer wrote:
> Thank you for reporting this bug, and helping make Ubuntu better. I
> agree that dynamic DNS zones should be placed in /var/lib/bind, and it
> has been on my TODO list to add instructions for setting up Dynamic DNS
> to the Server Guide.
>
> However, I don't agree that all zone files should be placed in
> /var/lib/bind because by default zone configuration files are placed in
> /etc/bind. Also, I imagine most admins would look to /etc/ first for
> configuration files.
>
> Thanks again,
> Adam
>
> ** Changed in: ubuntu-docs (Ubuntu)
> Importance: Undecided => Wishlist
>
> ** Changed in: ubuntu-docs (Ubuntu)
> Status: New => Triaged
>
> ** Changed in: ubuntu-docs (Ubuntu)
> Assignee: (unassigned) => Adam Sommer (asommer)
>
>

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

From README.Debian in the bind9 package:
Any zones you are secondary for should be configured in
named.conf with simple filenames (relative to /var/cache/bind), so the data
files will be stored in BIND's working directory (defaults to /var/cache/bind).
Zones subject to automatic updates via DHCP should be stored in /var/lib/bind,
and specified with full pathnames.

If there are cases where you believe this is in error, I suggest discussing this with the bind9 maintainer.

Revision history for this message
Adam Sommer (asommer) wrote :

Marking as fixed. A note about the AppArmor profile was added for the 9.04 release.

Changed in ubuntu-docs (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Alex Brown (alex-rlprj) wrote :

This same problem also exists in the 10.04 LTS Server documentation:

https://help.ubuntu.com/10.04/serverguide/C/dns-configuration.html

I recommend fixing it there also.

Thanks for cleaning up this documentation. It is already very clear, but this will make it even better.

Greg Beam (ki7mt)
affects: ubuntu-docs → serverguide
Revision history for this message
Peter Matulis (petermatulis) wrote :

The 10.04 version of the Server Guide will not be receiving any more corrections. Sorry.

Changed in serverguide:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.