Comment 21 for bug 341817

Most of the example dynamic dns configs and howtos that are available on the internet aren't secure, as they use the rndc.key and require the dhcpd user to the bind group, both of which compromise security.

A new key should be generated for dynamic dns updates, as described in the dhcpd.conf man page. The key can then be directly included in the config files without requiring apparmor changes.