Ubuntu rndc.key dynamic DNS updates failing


Just wanted to add a quick note about this as I couldn’t find a reason why dynamic DNS on my Ubuntu 9.04 system were failing. I had all the right perms, ownership, etc. I even opened up the files to full world writable and still, I got errors that the journal files could not be written to.

Log snippets:

error: journal open failed: unexpected error

jnl: create: permission denied

Learning as I go… there’s a thing in Ubuntu called Apparmor. Never even heard of this. This is what was keeping the files from being written to by the bind daemon.  I guess Apparmor has been in this for a while now, but for several yeas now, I have not run into a situation where I had to mess with it.

Here’s what you change.  And keep in mind, this is NOT the correct way to handle this on a production or public DNS server.  You’ll need to read up more on the correct config for this one.  But on my tiny LAN or at home, here’s what I did.  In the /etc/apparmor.d directory, edit the usr.sbin.named file.  Find the line:

/etc/bind/** r,

Change it to:

/etc/bind/** rw,

Then restart the apparmord daemon.  If your DDNS config in Bind and DHCP are correct, you should start seeing successful updates now.

Here’s a coulple links that were helpful on the DDNS setup:

http://brunogirin.blogspot.com/2007/11/dhcp-and-dynamic-dns-on-ubuntu-server.html
http://ubuntuforums.org/showthread.php?t=274665
http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html

Also, I wanted to make a note to myself. Creating a new key for DDNS:

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dhcp-update-key

That creates keyfiles in which you’ll get your key string, this is added in your dhcpd.conf and named.conf.* files as “secret”.   RTFM dnssec-keygen. and read up on the links above. :)