Just wanted to add a quick note about this as I couldn’t find a reason why dynamic DNS on my Ubuntu 9.04 system were failing. I had all the right perms, ownership, etc. I even opened up the files to full world writable and still, I got errors that the journal files could not be written to.
error: journal open failed: unexpected error
jnl: create: permission denied
Learning as I go… there’s a thing in Ubuntu called Apparmor. Never even heard of this. This is what was keeping the files from being written to by the bind daemon.Â I guess Apparmor has been in this for a while now, but for several yeas now, I have not run into a situation where I had to mess with it.
Here’s what you change.Â And keep in mind, this is NOT the correct way to handle this on a production or public DNS server.Â You’ll need to read up more on the correct config for this one.Â But on my tiny LAN or at home, here’s what I did.Â In the /etc/apparmor.d directory, edit the usr.sbin.named file.Â Find the line:
Change it to:
Then restart the apparmord daemon.Â If your DDNS config in Bind and DHCP are correct, you should start seeing successful updates now.
Here’s a coulple links that were helpful on the DDNS setup:
Also, I wanted to make a note to myself. Creating a new key for DDNS:
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dhcp-update-key
That creates keyfiles in which you’ll get your key string, this is added in your dhcpd.conf and named.conf.* files as “secret”.Â Â RTFM dnssec-keygen. and read up on the links above. :)