DNS not working - no permissions

[pawelcnet]

So I'm getting this from nslookup "can't find mydomain.com: Server failed"
I checked every online resource, and finally decided to view the logs /var/log/syslog

Code: Select all

zone mydomain.com/IN: loading from master file /home/admin/conf/mydomain.com.db failed: permission denied

Any idea?

Update, I have apparmor installed
apparmor="DENIED" operation="open" profile="/usr/sbin/named"

Update I checked my admin folder permissions and I'm not sure if correct
root@whatever:/home/admin# ls -la
total 36
drwxr-xr-x 6 admin admin 4096 Aug 8 14:00 .
drwxr-xr-x 3 root root 4096 Aug 8 13:54 ..
-rw-r--r-- 1 admin admin 220 Apr 8 2014 .bash_logout
-rw-r--r-- 1 admin admin 3637 Apr 8 2014 .bashrc
drwxr-xr-x 5 root root 4096 Aug 8 13:54 conf
drwxr-x--x 3 root root 4096 Aug 8 13:56 mail
-rw-r--r-- 1 admin admin 675 Apr 8 2014 .profile
-rw-r--r-- 1 admin admin 0 Aug 8 14:00 .sudo_as_admin_successful
drwxrwx--x 2 admin admin 4096 Aug 8 13:54 tmp
drwxr-x--x 3 admin admin 4096 Aug 8 13:56 web

[pawelcnet]

I tried to solve it using this http://www.8layer8.com/?p=382
but still no permission, when I move *.db file to /etc/bind/ the bind9 loads correctly and DNS works.

Who could advise on it?

[pawelcnet]

After translating this: http://ukrhosting.org.ua/vestacp-bind9- ... on-denied/
need to change apparmor config to allow bind and vesta access edit:

Code: Select all

nano /etc/apparmor.d/usr.sbin.named

replace

Code: Select all

/etc/bind/** r,

with

Code: Select all

/etc/bind/** rw,

need this for vesta to add domains to named.conf
add

Code: Select all

/home/** rwm,

needed to allow bind to load config from /home/**

now restart services

Code: Select all

/etc/init.d/apparmor restart
/etc/init.d/bind9 restart

Can someone confirm that?
Fixing vesta for apparmor presence would be nice