$TTL 60 ; 1 minute dd2 A 192.168.1.7 $TTL 86400 ; 1 day ex1 A 192.168.1.2 ex2 A 192.168.1.2 ex3 A 192.168.1.3 ex4 A 192.168.1.4 Dynamic zones have a journal file that goes along with them. It's a binary file so you won't be able to view it directly, but recent dynamic update changes are stored in this file, and then periodically written back into the zone file.Each zone file may contain directives and resource records.
Resource records define the parameters of the zone and assign identities to individual hosts.
Nov 12 ps133045 named: client .42#50135: signer " approved Nov 12 ps133045 named: client .42#50135: updating zone 'mydomain.com/IN': adding an RR at 'client$ Nov 12 ps133045 named: /etc/bind/zones/zone.jnl: create: permission denied Nov 12 ps133045 named: client .42#50135: updating zone 'mydomain.com/IN': error: journal open fai$ So I figured it was permissions, so to test I gave both /var/named and /etc/bind chmod 666 Didn't help, so I created the file and chmod 600 it and thought that would do, I also did chown bind:bind and root:bind, but I still get the same error in both cases. Now it actually seems to work, here is the DNS chart for resolving client1.currently, which is a A record I just added with nsupdate ip.seveas.net/dnsgraph/png/client1.epnddns.com/… Therefore, the nsupdate process cannot write to them either.
Now I can't even restart bind due to this error Nov 12 ps133045 named: loading configuration from '/etc/bind/named.conf' Nov 12 ps133045 named: /etc/bind/local:9: open: /var/named/dnskeys.conf: permission denied Nov 12 ps133045 named: loading configuration: permission denied Nov 12 ps133045 named: exiting (due to fatal error) drw-rw-rw- 2 root bind 121 Nov 12 . it doesn't resolve in my browser yet but I gotta update my ns4 server first I assume. If you're dynamically updating your DNS, you should store your zone files in /var/lib/bind instead - https://help.ubuntu.com/14.04/serverguide/dns-configuration.html#dns-primarymaster-configuration Apt installer should have already created this directory with the correct permissions and App Armor context.
However if the thought of anyone being able to transfer your precious zone file is repugnant, or (and this is far more significant) you are concerned about possible Do S attack initiated by XFER requests, then use the following policy.
allow-update defines an address_match_list of hosts that are allowed to submit dynamic updates for master zones, and thus this statement enables Dynamic DNS.