ddns-confgen -a hmac-sha512 -k dhcp-server-key
cat > /etc/bind/dhcp.key chown root:bind /etc/bind/dhcp.key chmod 640 /etc/bind/dhcp.key
include "/etc/bind/dhcp.key"; ...
Test update:
nsupdate
zone int.example.com
update add kupa.int.example.com. 300 A 1.2.3.4
show
send
named[22943]: client @0x7f1d14623b10 192.168.64.100#19403: view internal: updating zone 'int.example.com/IN': adding an RR at 'kupa.int.example.com' A 1.2.3.4 audit[22943]: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/master/zone-int.example.com.jnl" pid=22943 comm="isc-worker0000" requested_mask="c" denied_mask="c" fsuid=106 ouid=106 named[22943]: master/zone-int.example.com.jnl: create: permission denied named[22943]: client @0x7f1d14623b10 192.168.64.100#19403: view internal: updating zone 'int.example.com/IN': error: journal open failed: unexpected error kernel: audit: type=1400 audit(1621169400.739:27): apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/master/zone-int.example.com.jnl" pid=22943 comm="isc-worker0000" requested_mask="c" denied_mask="c" fsuid=106 ouid=106
/etc
. It should be done inside /var/lib/bind
. In Debian, app armor is configured as:/etc/bind/zones/** rw,