[ISSUE] slave zone files are not in correct directory

[vNabi]

Please prefix your issue title with one of the following: [BUG], [ISSUE], [FEATURE REQUEST], [MODULE REQUEST], [OTHER].

Replace everything between stars with current version of your facileManager and module installations:
fM Version : 4.1.1 fmDNS Version : 5.1.0

In raising this issue, I confirm the following (please check boxes, eg [X]):

• [X] I have read and understood the contributors guide.
• [X] I have checked that the bug-fix I am reporting can be replicated, or that the feature I am suggesting isn't already present.
• [X] I have checked that the issue I'm posting isn't already reported.
• [X] I have checked that the issue I'm posting isn't already solved and no duplicates exist in closed issues and opened issues
• [X] I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.

---

(BUG | ISSUE) Expected Behavior: slave zone files should be stored in "/var/cache/bind" directory, so bind service can update them from its masters.

(BUG | ISSUE) Actual Behavior: slave zone files are in "/etc/bind/zones/" directory.

(BUG | ISSUE) Steps to reproduce: After adding a slave zone, the zone file is created in "/etc/bind/zones/slaves" directory. bind user have read access to this directory, transferring records from master is ok, but zone file does not update, I see this error:

error: dumping master file: /etc/bind/zones/slave/tmp-4uPBTrFWSD: open: permission denied

I found that the apparmor in Ubuntu does not permit bind service to write slave zone files in "/etc/bind/zones/slave/*"

The server root directory is set to "/var/cache/bind", so I think there is an issue here:

fmDNS should create slave zone files in "/var/cache/bind", not in "/etc/bind/zones/slave"

[WillyXJ]

You can configure the zones directory for each server by editing the server details under Config —> Servers.

[vNabi]

You can configure the zones directory for each server by editing the server details under Config —> Servers.

Yes, but as a security perspective, It's not recommended to move master zones directory to a folder which BIND has write permission.

The apparmor confirms this:

cat /etc/apparmor.d/usr.sbin.named

# vim:syntax=apparmor
# Last Modified: Fri Jun  1 16:43:22 2007

# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz

  /etc/bind/** r,
  /var/lib/bind/** rw,
  /var/lib/bind/ rw,
  /var/cache/bind/** lrw,
  /var/cache/bind/ rw,

I suggest a feature, make it possible to choose "master zone directory" and "slave/stub zone directory" under Config —> Servers.

[WillyXJ]

Given there are different ways of setting up BIND depending on the OS, I agree this should be an option to define separate directory space for slave/stub zones.

[WillyXJ]

This is now implemented in fmDNS 5.2.0 and later. In the server configuration pane, you can now define an optional directory for slave/stub zones.