Articles in this section

Why was AWStats deprecated, what tool replaces it, and what happens to existing servers and domains that still use AWStats?
AWStats traffic significantly differs from Plesk traffic stats in a domain
How to enable the local DNS zone for a Plesk domain?
DNS bind service fails on a Plesk server after recent bind package update: loading from master file /var/named/chroot/var/0.13.203.in-addr.arpa.next failed: too many records
How to track which file is being most downloaded on a website on a Plesk server?
Why is it not possible to add a DS record to a root domain in Plesk?
Unable to start BIND DNS server service on a server with Plesk for Debian/Ubuntu: option 'dnssec-enable' no longer exists
How to disable the automatic "notify-to-soa yes" in named.conf for domains in a Plesk server?
Installing extension Slave DNS Manager on Plesk for Windows fails: BIND DNS Server is not installed. To install Slave DNS Manager in Plesk for Windows, copy the "rndc.exe" file to the "C:\Program Files (x86)\Plesk\dns\bin\rndc.exe" folder
Plesk warning: "Domain is not resolvable" on domains that resolve to Cloudflare
See more

Domains hosted in Plesk are not accessible: Bind is not serving queries externally: named[]: open: /etc/named.conf: permission denied

Gabriel Aznarez

Updated August 15, 2024 12:44

kb: technical

Symptoms

Domains are not resolving externally.
The following errors could be found in /var/log/syslog:

named[25513]: open: /etc/named.conf: permission denied
named[25513]: loading configuration: permission denied
kernel:[9748] audit: type=1400 audit(166963.1:193): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/mnt/dir/plesk/var/named/run-root/etc/named.conf" pid=25513 comm="named" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
named[25513]: exiting (due to fatal error)

Cause

The named profile is in the apparmor's enforcing mode.

Resolution

Connect to the server via SSH
Open /etc/apparmor.d/local/usr.sbin.named file if any text editor, for example "vi".
Add the following line into the opened file:

/var/named/run-root/** rwm,
Ensure that include <local/usr.sbin.named> directive is not commented with any preceding # and save the file.

# Site-specific additions and overrides. See local/README for details.
include <local/usr.sbin.named>
}
Reload AppArmor:

# systemctl reload apparmor
Start bind9 service:

# systemctl restart bind9

Comments

1 comment

Alexander Waller
September 03, 2023 10:53

same error as before

0

Please sign in to leave a comment.