BIND service fails to start on a Plesk for CentOS 7 server: failed to generate session key for dynamic DNS: permission denied

Symptoms

The BIND service fails to start with one of the following error messages in the service status or /var/log/messages:

CONFIG_TEXT: named[27482]: could not create /var/run/named/session.key
named[27482]: failed to generate session key for dynamic DNS: permission denied
...
named[27482]: could not configure root hints from 'named.root': file not found

CONFIG_TEXT: named-chroot.service: Can't open PID file /var/named/chroot/var/run/named/named.pid (yet?) after start: No such file or directory

Cause

Incorrect permissions or ownership for BIND files/directories.

Resolution

1. Connect to the Plesk server via SSH.

2. Create the folders if they are missing:

   # mkdir /var/named/chroot/var/run
   # mkdir /var/named/chroot/var/run/named

3. Set correct permissions and ownership on the files and directories:

   # chown root:named /var/named/
   # chown root:root /var/named/chroot/
   # chown named:named /var/named/chroot/var/
   # chown named:named /var/named/chroot/var/run/
   # chown named:root /var/named/chroot/var/run/named/

4. Verify the permissions and ownership. They must be as below:

   # namei -om /var/named/chroot/var/run/named/
   f: /var/named/chroot/var/run/named/
   dr-xr-xr-x root root /
   drwxr-xr-x root root var
   drwxrwx--T root named named
   drwxr-xr-x root root chroot
   drwxr-xr-x named named var
   drwxr-xr-x named named run
   drwxr-xr-t named root named

5. Start the BIND service:

   # service named-chroot start