BIND9 on Debian Squeeze and problems with zone transfers.

That title might be longer than this post, but if you’re running into problems with zone transfers that don’t appear to happen, check to make sure you are putting your zone files in /var/cache/bind.

Specifically, I was setting up a slave DNS server on my SheevaPlug and couldn’t figure out why transfers were not completing. They appeared to be working from the master DNS server;

May 17 23:58:29 webserver named[17497]: client 10.20.30.40#50943: transfer of 'example.com/IN': AXFR started
May 17 23:58:29 webserver named[17497]: client 10.20.30.40#50943: transfer of 'example.com/IN': AXFR ended

But on the slave side, there was no activity. No error messages, no empty files, no nothing. Googling around a bit found a tidbit about AppArmor only allowing BIND to write in /var/cache/bind. I changed /etc/bind/named.conf.default-zones as follows, restarted BIND and presto – my zone files appeared in /var/cache/bind. Woohoo.

zone "example.com" {
type slave;
file "/var/cache/bind/example.com";
masters { 10.100.100.100; };
};