Debian 11 requires a different DNS slave zone directory
"seems the template for slave zones should be updated.
Currently, it contains a line like
file "/etc/bind/slave/sec.${DOMAIN}"
but (at least in Debian 11) it should be
file "/var/cache/bind/sec.${DOMAIN}"
The problem is that apparmor denies bind user the permission to write to /etc/bind/slave by default, regardless of permissions in the fs.
Currently I added two lines in /etc/apparmor.d/local/usr.sbin.named :
/etc/bind/slave/** lrw,
/etc/bind/slave/ rw,
But it's just a workaround."
Edited by Thom