I have a Bind9 name server working. When I tried automating the creation of A records using Terraform there is a permissions error.
In journal -xe:
Jul 05 19:28:10 Bind9DNS named[2051]: client @0x7f34300e4170 X.X.X.X#64718/key terraformkey: updating zone 'example.com/IN': adding an RR at 'www.example.com' A X.X.X.X
Jul 05 19:28:10 Bind9DNS named[2051]: /etc/bind/zones/forward.example.com.jnl: create: permission denied
Jul 05 19:28:10 Bind9DNS named[2051]: client @0x7f34300e4170 X.X.X.X#64718/key terraformkey: updating zone 'example.com/IN': error: journal open failed: unexpected error
Jul 05 19:28:10 Bind9DNS named[2051]: client @0x7f34300e4170 X.X.X.X#64719: update 'example.com/IN' denied
After searching for days, this reddit post helped: Reddit post
These are the commands to fix the permission errors:
echo /etc/bind/zones/** rw, > /etc/apparmor.d/local/usr.sbin.named
chown bind:bind -R /etc/bind
setcap 'cap_net_bind_service=+ep' /usr/sbin/named