Unable to start bind on Plesk Ubuntu/Debian server: loading configuration from ‘/etc/named.conf’ loading configuration: permission denied

Symptoms

Unable to start bind9 with the following records in /var/log/syslog file:

named[8362]: loading configuration from '/etc/named.conf'
 named[8362]: open: /etc/named.conf: permission denied
 named[8362]: loading configuration: permission denied
 named[8362]: exiting (due to fatal error)
 kernel: [34074.383056] type=1400 audit(1494212104.678:254): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=8363 comm="named" requested_mask="r" denied_mask="r" fsuid=107 ouid=0

Cause

DNS server configuration files cannot be read by AppArmor.

Resolution

1. Log in the server via SSH.

   Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.

2. Open /etc/apparmor.d/local/usr.sbin.named file if any text editor, for example, “vi”.
3. Add the following into /etc/apparmor.d/local/usr.sbin.named file:

   /var/named/run-root/** rwm,

4. Reload AppArmor:

   # service apparmor reload

5. Start bind9 service:

   # service bind9 start