CoreDNS fail to bind because no profile in AppArmor #6662
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
What happened:
I was satting a forwarder and a Bind of my IP in the Corefile configuration.
I was able to use dig command to my internal zone but not to the external zones.
After a while debugging and checking that I was able to reach external forwarders using dig command, I found out that removing the bind line everything works.
There was no errors in the logs, just the DNS request was "refused" to external zone
Finally I found that in the Ubuntu server I was configuring AppArmor was enabled so coredns user can not bind any port under 1024 and that was the reason to fail.
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Install ubuntu apparmor enabled and basic installation with CoreDNS. Set a basic configuration where you set an external forwarder and bind a IP of your system. Send a request to this IP using dig and you will get refused without futrther explanations
Anything else we need to know?:
Environment:
the version of CoreDNS:
root@widns01:/etc/coredns# /usr/bin/coredns -version
CoreDNS-1.11.1
linux/amd64, go1.20.7, ae2bbc2
Corefile:
.:53 {
bind 172.30.20.5
forward . 208.67.222.222 208.67.220.220
log
hosts {
reload 0
fallthrough
}
cache
errors
}
w.test.com:53 {
file /etc/coredns/w.test.db
log
errors
}
logs, if applicable:
OS (e.g:
cat /etc/os-release):root@widns01:/etc/coredns# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
Others:
The text was updated successfully, but these errors were encountered: