Starting with Ubuntu 8.04 slave zones under bind9 may not work as well as you may think – depending on where you believe you should save your zone files. The syslog shows permission error when bind tries to write to any folder under /etc/bind. That is where I had kept such files before – I realise now that this was a mistake – or at least not in line with common best practice.
This is the error you may see:
dumping master file: /etc/bind/slave/tmp-31s25Singg: open: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: failed while receiving responses: permission denied
transfer of 'example.com/IN' from 192.168.16.10#53: end of transfer
Starting with Ubuntu 8.04, apparmor is included by default in the installation. This was a new feature for me. In short, apparmor prevents unauthorised file activities and the reason for my file permission problem with bind was that I tried to write slave zone files to /etc/bind/slave. But, by definition, the local host does not hold the master copy of a slave zone. Such data should instead be saved in /var/cache/bind. Once I changed my zone definition and restarted bind it went well.