Apparmor breaks slave DNS

This is why it's important to check your log-files after upgrading your OS. It turns out that the latest Debian upgrade introduces new rules for apparmor which is not compatible with ISPConfig.

This error was found inside of syslog

Apr 17 09:03:22 ispc named[634]: dumping master file: /etc/bind/slave/tmp-zF5dGFeAck: open: permission denied
Apr 17 09:03:22 ispc kernel: [217820.275291] audit: type=1400 audit(1618643002.683:563): apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/slave/tmp-zF5dGFeAck" pid=527 comm="isc-worker0000" requested_mask="c" denied_mask="c" fsuid=116 ouid=116

Create a symbolic link to the correct path of bind slave config:

# ln -s /etc/bind/slave /var/cache/bind/slave

Modify your apparmor rules:

# vim /etc/apparmor.d/usr.sbin.named
/etc/bind/slave/** lrw,
/etc/bind/slave/ rw,

Reload apparmor rules for BIND

# apparmor_parser -r /etc/apparmor.d/usr.sbin.named