/etc/named.conf is correctly checked without error
rasp:/var/lib/samba/bind-dns # rasp:/var/lib/samba/bind-dns # named-checkconf -l
. in _default hint
localhost in _default master
0.0.127.in-addr.arpa in _default master
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa in _default master
pce23.net in _default slave
1.168.192.in-addr.arpa in _default slave
2.168.192.in-addr.arpa in _default slave
3.168.192.in-addr.arpa in _default slave
samdom.pce23.net in _default master
Restarting named give this error:
rasp:/var/lib/samba/bind-dns # systemctl start named
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.
rasp:/var/lib/samba/bind-dns # systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2021-05-13 22:01:24 CEST; 11s ago
Process: 3023 ExecStartPre=/usr/libexec/bind/named.prep (code=exited, status=0/SUCCESS)
Process: 3029 ExecStart=/usr/sbin/named -u named -d 9 $NAMED_ARGS (code=exited, status=1/FAILURE)
CPU: 315ms
May 13 22:01:24 rasp named[3030]: samba_dlz: Failed to connect to Failed to connect to /var/lib/samba/bind-dns/dns/sam.ldb: Unable to open tdb '/var/lib/samba/bind-dns/dns/sam.ldb': Read-only file system: Operations error
May 13 22:01:24 rasp named[3030]: samba_dlz: FAILED dlz_create call result=25 #refs=0
May 13 22:01:24 rasp named[3030]: dlz_dlopen of 'AD DNS Zone' failed
May 13 22:01:24 rasp named[3030]: SDLZ driver failed to load.
May 13 22:01:24 rasp named[3030]: DLZ driver failed to load.
May 13 22:01:24 rasp named[3030]: loading configuration: failure
May 13 22:01:24 rasp named[3030]: exiting (due to fatal error)
May 13 22:01:24 rasp systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
May 13 22:01:24 rasp systemd[1]: named.service: Failed with result 'exit-code'.
May 13 22:01:24 rasp systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
and selinux is not installed.
The file var/lib/samba/bid-dns/dns/sam.ldb seems readable by named
rasp:/var/lib/samba/bind-dns # ls -l
total 16
drwxrwx--- 3 root named 4096 May 13 21:55 dns
-rw-r----- 2 root named 490 May 13 21:55 dns.keytab
-rw-r--r-- 1 root root 982 May 13 21:55 named.conf
-rw-r--r-- 1 root root 2051 May 13 21:55 named.txt
rasp:/var/lib/samba/bind-dns/dns # ls -l sam.ldb
-rw-rw-r-- 1 root named 3620864 May 13 21:55 sam.ldb
Any idea about this read only file system?
Many thanks in advance
Philippe
rasp:/var/lib/samba/bind-dns/dns # mount | grep -v rw
efivarfs on /sys/firmware/efi/efivars type efivarfs (ro,nosuid,nodev,noexec,relatime)
Searching via google return a lot of same error related to permission of /var/lib/samba/private/dns (old) but in the samba mailing list I see that “The binddns dir was changed at Samba 4.8.0 from /usr/local/samba/private/dns to /usr/local/samba/bind-dns/dns.”
Even with a normal user I can read the directory and the files therein.
In the samba wiki https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integrationthey warn about apparmor (disabled here) and selinux (not installed)
rasp:/var/lib/samba/bind-dns/dns # sudo -g named -u root test -w /var/lib/samba/bind-dns/dns/sam.ldb; echo $?
Sorry, user root is not allowed to execute '/usr/bin/test -w /var/lib/samba/bind-dns/dns/sam.ldb' as root:named on rasp.
1
rasp:/var/lib/samba/bind-dns/dns # sudo -g named -u named test -w /var/lib/samba/bind-dns/dns/sam.ldb; echo $?
0
You are right , there is a problem with this file but I first needed to allow a valid shell for named.
rasp:/etc # su named
named@rasp:/etc>id
uid=44(named) gid=44(named) groups=44(named)
named@rasp:/etc> touch -ing /var/lib/samba/bind-dns/dns/sam.ldb
touch: invalid option -- 'i'
Try 'touch --help' for more information.
named@rasp:/etc> touch -a /var/lib/samba/bind-dns/dns/sam.ldb
touch: setting times of '/var/lib/samba/bind-dns/dns/sam.ldb': Operation not permitted
named@rasp:/etc> ls -l /var/lib/samba/bind-dns/dns/sam.ldb
-rw-rw-r-- 1 root named 3620864 May 13 21:55 /var/lib/samba/bind-dns/dns/sam.ldb
named@rasp:/etc> sudo chown named:named /var/lib/samba/bind-dns/dns/sam.ldb
[sudo] password for root:
named@rasp:/etc> ls -l /var/lib/samba/bind-dns/dns/sam.ldb
-rw-rw-r-- 1 named named 3620864 May 13 21:55 /var/lib/samba/bind-dns/dns/sam.ldb
named@rasp:/etc> touch -a /var/lib/samba/bind-dns/dns/sam.ldb
named@rasp:/etc>
Very strange that a user in the group is not allowed to do the changes
Trying to start named.service gives the same error.
I did a recursive chown named:named on /var/lib/samba/bind-dns/dns but thereafter still same problem >:(
rasp:/var/lib/samba # ls -l -R /var/lib/samba/bind-dns/*
-rw-r----- 2 root named 490 May 13 21:55 /var/lib/samba/bind-dns/dns.keytab
-rw-r--r-- 1 root root 1009 May 14 09:37 /var/lib/samba/bind-dns/named.conf
-rw-r--r-- 1 root root 2051 May 13 21:55 /var/lib/samba/bind-dns/named.txt
var/lib/samba/bind-dns/dns:
total 3544
-rw-rw-r-- 1 named named 3620864 May 13 21:55 sam.ldb
drwxrwxr-x 2 named named 4096 May 13 21:55 sam.ldb.d
/var/lib/samba/bind-dns/dns/sam.ldb.d:
total 25988
-rw-rw---- 1 named named 7061504 May 13 21:55 CN=CONFIGURATION,DC=SAMDOM,DC=PCE23,DC=NET.ldb
-rw-rw---- 1 named named 8437760 May 13 21:55 CN=SCHEMA,CN=CONFIGURATION,DC=SAMDOM,DC=PCE23,DC=NET.ldb
-rw-rw---- 2 named named 4694016 May 13 21:55 DC=DOMAINDNSZONES,DC=SAMDOM,DC=PCE23,DC=NET.ldb
-rw-rw---- 2 named named 4694016 May 13 21:55 DC=FORESTDNSZONES,DC=SAMDOM,DC=PCE23,DC=NET.ldb
-rw-rw---- 1 named named 1286144 May 13 21:55 DC=SAMDOM,DC=PCE23,DC=NET.ldb
-rw-rw---- 2 named named 421888 May 14 10:11 metadata.tdb
Good write-up, too bad it did not solve the issue.
On “Very strange that a user in the group is not allowed to do the changes”
named@rasp:/etc> touch -a /var/lib/samba/bind-dns/dns/sam.ldb
touch: setting times of '/var/lib/samba/bind-dns/dns/sam.ldb': Operation not permitted
named@rasp:/etc> ls -l /var/lib/samba/bind-dns/dns/sam.ldb
-rw-rw-r-- 1 root named 3620864 May 13 21:55 /var/lib/samba/bind-dns/dns/sam.ldb
I did not know it either but setting the modification time for a file may only be done by the owner or root, see cannot touch -m a writable file.
I think you should still check how /var/lib is mounted and if those permissions are fine.
binddns dir (G)
This parameters defines the directory samba will use to store the configuration files for bind, such as named.conf.
NOTE: The bind dns directory needs to be on the same mount point as the private directory!
Default: binddns dir = /var/lib/samba/bind-dns
Okay, also that does not give an hint on what is wrong, it’s getting really weird.
I am far from sure it will give more information but the only thing I would still do it try to run the command that systemd is executing from the command prompt under strace.
ExecStart=/usr/sbin/named -u named -d 9 $NAMED_ARGS
So the command is:
strace -o /tmp/named.log /usr/sbin/named -u named -d 9 $NAMED_ARGS
But that run with under the correct user/group and $NAMES_ARGS filled in.
Another thing you could try is to change the rights so all users have read-write access.
I had already added debug level 9 when calling the dlz_bind_16.so
# For BIND 9.16.x
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_16.so -d 9";
this gives more information in journalctl but the same error
May 17 09:04:50 rasp named[30629]: starting BIND 9.16.12 (Stable Release) <id:aeb943d>
May 17 09:04:50 rasp named[30629]: running on Linux aarch64 5.12.0-2-default #1 SMP Thu Apr 29 12:08:56 UTC 2021 (c4830af)
May 17 09:04:50 rasp named[30629]: built with '--host=aarch64-suse-linux-gnu' '--build=aarch64-suse-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/u>
May 17 09:04:50 rasp named[30629]: running as: named -u named -d 9
May 17 09:04:50 rasp named[30629]: compiled by GCC 10.3.0
May 17 09:04:50 rasp named[30629]: compiled with OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021
May 17 09:04:50 rasp named[30629]: linked to OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021
May 17 09:04:50 rasp named[30629]: compiled with libxml2 version: 2.9.10
May 17 09:04:50 rasp named[30629]: linked to libxml2 version: 20910
May 17 09:04:50 rasp named[30629]: compiled with json-c version: 0.15
May 17 09:04:50 rasp named[30629]: linked to json-c version: 0.15
May 17 09:04:50 rasp named[30629]: compiled with zlib version: 1.2.11
May 17 09:04:50 rasp named[30629]: linked to zlib version: 1.2.11
May 17 09:04:50 rasp named[30629]: ----------------------------------------------------
May 17 09:04:50 rasp named[30629]: BIND 9 is maintained by Internet Systems Consortium,
May 17 09:04:50 rasp named[30629]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
May 17 09:04:50 rasp named[30629]: corporation. Support and training for BIND 9 are
May 17 09:04:50 rasp named[30629]: available at https://www.isc.org/support
May 17 09:04:50 rasp named[30629]: ----------------------------------------------------
May 17 09:04:50 rasp named[30629]: adjusted limit on open files from 524288 to 1048576
May 17 09:04:50 rasp named[30629]: found 4 CPUs, using 4 worker threads
May 17 09:04:50 rasp named[30629]: using 4 UDP listeners per interface
May 17 09:04:50 rasp named[30629]: using up to 21000 sockets
May 17 09:04:50 rasp named[30629]: loading configuration from '/etc/named.conf'
May 17 09:04:50 rasp named[30629]: reading built-in trust anchors from file '/etc/bind.keys'
May 17 09:04:50 rasp named[30629]: using default UDP/IPv4 port range: [32768, 60999]
May 17 09:04:50 rasp named[30629]: using default UDP/IPv6 port range: [32768, 60999]
May 17 09:04:50 rasp named[30629]: listening on IPv4 interface lo, 127.0.0.1#53
May 17 09:04:50 rasp named[30629]: listening on IPv4 interface eth0, 192.168.1.91#53
May 17 09:04:50 rasp named[30629]: generating session key for dynamic DNS
May 17 09:04:50 rasp named[30629]: sizing zone task pool based on 9 zones
May 17 09:04:50 rasp named[30629]: Loading 'AD DNS Zone' using driver dlopen
May 17 09:04:50 rasp named[30629]: samba_dlz: INFO: Current debug levels:
May 17 09:04:50 rasp named[30629]: samba_dlz: all: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: tdb: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: printdrivers: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: lanman: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: smb: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: rpc_parse: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: rpc_srv: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: rpc_cli: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: passdb: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: sam: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: auth: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: winbind: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: vfs: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: idmap: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: quota: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: acls: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: locking: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: msdfs: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dmapi: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: registry: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: scavenger: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dns: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: ldb: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: tevent: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: auth_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: auth_json_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: kerberos: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: drs_repl: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: smb2: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: smb2_credits: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_json_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_password_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_password_json_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_transaction_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_transaction_json_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_group_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: dsdb_group_json_audit: 9
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'gssapi_spnego' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'gssapi_krb5' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'gssapi_krb5_sasl' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'spnego' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'schannel' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'naclrpc_as_system' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'sasl-EXTERNAL' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'ntlmssp' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'ntlmssp_resume_ccache' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'http_basic' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'http_ntlm' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'http_negotiate' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'krb5' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: GENSEC backend 'fake_gssapi_krb5' registered
May 17 09:04:50 rasp named[30629]: samba_dlz: ldb: ltdb: tdb(/var/lib/samba/bind-dns/dns/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/bind-dns/dns/sam.ldb: Read-only file system
May 17 09:04:50 rasp named[30629]: samba_dlz:
May 17 09:04:50 rasp named[30629]: samba_dlz: ldb: Unable to open tdb '/var/lib/samba/bind-dns/dns/sam.ldb': Read-only file system
May 17 09:04:50 rasp named[30629]: samba_dlz: ldb: Failed to connect to '/var/lib/samba/bind-dns/dns/sam.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/bind-dns/dns/sam.ldb': Read-only file system
May 17 09:04:50 rasp named[30629]: samba_dlz: Failed to connect to Failed to connect to /var/lib/samba/bind-dns/dns/sam.ldb: Unable to open tdb '/var/lib/samba/bind-dns/dns/sam.ldb': Read-only file system: Operations error
May 17 09:04:50 rasp named[30629]: samba_dlz: FAILED dlz_create call result=25 #refs=0
May 17 09:04:50 rasp named[30629]: dlz_dlopen of 'AD DNS Zone' failed
May 17 09:04:50 rasp named[30629]: SDLZ driver failed to load.
May 17 09:04:50 rasp named[30629]: DLZ driver failed to load.
May 17 09:04:50 rasp named[30629]: loading configuration: failure
May 17 09:04:50 rasp named[30629]: exiting (due to fatal error)
May 17 09:04:50 rasp systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
May 17 09:04:50 rasp systemd[1]: named.service: Failed with result 'exit-code'.
May 17 09:04:50 rasp systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
I have also changed the directories via “chmod 777” for /var/lib/samba/bind-dns/dns and /var/lib/samba/bind-dns/dns/sam.ldb.d: no success
Aboiut strace: NAMED_ARGS is defined in /etc/sysconfig/named as “”
I loaded strace -o /tmp/named.log /usr/sbin/named -u named -d 9 but the log file contains only the open of the needed librairies and end with
...
May 17 09:21:47 rasp named[30808]: samba_dlz: ldb: No encrypted secrets key file. Secret attributes will not be encrypted or decrypted
May 17 09:21:47 rasp named[30808]: samba_dlz:
May 17 09:21:47 rasp named[30808]: samba_dlz: schema_fsmo_init: we are master[yes] updates allowed[no]
May 17 09:21:47 rasp named[30808]: samba_dlz: started for DN DC=samdom,DC=pce23,DC=net
May 17 09:21:47 rasp named[30808]: samba_dlz: starting configure
May 17 09:21:47 rasp named[30808]: samba_dlz: Failed to configure zone 'samdom.pce23.net'
May 17 09:21:47 rasp named[30808]: loading configuration: already exists
May 17 09:21:47 rasp named[30808]: exiting (due to fatal error)
I checked for a zone file in /var/lib/named/dyn but this doesn’t exist and AFAIK it must be created and maintained by samba
in named.conf I have the definition for the zone “samdom.pce23.net”
zone "samdom.pce23.net" in {
type master;
file "dyn/samdom.pce23.net";
also-notify { 192.168.1.120; };
notify yes;
allow-transfer { 192.168.1.120; };
allow-query { 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; 192.168.4.0/24; };
};
It is surprising the run with strace is different from the one without. It looks like the one under strace is stopped early, is that also your observation?
I see the uid and gid are set, both to 44. I assume that is the named user and named group, but can you check (“id -n -u 44” and “getent group 44”)
rasp:/tmp # id -n -u 44
named
rasp:/tmp # getent group 44
named:x:44:
Starting strace with option -f I see that named exits and the log is very big (> 2MB). Journalctl shows the same lines related to the configure of the zone
May 18 11:12:58 rasp named[6109]: samba_dlz: ldb: No encrypted secrets key file. Secret attributes will not be encrypted or decrypted
May 18 11:12:58 rasp named[6109]: samba_dlz:
May 18 11:12:59 rasp named[6109]: samba_dlz: schema_fsmo_init: we are master[yes] updates allowed[no]
May 18 11:12:59 rasp named[6109]: samba_dlz: started for DN DC=samdom,DC=pce23,DC=net
May 18 11:12:59 rasp named[6109]: samba_dlz: starting configure
May 18 11:12:59 rasp named[6109]: samba_dlz: Failed to configure zone 'samdom.pce23.net'
May 18 11:12:59 rasp named[6109]: loading configuration: already exists
May 18 11:12:59 rasp named[6109]: exiting (due to fatal error)
I am not really surprised of these mprotect lines, named is just marking a piece of memory only readable/writable (and not executable). That is probably a security feature so that buffer overflows can not lead to arbitrary/injected data to be executed.
If find it highly remarkable that something different happens running under strace then running it normal.
Changing the user and group id implies that I must thereafter change owner and group in a lot of directory/files. Not easy. Maybe by removing named package and reinstall after creating the user named with this group.
Yes Samba can use internal dns or bind_dlz. I choose the bind-dlz because I had already bind running as a slave for my main server.
In the meantime I removed samba-ad-dc, samba and samba-winbind, and I deleted all directories and files in var/lib/samba. Removed the line include “var/lib/samba/bind-dns/named.conf” in /etc/named.conf==> systemctl start named is then successfully.
Therafter I reinstalled the samba packages. After provision of the samba server and reinserting the include in /etc/named.conf the same error occurs. so the problem is in instruction
rasp:/usr/lib/systemd/system # systemctl start named
rasp:/usr/lib/systemd/system # systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-05-24 14:24:46 CEST; 12s ago
Process: 27291 ExecStartPre=/usr/libexec/bind/named.prep (code=exited, status=0/SUCCESS)
Process: 27297 ExecStart=/usr/sbin/named -u named -d 9 $NAMED_ARGS (code=exited, status=0/SUCCESS)
Main PID: 27298 (named)
Tasks: 14 (limit: 4482)
CPU: 722ms
CGroup: /system.slice/named.service
└─27298 /usr/sbin/named -u named -d 9
...
May 24 14:24:46 rasp named[27298]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
May 24 14:24:46 rasp named[27298]: resolver priming query complete
but i was unable to do it via systemctl
rasp:/etc/systemd/system # systemctl edit named
Editing "/etc/systemd/system/named.service.d/override.conf" canceled: temporary file is empty
the file was empty==> not found . I found named.service in /etc/system/system/multi-user.target.wants but could not edit it via systemctl edit
rasp:/etc/systemd/system/multi-user.target.wants # ls -al named*
lrwxrwxrwx 1 root root 37 May 13 15:55 named.service -> /usr/lib/systemd/system/named.service
rasp:/etc/systemd/system/multi-user.target.wants # systemctl edit multi-user.target.wants/named.service
Invalid unit name "multi-user.target.wants/named.service" escaped as "multi-user.target.wants-named.service" (maybe you should use systemd-escape?).
No files found for multi-user.target.wants-named.service.
Run 'systemctl edit --force --full multi-user.target.wants-named.service' to create a new unit.
rasp:/ # systemctl edit /etc/systemd/system/multi-user.target.wants/named.service
No files found for etc-systemd-system-multi\x2duser.target.wants-named.service.mount.
Run 'systemctl edit --force --full etc-systemd-system-multi\x2duser.target.wants-named.service.mount' to create a new unit.
The man systemctl edit is not helpfull
Editing it via vim changes directly in /usr/lib/systemd/system. I’ll need checking the service after each update >:(.
I need also updating the bug report. The path “/var/lib/samba/bind-dns” must be added in named.service which is not simple I think.