<html class="apple-mail-supports-explicit-dark-mode"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">The default GeoIP directory in the provided AppArmor configuration is different from yours: <a href="https://salsa.debian.org/dns-team/bind9/-/blob/debian/9.18/debian/extras/apparmor.d/usr.sbin.named?ref_type=heads">https://salsa.debian.org/dns-team/bind9/-/blob/debian/9.18/debian/extras/apparmor.d/usr.sbin.named?ref_type=heads</a><br id="lineBreakAtBeginningOfSignature"><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 23. 9. 2025, at 14:17, Herman Brule <contact@herman-brule.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font face="Helvetica, Arial, sans-serif">Hi, my env is VPS, qemu
VM.</font></p>
<p><font face="Helvetica, Arial, sans-serif">See attached file for
full config and full log.</font></p>
<p><font face="Helvetica, Arial, sans-serif">it's debian 12 amd64.
Then systemd.<br>
</font></p>
<pre class="moz-signature" cols="72">Herman Jacques Roger BRULE <a class="moz-txt-link-rfc2396E" href="mailto:contact@herman-brule.com"><contact@herman-brule.com></a>
Main developer of Supercopier/Ultracopier/CatchChallenger, server management
IT, OS, technologies, research & development, security and business department</pre>
<div class="moz-cite-prefix">On 9/23/25 00:46, Ondřej Surý wrote:<br>
</div>
<blockquote type="cite" cite="mid:766FBA3D-772A-4A15-A07D-42DEB8634C8A@isc.org">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Hi, you should start by describing your environment and sending
here a redacted (with named-checkconf -px) config file.
<div><br>
</div>
<div>There’s a little help you can get with just few lines from
the log. It could be chroot, it could be AppArmor, it could be
selinux, it could be permissions higher in the tree, it could
be that you are checking the file on a different server than
bind is running. All these things are possible.</div>
<div><br>
</div>
<div>Ondrej<br id="lineBreakAtBeginningOfSignature">
<div dir="ltr">
<div>--</div>
Ondřej Surý — ISC (He/Him)
<div><br>
</div>
<div>My working hours and your working hours may be
different. Please do not feel obligated to reply outside
your normal working hours.</div>
</div>
<div dir="ltr"><br>
<blockquote type="cite">On 23. 9. 2025, at 3:24, Herman
Brule via bind-users <a class="moz-txt-link-rfc2396E" href="mailto:bind-users@lists.isc.org"><bind-users@lists.isc.org></a>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font face="Helvetica, Arial, sans-serif">Hi,</font></p>
<p><font face="Helvetica, Arial, sans-serif">I don't found
how check this. And how disable this?<br>
</font></p>
<pre class="moz-signature" cols="72">Herman Jacques Roger BRULE <a class="moz-txt-link-rfc2396E" href="mailto:contact@herman-brule.com" moz-do-not-send="true"><contact@herman-brule.com></a>
Main developer of Supercopier/Ultracopier/CatchChallenger, server management
IT, OS, technologies, research & development, security and business department</pre>
<div class="moz-cite-prefix">On 9/22/25 21:00, Mark
Andrews wrote:<br>
</div>
<blockquote type="cite" cite="mid:946E25E4-2282-465B-8D43-B5513F86DABA@isc.org">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
If you are running chroot then you need the files in the
chroot area. <br id="lineBreakAtBeginningOfSignature">
<div dir="ltr">--
<div>Mark Andrews</div>
</div>
<div dir="ltr"><br>
<blockquote type="cite">On 22 Sep 2025, at 22:07,
Herman Brule via bind-users <a class="moz-txt-link-rfc2396E" href="mailto:bind-users@lists.isc.org" moz-do-not-send="true"><bind-users@lists.isc.org></a>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p> <span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.792
set maximum open files to
18446744073709551615: success</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.792
looking for GeoIP2 databases in
'/usr/share/geoip'</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.796
unable to open GeoIP2 database
'/usr/share/geoip/GeoIP2-Country.mmdb' (status
1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoLite2-Country.mmdb'
(status 1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoIP2-City.mmdb' (status 1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoLite2-City.mmdb' (status
1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoIP2-ASN.mmdb' (status 1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoLite2-ASN.mmdb' (status
1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoIP2-ISP.mmdb' (status 1)</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.800
unable to open GeoIP2 database
'/usr/share/geoip/GeoIP2-Domain.mmdb' (status
1)</span></span></p>
<p> <span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;">root@vps-50e17238:~# ls
-l /usr/share/geoip/GeoIP2-Country.mmdb</span><span style="color:#000000;background-color:#ffffff;"> </span><br>
<span style="color:#000000;background-color:#ffffff;">-rw-r--r-- 1 bind bind
9791801 Sep 14 20:08
/usr/share/geoip/GeoIP2-Country.mmdb</span></span></p>
<p>exist and it's acesible via unix user.</p>
<p>and then with:</p>
<p> <span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;">22-Sep-2025 12:03:58.812
/etc/bind/named.conf.default-zones:2: no
GeoIP2 database installed which can answer
queries of type 'country'</span><br>
</span></p>
<p><span style="font-family:monospace">What I can
do? any kind of chroot?<br>
</span> </p>
<pre class="moz-signature" cols="72">--
Herman Jacques Roger BRULE <a class="moz-txt-link-rfc2396E" href="mailto:contact@herman-brule.com" moz-do-not-send="true"><contact@herman-brule.com></a>
Main developer of Supercopier/Ultracopier/CatchChallenger, server management
IT, OS, technologies, research & development, security and business department</pre>
<span>-- </span><br>
<span>Visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list.</span><br>
</div>
</blockquote>
</blockquote>
<span>-- </span><br>
<span>Visit
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to
unsubscribe from this list.</span><br>
</div>
</blockquote>
</div>
</div>
</blockquote>
<div><conf.txt></div></div></blockquote></body></html>