Confirmed, on every system upgraded to buster, nsd fails to start (even with a blank configuration file i.e. all settings at defaults):
systemd[1]: Starting Name Server Daemon... nsd[10191]: error: could not open zone list /var/lib/nsd/zone.list: Permission denied nsd[10191]: error: could not read zonelist file /var/lib/nsd/zone.list systemd[1]: nsd.service: Main process exited, code=exited, status=1/FAILURE systemd[1]: nsd.service: Failed with result 'exit-code'. systemd[1]: Failed to start Name Server Daemon. Since the default for the config parameter "zonelistfile" is "/var/lib/nsd/zone.list", the process needs access to this file (seemingly even if you do not use dynamic zones). I don't pretend to understand all this .service file gubbins, I note that it already has ReadWritePaths=/var/lib/nsd so I don't know what's wrong. Since I didn't feel it wise to give the process full root access to the filesystem, I simply commented out the CapabilityBoundingSet line Please can you fix this regression. Thanks David
