To follow this up, the .deb at least on Lucid does NOT have the write permission set. amb@nimrod-ubuntu:~/bind-test$ dpkg -c bind9_9.7.0.dfsg.P1-1ubuntu0.8_amd64.deb | fgrep cache drwxr-xr-x root/root 0 2012-10-09 14:13 ./var/cache/ drwxr-xr-x root/root 0 2012-10-09 14:13 ./var/cache/bind/ I've tried this on a pristine Precise box and it doesn't go wrong because Precise does not remove /var/cache/bind as it is populated (unlike on at least some Lucid installs). However, if I manually remove the cache directory, it does go wrong: root@adamant:~# dpkg --list bind9 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii bind9 1:9.8.1.dfsg.P Internet Domain Name Server root@adamant:~# ls -lnd /var/cache/bind /etc/bind/rndc.key -rw-r----- 1 103 108 77 Dec 3 20:56 /etc/bind/rndc.key drwxrwxr-x 2 0 108 4096 Dec 4 21:00 /var/cache/bind root@adamant:~# aptitude remove bind9 The following packages will be REMOVED: bind9 0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 963 kB will be freed. (Reading database ... 47095 files and directories currently installed.) Removing bind9 ... * Stopping domain name service... bind9 waiting for pid 859 to die ...done. Processing triggers for ufw ... Processing triggers for ureadahead ... ureadahead will be reprofiled on next reboot Processing triggers for man-db ... root@adamant:~# ls -lnd /var/cache/bind /etc/bind/rndc.key -rw-r----- 1 103 108 77 Dec 3 20:56 /etc/bind/rndc.key drwxrwxr-x 2 0 108 4096 Dec 5 19:13 /var/cache/bind root@adamant:~# ls -la /var/cache/bind total 16 drwxrwxr-x 2 root bind 4096 Dec 5 19:13 . drwxr-xr-x 8 root root 4096 Dec 3 20:54 .. -rw-r--r-- 1 bind bind 698 Dec 4 21:00 managed-keys.bind -rw-r--r-- 1 bind bind 512 Dec 4 21:00 managed-keys.bind.jnl root@adamant:~# rm -rf /var/cache/bind root@adamant:~# aptitude install bind9 The following NEW packages will be installed: bind9 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 343 kB of archives. After unpacking 963 kB will be used. Get: 1 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main bind9 amd64 1:9.8.1.dfsg.P1-4ubuntu0.4 [343 kB] Fetched 343 kB in 0s (621 kB/s) Preconfiguring packages ... Selecting previously unselected package bind9. (Reading database ... 47062 files and directories currently installed.) Unpacking bind9 (from .../bind9_1%3a9.8.1.dfsg.P1-4ubuntu0.4_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Processing triggers for ufw ... Setting up bind9 (1:9.8.1.dfsg.P1-4ubuntu0.4) ... * Starting domain name service... bind9 ...done. root@adamant:~# ls -lnd /var/cache/bind /etc/bind/rndc.key -rw-r----- 1 103 108 77 Dec 3 20:56 /etc/bind/rndc.key drwxr-xr-x 2 0 0 4096 Oct 9 14:06 /var/cache/bind