couldn't mkdir '//run/named': Permission denied
could not create //run/named/session.key
Apparmor problems can be fixed by running aa-logprof and selecting the best "fix" for your system. I have done that if needed over the months since apparmor was installed. The other problem is that /run is a type tmpfs so it is created after each boot so any manual fixes are lost after a reboot. I also have the same problem for the apt-cacher-ng program. Since this machine is my router for my home network it is rarely rebooted so I have a temporary fix by running the following script manually:
cd /run
mkdir named
chown bind.bind named
systemctl restart bind9
mkdir apt-cacher-ng
chown apt-cacher-ng.apt-cacher-ng apt-cacher-ng
systemctl restart apt-cacher-ng
My /etc/bind config directory has no reference to /run. I do see
a /run/resolvconf directory which has resolv.conf in it pointing
to localhost and search domain. This seems correct since bind is
listening on localhost and you want to actually use bind to get
and cache dns requests.
My bind is version 9.11.5.P4+dfsg-5.