Bind9 dns 服务器日志记录选项 (Ubuntu 18.04)

我想为我的 DNS 服务器（bind9）创建一个单独的文件来写入日志。我在此处的Ubuntu 社区页面上找到了一些有关如何执行此操作的信息

所以我将这些行添加到/etc/bind/named.conf.local

logging {
    channel query.log {
        file "/var/log/query.log";
        // Set the severity to dynamic to see all the debug messages.
        severity dynamic;
    };
};

我继续创建一个日志文件，授予它所有权限并重新启动 bind9 服务，当检查状态时，我看到了错误：

cd /var/log
touch query.log
chmod 777 query.log
systemctl restart bind9
systemctl status bind9

  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Active: failed (Result: exit-code) since Thu 2020-04-02 17:37:24 UTC; 1s ago
    Docs: man:named(8)
 Process: 5723 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Process: 4480 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS)
 Process: 5851 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 5851 (code=exited, status=1/FAILURE)

Apr 02 17:37:24 ballgame named[5851]: command channel listening on 127.0.0.1#953
Apr 02 17:37:24 ballgame named[5851]: configuring command channel from '/etc/bind/rndc.key'
Apr 02 17:37:24 ballgame named[5851]: isc_stdio_open '/var/log/query.log' failed: permission denied
Apr 02 17:37:24 ballgame named[5851]: command channel listening on ::1#953
Apr 02 17:37:24 ballgame named[5851]: isc_stdio_open '/var/log/query.log' failed: permission denied
Apr 02 17:37:24 ballgame named[5851]: configuring logging: permission denied
Apr 02 17:37:24 ballgame named[5851]: loading configuration: permission denied
Apr 02 17:37:24 ballgame named[5851]: exiting (due to fatal error)
Apr 02 17:37:24 ballgame systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Apr 02 17:37:24 ballgame systemd[1]: bind9.service: Failed with result 'exit-code'.

有人可以解释我这里缺少什么吗？