diff --git a/apparmor.d/profiles-a-f/dig b/apparmor.d/profiles-a-f/dig
index 7fe72a442..4990930f5 100644
--- a/apparmor.d/profiles-a-f/dig
+++ b/apparmor.d/profiles-a-f/dig
@@ -24,5 +24,9 @@ profile dig @{exec_path} {
 
   owner @{HOME}/.digrc r,
 
+  /tmp/batch_mode.dig       r,
+  /home/dig/batch_mode.dig  r,
+  /home/dig/tsig.key        r,
+
   include if exists <local/dig>
 }
diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host
new file mode 100644
index 000000000..220e27d48
--- /dev/null
+++ b/apparmor.d/profiles-g-l/host
@@ -0,0 +1,25 @@
+# vim:syntax=apparmor
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}bin/host
+profile host @{exec_path} {
+  @{exec_path} r,
+  include <abstractions/base>
+  include <abstractions/openssl>
+  include <abstractions/nameservice-strict>
+
+  owner @{PROC}/@{pid}/task/@{pid}/comm rw,
+
+  # Ubuntu
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+
+  include if exists <local/host>
+}
diff --git a/apparmor.d/profiles-m-r/nslookup b/apparmor.d/profiles-m-r/nslookup
new file mode 100644
index 000000000..ea0410c5e
--- /dev/null
+++ b/apparmor.d/profiles-m-r/nslookup
@@ -0,0 +1,25 @@
+# vim:syntax=apparmor
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}bin/nslookup
+profile nslookup @{exec_path} {
+  @{exec_path} r,
+  include <abstractions/base>
+  include <abstractions/openssl>
+  include <abstractions/nameservice-strict>
+
+  owner @{PROC}/@{pid}/task/@{pid}/comm rw,
+
+  # Ubuntu
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+
+  include if exists <local/nslookup>
+}