diff --git a/profiles/apparmor.d/dnstracer b/profiles/apparmor.d/dnstracer
new file mode 100644
index 000000000..a5078cbc7
--- /dev/null
+++ b/profiles/apparmor.d/dnstracer
@@ -0,0 +1,32 @@
+#------------------------------------------------------------------
+#    Copyright (C) 2024 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#------------------------------------------------------------------
+# vim: ft=apparmor
+#
+abi <abi/4.0>,
+
+include <tunables/global>
+profile dnstracer /usr/bin/dnstracer {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  network (bind,connect,create,receive,send,setopt) inet dgram,
+  network (bind,connect,create,receive,send,setopt) inet6 dgram,
+
+  /usr/bin/dnstracer mr,
+
+  @{run}/.nscd_socket rw,
+  @{run}/nscd/socket rw,
+
+  # nss can be configured to use libvirt in host resolution
+  /var/lib/libvirt/dnsmasq/ r,
+  /var/lib/libvirt/dnsmasq/*.status r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/dnstracer>
+}
+