Re: BIND 9.19.24 not listening to rndc port (953)
- Reply: sthaug_a_nethelp.no: "Re: BIND 9.19.24 not listening to rndc port (953)"
- Reply: sthaug_a_nethelp.no: "Re: BIND 9.19.24 not listening to rndc port (953)"
- In reply to: sthaug_a_nethelp.no: "BIND 9.19.24 not listening to rndc port (953)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 Jul 2024 09:49:38 UTC
On Sun, 30 Jun 2024, sthaug@nethelp.no wrote: > Short description: Fresh install of bind9-devel-9.19.24_1 doesn't > listen to localhost port 953, with the result that rndc doesn't work. > Problem is 100% reproducible. > > Environment: > > - FreeBSD 13.3-STABLE #n257580 > - BIND 9.19.24 installed using "pkg install bind9-devel-9.19.24_1" > - Default (directly from the package) named.conf, no changes > - rc.conf has named_enable="YES" added > - named started using service named start > > If I then try to use rndc, it doesn't work: > > # rndc status > rndc: connect failed: 127.0.0.1#953: connection refused > > In syslog I can see among the startup messages: > > Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel 127.0.0.1#953: permission denied > Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel ::1#953: permission denied my first guess was something returns 1 and that is leaked to user space as errno but reading on ... > which explains the rndc error message - but doesn't explain *why* > this happens. > > Other info: > > - BIND 9.18.24 on the same host works perfectly, with no rndc issues. > - BIND 9.19.24 on the same host also works *if I change it to run as > root* (by default it runs as user bind). The syslog messages are gone, > and rndc works as expected. That sounds like they try to open the priv port after they changed users rather than before. If you (as root) temporary chnage sysctl net.inet.ip.portrange.reservedhigh=952 does it work then (as user bind)? (don't forget to set it back after the experiment) A ktrace might reveal more but I'd likely go to bind people and ask. Seems like more chances. > Speculation: 9.19.24 Release notes, under Feature changes, lists: > > Multiple RNDC messages are now processed when sent in a single TCP message. > > So maybe a bug introduced in connection with this feature change? > > Steinar Haug, AS2116 > > -- Bjoern A. Zeeb r15:7