Re: BIND 9.19.24 not listening to rndc port (953)

Reply: Bjoern A. Zeeb: "Re: BIND 9.19.24 not listening to rndc port (953)"
In reply to: Bakul Shah : "Re: BIND 9.19.24 not listening to rndc port (953)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Craig Leres <leres_at_freebsd.org>
Date: Mon, 01 Jul 2024 18:00:21 UTC

On 7/1/24 10:17, Bakul Shah wrote:
> On Jul 1, 2024, at 9:18 AM, Craig Leres <leres@freebsd.org> wrote:
>>
>> On 6/30/24 04:46, sthaug@nethelp.no wrote:
>>> Short description: Fresh install of bind9-devel-9.19.24_1 doesn't
>>> listen to localhost port 953, with the result that rndc doesn't work.
>>> Problem is 100% reproducible.
>>
>> bind-tools-9.18.27_1 with 14.1-RELEASE-p1 suffers from this as well.
> 
> I was ignoring this until now but finally chased it down! I had to add
> 
>         inet 127.0.0.1 port 953
>           allow { 127.0.0.1; } keys { "rndc-key"; };
> 
> to "controls { ... }" in /etc/named.conf

Ah... I already had that but I see now that the problem is due to the 
14.1 issue I reported (see  "FreeBSD 14.x localhost source address" on 
the freebsd-stable list).

 > For 14.1 at least, this has the side effect that the source address
 > for anything in the 127.0.0.0/8 domain becomes 127.0.0.2 instead
 > of 127.0.0.1.

So I changed named.conf and now it works!

--- named.conf  (revision 72)
+++ named.conf  (working copy)
@@ -141,7 +141,7 @@

  controls {
         inet 127.0.0.1 port 953
-               allow { 127.0.0.1; } keys { "rndc-key"; };
+               allow { 127.0.0.0/8; } keys { "rndc-key"; };
  };

Looks like I need to create a PR for this issue.

		Craig