BIND 9.19.24 not listening to rndc port (953)

Reply: Bjoern A. Zeeb: "Re: BIND 9.19.24 not listening to rndc port (953)"
Reply: Craig Leres : "Re: BIND 9.19.24 not listening to rndc port (953)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <sthaug_at_nethelp.no>
Date: Sun, 30 Jun 2024 11:46:09 UTC

Short description: Fresh install of bind9-devel-9.19.24_1 doesn't
listen to localhost port 953, with the result that rndc doesn't work.
Problem is 100% reproducible.

Environment:

- FreeBSD 13.3-STABLE #n257580
- BIND 9.19.24 installed using "pkg install bind9-devel-9.19.24_1"
- Default (directly from the package) named.conf, no changes
- rc.conf has named_enable="YES" added
- named started using service named start

If I then try to use rndc, it doesn't work:

# rndc status
rndc: connect failed: 127.0.0.1#953: connection refused

In syslog I can see among the startup messages:

Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel 127.0.0.1#953: permission denied
Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel ::1#953: permission denied

which explains the rndc error message - but doesn't explain *why*
this happens.

Other info:

- BIND 9.18.24 on the same host works perfectly, with no rndc issues.
- BIND 9.19.24 on the same host also works *if I change it to run as
root* (by default it runs as user bind). The syslog messages are gone,
and rndc works as expected.

Speculation: 9.19.24 Release notes, under Feature changes, lists:

Multiple RNDC messages are now processed when sent in a single TCP message.

So maybe a bug introduced in connection with this feature change?

Steinar Haug, AS2116