Re: BIND 9.19.24 not listening to rndc port (953)

Reply: Willem Jan Withagen : "Re: BIND 9.19.24 not listening to rndc port (953)"
In reply to: Willem Jan Withagen : "Re: BIND 9.19.24 not listening to rndc port (953)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Matthew Seaman <matthew_at_FreeBSD.org>
Date: Mon, 23 Sep 2024 11:50:33 UTC

On 22/09/2024 16:34, Willem Jan Withagen wrote:
> 
> 
> On 19/09/2024 20:04, Dan Mack wrote:
>> On Thu, 19 Sep 2024, Matthew Seaman wrote:
>>
>>> On 19/09/2024 18:16, Dan Mack wrote:
>>>>  On Tue, 2 Jul 2024, sthaug@nethelp.no wrote:
>>>>
>>>>>>>  So we set uid 53 (bind) at 0.083518302, and then try to bind to 
>>>>>>> port
>>>>>>>  953 at 0.093282161.
>>>>>>
>>>>>>  Are you going to poe a bug with the bind people?
>>>>>
>>>>>  Already did: https://gitlab.isc.org/isc-projects/bind9/-/issues/4793
>>>>>
>>>>>  Steinar Haug, AS2116
>>>>
>>>>  Probably everyone knows but this still happens in the bind920-9.20.1
>>>>  package.
>>>>
>>>>  However, BIND 9.20.2 was released yesterday with a change to when bind
>>>>  drops privilege levels so perhaps we will have a working version 
>>>> when the
>>>>  port / package is updated.
>>>
>>> The update was already committed:
>>>
>>> https://cgit.freebsd.org/ports/commit/?id=06790657ec8a80f894db824e7a9cadd71ec4e292
>>>
>>>     Cheers,
>>>
>>>     Matthew
>>
>> Thank you!   Was about to try a build myself but now I don't have to :-)
>>
> Untill that time I choose to set the highest privileged port to 952...
>      net.inet.ip.portrange.reservedhigh=952

mac_portacl(4) is useful in these situations.  It allows you to specify 
users that can bind to a specified secure port without needing root 
privileges.

	Cheers,

	Matthew