Date: Mon, 01 Jul 2024 09:46:04 +0200 (CEST) From: sthaug@nethelp.no To: freebsd@oldach.net Cc: freebsd-stable@freebsd.org Subject: Re: BIND 9.19.24 not listening to rndc port (953) Message-ID: <20240701.094604.2129872793923031185.sthaug@nethelp.no> In-Reply-To: <202406301218.45UCImcO021592@nuc.oldach.net> References: <20240630.134609.2166404118346455953.sthaug@nethelp.no> <202406301218.45UCImcO021592@nuc.oldach.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> # rndc status >> rndc: connect failed: 127.0.0.1#953: connection refused >> >> In syslog I can see among the startup messages: >> >> Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel 127.0.0.1#953: permission denied >> Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel ::1#953: permission denied > > Potentially a change in 9.19's port binding logic triggering by mac_portacl(4)? > > https://forums.freebsd.org/threads/named-could-not-listen-on-udp-socket-permission-denied.11196/ > > Does it help adding 953 to security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53? Well, I don't use mac_portacl at all on this host, and there is no sysctl OID security.mac.portacl.rules: # sysctl security.mac.portacl.rules sysctl: unknown oid 'security.mac.portacl.rules' I could probably *make* it work with mac_portacl - however, I would much prefer to get a solution which doesn't need special kernel config etc. Steinar Haug, AS2116
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240701.094604.2129872793923031185.sthaug>