Date: Mon, 23 Sep 2024 12:50:33 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: Willem Jan Withagen <wjw@digiware.nl>, Dan Mack <mack@macktronics.com> Cc: stable@freebsd.org Subject: Re: BIND 9.19.24 not listening to rndc port (953) Message-ID: <cbf903e7-66fa-4b66-8e21-cb682b63f30f@FreeBSD.org> In-Reply-To: <e7608524-43b6-4b04-a058-6ebe70833070@digiware.nl> References: <38321p06-q966-p811-oqpq-q679qpo9pp31@yvfgf.mnoonqbm.arg> <20240702.112250.268297637701792446.sthaug@nethelp.no> <18s0oq25-816s-84ns-41np-47402182ns46@yvfgf.mnoonqbm.arg> <20240702.191333.1782316333681428598.sthaug@nethelp.no> <35410f21-8e52-a853-ad21-4fd05d0f8b3c@macktronics.com> <d14d2b27-6dd8-41df-aef7-3040ae98d629@FreeBSD.org> <1c138b97-2cc3-992c-f9ad-a944c0638163@macktronics.com> <e7608524-43b6-4b04-a058-6ebe70833070@digiware.nl>
index | next in thread | previous in thread | raw e-mail
On 22/09/2024 16:34, Willem Jan Withagen wrote: > > > On 19/09/2024 20:04, Dan Mack wrote: >> On Thu, 19 Sep 2024, Matthew Seaman wrote: >> >>> On 19/09/2024 18:16, Dan Mack wrote: >>>> On Tue, 2 Jul 2024, sthaug@nethelp.no wrote: >>>> >>>>>>> So we set uid 53 (bind) at 0.083518302, and then try to bind to >>>>>>> port >>>>>>> 953 at 0.093282161. >>>>>> >>>>>> Are you going to poe a bug with the bind people? >>>>> >>>>> Already did: https://gitlab.isc.org/isc-projects/bind9/-/issues/4793 >>>>> >>>>> Steinar Haug, AS2116 >>>> >>>> Probably everyone knows but this still happens in the bind920-9.20.1 >>>> package. >>>> >>>> However, BIND 9.20.2 was released yesterday with a change to when bind >>>> drops privilege levels so perhaps we will have a working version >>>> when the >>>> port / package is updated. >>> >>> The update was already committed: >>> >>> https://cgit.freebsd.org/ports/commit/?id=06790657ec8a80f894db824e7a9cadd71ec4e292 >>> >>> Cheers, >>> >>> Matthew >> >> Thank you! Was about to try a build myself but now I don't have to :-) >> > Untill that time I choose to set the highest privileged port to 952... > net.inet.ip.portrange.reservedhigh=952 mac_portacl(4) is useful in these situations. It allows you to specify users that can bind to a specified secure port without needing root privileges. Cheers, Matthewhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cbf903e7-66fa-4b66-8e21-cb682b63f30f>