From nobody Sun Sep 22 15:34:56 2024
X-Original-To: stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XBVYj3Y1Nz5Wgk9
	for <stable@mlmmj.nyi.freebsd.org>; Sun, 22 Sep 2024 15:35:05 +0000 (UTC)
	(envelope-from wjw@digiware.nl)
Received: from mail.digiware.nl (smtp.digiware.nl [176.74.240.9])
	by mx1.freebsd.org (Postfix) with ESMTP id 4XBVYh0nlNz4slV;
	Sun, 22 Sep 2024 15:35:04 +0000 (UTC)
	(envelope-from wjw@digiware.nl)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=digiware.nl header.s=medusa-2017 header.b=XsnWJ9yc;
	dmarc=pass (policy=quarantine) header.from=digiware.nl;
	spf=pass (mx1.freebsd.org: domain of wjw@digiware.nl designates 176.74.240.9 as permitted sender) smtp.mailfrom=wjw@digiware.nl
Received: from [IPV6:2001:4cb8:3:1:a5f4:aedf:5a35:ee5b] (unknown [IPv6:2001:4cb8:3:1:a5f4:aedf:5a35:ee5b])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail.digiware.nl (Postfix) with ESMTPSA id 381859AF1E;
	Sun, 22 Sep 2024 17:34:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=digiware.nl;
	s=medusa-2017; t=1727019297;
	bh=dxpWOxaBTs01a+PJea68wy/IjZVlvkK6qPLg4Fb1IFM=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To;
	b=XsnWJ9yce/h8ll4nisw5ehiY74Bffo0LpWXXbpZi2HdBsuqzK6fKwUXNr8+L/k6Gu
	 WsgK9IAY7p56nS7t/jkna/b0/3MzIZaa4bkO4EbxawVYlrYGMPHds4pNiFCKT1OBgq
	 vClecgpSp2FW/HFqBpklvVa6wdHTx2rdbUb/ze5kpGXmgsBeu6xKJm92YP6jAf3DnD
	 FP//ri0IirDLckZEpTO3DKDykgpGzwdzdqjCBHAY4s1M7tmxVxT3oJj/BjsbG4QK2w
	 8fzwjTS67V6rfJmkuXqiQGOlUhqhBojkF39Q3pTDspbDaBey1q0SaYjQdcvPamCECN
	 SUvorR3LyHD5Q==
Message-ID: <e7608524-43b6-4b04-a058-6ebe70833070@digiware.nl>
Date: Sun, 22 Sep 2024 17:34:56 +0200
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
Sender: owner-freebsd-stable@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: BIND 9.19.24 not listening to rndc port (953)
Content-Language: en-US, nl
To: Dan Mack <mack@macktronics.com>, Matthew Seaman <matthew@FreeBSD.org>
Cc: stable@freebsd.org
References: <38321p06-q966-p811-oqpq-q679qpo9pp31@yvfgf.mnoonqbm.arg>
 <20240702.112250.268297637701792446.sthaug@nethelp.no>
 <18s0oq25-816s-84ns-41np-47402182ns46@yvfgf.mnoonqbm.arg>
 <20240702.191333.1782316333681428598.sthaug@nethelp.no>
 <35410f21-8e52-a853-ad21-4fd05d0f8b3c@macktronics.com>
 <d14d2b27-6dd8-41df-aef7-3040ae98d629@FreeBSD.org>
 <1c138b97-2cc3-992c-f9ad-a944c0638163@macktronics.com>
From: Willem Jan Withagen <wjw@digiware.nl>
In-Reply-To: <1c138b97-2cc3-992c-f9ad-a944c0638163@macktronics.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: router10G.digiware.nl
X-Rspamd-Action: no action
X-Spamd-Result: default: False [-3.79 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[digiware.nl,quarantine];
	R_DKIM_ALLOW(-0.20)[digiware.nl:s=medusa-2017];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_NO_TLS_LAST(0.10)[];
	ONCE_RECEIVED(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FROM_HAS_DN(0.00)[];
	RCVD_COUNT_ONE(0.00)[1];
	TO_DN_SOME(0.00)[];
	ASN(0.00)[asn:28878, ipnet:176.74.224.0/19, country:NL];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCPT_COUNT_THREE(0.00)[3];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	ARC_NA(0.00)[];
	MLMMJ_DEST(0.00)[stable@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	DKIM_TRACE(0.00)[digiware.nl:+]
X-Rspamd-Queue-Id: 4XBVYh0nlNz4slV
X-Spamd-Bar: ---



On 19/09/2024 20:04, Dan Mack wrote:
> On Thu, 19 Sep 2024, Matthew Seaman wrote:
>
>> On 19/09/2024 18:16, Dan Mack wrote:
>>>  On Tue, 2 Jul 2024, sthaug@nethelp.no wrote:
>>>
>>>>>>  So we set uid 53 (bind) at 0.083518302, and then try to bind to 
>>>>>> port
>>>>>>  953 at 0.093282161.
>>>>>
>>>>>  Are you going to poe a bug with the bind people?
>>>>
>>>>  Already did: https://gitlab.isc.org/isc-projects/bind9/-/issues/4793
>>>>
>>>>  Steinar Haug, AS2116
>>>
>>>  Probably everyone knows but this still happens in the bind920-9.20.1
>>>  package.
>>>
>>>  However, BIND 9.20.2 was released yesterday with a change to when bind
>>>  drops privilege levels so perhaps we will have a working version 
>>> when the
>>>  port / package is updated.
>>
>> The update was already committed:
>>
>> https://cgit.freebsd.org/ports/commit/?id=06790657ec8a80f894db824e7a9cadd71ec4e292 
>>
>>
>>     Cheers,
>>
>>     Matthew
>
> Thank you!   Was about to try a build myself but now I don't have to :-)
>
Untill that time I choose to set the highest privileged port to 952...
     net.inet.ip.portrange.reservedhigh=952

--WjW