From owner-freebsd-net@FreeBSD.ORG Fri Jan 27 13:53:48 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDA9616A420 for ; Fri, 27 Jan 2006 13:53:48 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 781E443D45 for ; Fri, 27 Jan 2006 13:53:48 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 8512DEA; Fri, 27 Jan 2006 08:54:09 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 3551280BB; Fri, 27 Jan 2006 08:54:08 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1F2U2q-000FkS-M6; Fri, 27 Jan 2006 13:53:44 +0000 Date: Fri, 27 Jan 2006 13:53:44 +0000 From: Brian Candler To: Oleg Tarasov Message-ID: <20060127135344.GB60498@uk.tiscali.com> References: <1623226562.20060126170150@osk.com.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1623226562.20060126170150@osk.com.ua> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: Named could not listen on UDP socket: permission denied X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jan 2006 13:53:48 -0000 On Thu, Jan 26, 2006 at 05:01:50PM +0200, Oleg Tarasov wrote: > I run FreeBSD 6.0 and I have begun to recieve quite periodic error messages like these: > > Jan 25 19:45:50 central named[728]: could not listen on UDP socket: permission denied > Jan 25 19:45:50 central named[728]: creating IPv4 interface ng0 failed; interface ignored > > ng0 is my main internet interface and is created on early boot > (rcordered like ppp-user) by mpd. Certainly, I need DNS listening on > this interface. > > The reason is that if mpd is restarted for some reason, interface ng0 > is destroyed and created again while listener on this interface is > destroyed too. Named is chrooted at this time and cannot re-bind > listener on this interface. Only manual restart of named helps it bind > to this interface. > > This is not deadly situation as if I manually restart mpd I will be > able to restart named too... > > Running named under root user or out of chroot environment is not > quite acceptable way... named needs to be root in order to bind to port 53. If ng0 has a fixed IP address, then you could configure an alias on lo0 with that address. Then, even though named cannot rebind to ng0, it will still answer queries to that address. If ng0 has a dynamic address, then I think your only solution is to run named as root within a chroot environment or jail(8) - or to write a script which is run when ng0 comes up, which kills and restarts bind. Does mpd have a hook to call a script on interface up? Regards, Brian.