Date: Mon, 1 Jul 2024 11:00:21 -0700 From: Craig Leres <leres@freebsd.org> To: Bakul Shah <bakul@iitbombay.org> Cc: sthaug@nethelp.no, freebsd-stable@freebsd.org Subject: Re: BIND 9.19.24 not listening to rndc port (953) Message-ID: <57b84b90-5f95-475b-9f45-ecff2b4adf05@freebsd.org> In-Reply-To: <DBBF5056-B54A-4DBF-8183-05F0039B277D@iitbombay.org> References: <20240630.134609.2166404118346455953.sthaug@nethelp.no> <3ace1a1c-324a-41ce-a39c-676ef830a5e0@freebsd.org> <DBBF5056-B54A-4DBF-8183-05F0039B277D@iitbombay.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/1/24 10:17, Bakul Shah wrote:
> On Jul 1, 2024, at 9:18 AM, Craig Leres <leres@freebsd.org> wrote:
>>
>> On 6/30/24 04:46, sthaug@nethelp.no wrote:
>>> Short description: Fresh install of bind9-devel-9.19.24_1 doesn't
>>> listen to localhost port 953, with the result that rndc doesn't work.
>>> Problem is 100% reproducible.
>>
>> bind-tools-9.18.27_1 with 14.1-RELEASE-p1 suffers from this as well.
>
> I was ignoring this until now but finally chased it down! I had to add
>
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
>
> to "controls { ... }" in /etc/named.conf
Ah... I already had that but I see now that the problem is due to the
14.1 issue I reported (see "FreeBSD 14.x localhost source address" on
the freebsd-stable list).
> For 14.1 at least, this has the side effect that the source address
> for anything in the 127.0.0.0/8 domain becomes 127.0.0.2 instead
> of 127.0.0.1.
So I changed named.conf and now it works!
--- named.conf (revision 72)
+++ named.conf (working copy)
@@ -141,7 +141,7 @@
controls {
inet 127.0.0.1 port 953
- allow { 127.0.0.1; } keys { "rndc-key"; };
+ allow { 127.0.0.0/8; } keys { "rndc-key"; };
};
Looks like I need to create a PR for this issue.
Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57b84b90-5f95-475b-9f45-ecff2b4adf05>