From nobody Mon Jul  1 18:00:21 2024
X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WCYjg1h3hz5QCf1
	for <freebsd-stable@mlmmj.nyi.freebsd.org>; Mon, 01 Jul 2024 18:00:23 +0000 (UTC)
	(envelope-from leres@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WCYjg0m1Yz4bcQ;
	Mon,  1 Jul 2024 18:00:23 +0000 (UTC)
	(envelope-from leres@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1719856823;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5aLMrmHSsOx4PLYnpOT4NdanfpYBREbQjR+ifdQH294=;
	b=TF+bNPZF8SEccUJbdUb4a7p4cMViQJ3PCwIBheJzE5V6e0icxqDAoT7VAFmzF69UmWASq6
	b+yiB/VYJTTDs1anhzhL6A6i3uLeZxt5kvkXFXwhpNt8GB/uuqe7N6OVKKkAzk8AfHxbxI
	Idxxlcz8NKne6UhOk2NYeWoNnzdbd/Pt9xreo8RYLjQZ5tSriDflT7TyckvvAYSyj0u+bV
	daClND6nW0FD5aPDJrYumoPTgvpKWdayRFNQ7GISZPnWKH4K3Yyi4qXUYkqV6FBYgBkkRm
	qDJgcabhtdbS9ubigl+BD0+mAsP+303NkftN0eG+raJp2SoMG37H01ZCQOV1HQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719856823; a=rsa-sha256; cv=none;
	b=CgffCE9H4Eextn0eS1/7Hl1rwDJsiQ4JKkmOBA28WkFx5RPuNQJ4zIDYRVjCiHnTLwpaK2
	kj6WhLPfhg/8jnr3HV5p0Kg07QVBzCbRR6tTCLw348BrLGZykfocYXY4N2Xf5a7kbmV997
	V6QVhyvcj+fzeKFor7DP9nFYA32/rpVtmU79IYBo7oSUm6kSmD7m84Lx71QY+7kqiimJz4
	D00HY1wRIV3n1EmfmiXj0ulUHiHKq6051OYMYllMKqLAmDz5V7iSSB+A2dVN1+B6k1Jwvv
	CCPAZpkemT4Epe+KwuodcMcO9XCF7e1z1ZH+zSMfg2rvt+Uf/J5TgiqVVUqCjQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1719856823;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=5aLMrmHSsOx4PLYnpOT4NdanfpYBREbQjR+ifdQH294=;
	b=dHNj2p8zH5OlrujJtveOa8L9J5ShPwbLf3rGFiJXbQDXyNcq4A5eLbPcy9WimPrGb0pZ1f
	r3IpdV7zBpMenwVfQ07O+TwZgwbOn7MulfSeqDHVtONPOhYU5RoNvB9JQjSOw2oUVmtmuk
	sb33Ro2hMkJ4xW8mC9/v7C282XtVr80kE+U2c+oF0yumSn86jCAP//it+LkPS1IyCp1hH0
	fMJm5U9jRq8edozfeBc7eKY5VndeeI22yCu3U0iMpvKUm4NA7d3GWjQ4wA0FQSAKVWKAPM
	rod7+MSc0fNQN48g/KKHsAejj0635wxdWH/6YAvnb4dP0jwqIv7gK2YnZew/xg==
Received: from [IPV6:fd:1965::2] (unknown [IPv6:2600:1700:ab1b:6800:2e0:edff:fece:8f27])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: leres)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4WCYjf5G3gzSRg;
	Mon,  1 Jul 2024 18:00:22 +0000 (UTC)
	(envelope-from leres@freebsd.org)
Message-ID: <57b84b90-5f95-475b-9f45-ecff2b4adf05@freebsd.org>
Date: Mon, 1 Jul 2024 11:00:21 -0700
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
Sender: owner-freebsd-stable@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: BIND 9.19.24 not listening to rndc port (953)
To: Bakul Shah <bakul@iitbombay.org>
Cc: sthaug@nethelp.no, freebsd-stable@freebsd.org
References: <20240630.134609.2166404118346455953.sthaug@nethelp.no>
 <3ace1a1c-324a-41ce-a39c-676ef830a5e0@freebsd.org>
 <DBBF5056-B54A-4DBF-8183-05F0039B277D@iitbombay.org>
From: Craig Leres <leres@freebsd.org>
Content-Language: en-US
In-Reply-To: <DBBF5056-B54A-4DBF-8183-05F0039B277D@iitbombay.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 7/1/24 10:17, Bakul Shah wrote:
> On Jul 1, 2024, at 9:18 AM, Craig Leres <leres@freebsd.org> wrote:
>>
>> On 6/30/24 04:46, sthaug@nethelp.no wrote:
>>> Short description: Fresh install of bind9-devel-9.19.24_1 doesn't
>>> listen to localhost port 953, with the result that rndc doesn't work.
>>> Problem is 100% reproducible.
>>
>> bind-tools-9.18.27_1 with 14.1-RELEASE-p1 suffers from this as well.
> 
> I was ignoring this until now but finally chased it down! I had to add
> 
>         inet 127.0.0.1 port 953
>           allow { 127.0.0.1; } keys { "rndc-key"; };
> 
> to "controls { ... }" in /etc/named.conf

Ah... I already had that but I see now that the problem is due to the 
14.1 issue I reported (see  "FreeBSD 14.x localhost source address" on 
the freebsd-stable list).

 > For 14.1 at least, this has the side effect that the source address
 > for anything in the 127.0.0.0/8 domain becomes 127.0.0.2 instead
 > of 127.0.0.1.

So I changed named.conf and now it works!

--- named.conf  (revision 72)
+++ named.conf  (working copy)
@@ -141,7 +141,7 @@

  controls {
         inet 127.0.0.1 port 953
-               allow { 127.0.0.1; } keys { "rndc-key"; };
+               allow { 127.0.0.0/8; } keys { "rndc-key"; };
  };

Looks like I need to create a PR for this issue.

		Craig