Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Mar 1999 20:55:50 -0800
From:      me <onemo@jps.net>
To:        Leigh Hart <hart@at.dotat.com>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: [Fwd: named message since upgrading to 3.1-Stable]
Message-ID:  <36F08756.77BC8DA4@jps.net>
References:  <199903170728.RAA20330@at.dotat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
OK, I understand the problem... Now, how to fix it.

As I noted, I'm running bind with the "sandbox" user/group. Per the note in
rc.conf, I've read through the security man page and performed all of the
pre-requisite steps needed. Is there anything I obviously missed, or is the
sandbox configuration broken?

ps. My initials are MO - for Michael Oski, the me was a typo in Netscape's
mail setup.

Michael.

Leigh Hart wrote:

> Hi Me, or Mo, or whatever :-)
>
> me <onemo@jps.net> wrote:
> >
> > I keep getting the following message from named:
> >
> > ... named[104]: bind(dfd=24), [{ip addr}].53): Permission denied
> >
> > I chown'd the /etc/namedb/s directory to the bind sandbox ID as
> > instructed. I'm using the following named.conf file:
>
> "Permission denied" is not an error message limited to file permissions,
> what you're seeing is the bind(2) system call failing to bind to port 53
> on the ip address specified.
>
> This usually means that bind is not being started as root.  No process
> is allowed to bind port 53 unless it runs as root initially.
>
> > I've searched through the BIND faqs and docs located at the ISC site to
> > no avail. Everything works correctly, It's just 1) annoying and 2)
> > possibly bothering my ISP(?).
>
> Well, it's resolving for you correctly, london to a bridge it isn't
> working as an authoritive source of name data !
>
> Cheers
>
> Leigh
> --
> | "By the time they had diminished | Leigh Hart, <hart@dotat.com> |
> |  from 50 to 8, the other dwarves | Dotat Communications Pty Ltd |
> |  began to suspect 'Hungry' ..."  | GPO Box 487 Adelaide SA 5001 |
> |   -- Gary Larson, "The Far Side" |  http://www.dotat.com/hart/  |



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36F08756.77BC8DA4>