From owner-freebsd-net Wed Mar 17 21: 0:59 1999 Delivered-To: freebsd-net@freebsd.org Received: from repop1.jps.net (repop1.jps.net [209.63.224.238]) by hub.freebsd.org (Postfix) with ESMTP id 8BE6414DBB for ; Wed, 17 Mar 1999 21:00:57 -0800 (PST) (envelope-from onemo@jps.net) Received: from jps.net (209-63-245-66.smf.jps.net [209.63.245.66]) by repop1.jps.net (8.8.5/8.8.5) with ESMTP id VAA10089; Wed, 17 Mar 1999 21:00:22 -0800 (PST) Message-ID: <36F08756.77BC8DA4@jps.net> Date: Wed, 17 Mar 1999 20:55:50 -0800 From: me X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 3.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Leigh Hart Cc: freebsd-net@FreeBSD.ORG Subject: Re: [Fwd: named message since upgrading to 3.1-Stable] References: <199903170728.RAA20330@at.dotat.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OK, I understand the problem... Now, how to fix it. As I noted, I'm running bind with the "sandbox" user/group. Per the note in rc.conf, I've read through the security man page and performed all of the pre-requisite steps needed. Is there anything I obviously missed, or is the sandbox configuration broken? ps. My initials are MO - for Michael Oski, the me was a typo in Netscape's mail setup. Michael. Leigh Hart wrote: > Hi Me, or Mo, or whatever :-) > > me wrote: > > > > I keep getting the following message from named: > > > > ... named[104]: bind(dfd=24), [{ip addr}].53): Permission denied > > > > I chown'd the /etc/namedb/s directory to the bind sandbox ID as > > instructed. I'm using the following named.conf file: > > "Permission denied" is not an error message limited to file permissions, > what you're seeing is the bind(2) system call failing to bind to port 53 > on the ip address specified. > > This usually means that bind is not being started as root. No process > is allowed to bind port 53 unless it runs as root initially. > > > I've searched through the BIND faqs and docs located at the ISC site to > > no avail. Everything works correctly, It's just 1) annoying and 2) > > possibly bothering my ISP(?). > > Well, it's resolving for you correctly, london to a bridge it isn't > working as an authoritive source of name data ! > > Cheers > > Leigh > -- > | "By the time they had diminished | Leigh Hart, | > | from 50 to 8, the other dwarves | Dotat Communications Pty Ltd | > | began to suspect 'Hungry' ..." | GPO Box 487 Adelaide SA 5001 | > | -- Gary Larson, "The Far Side" | http://www.dotat.com/hart/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message