Date: Sun, 30 Jun 2024 14:18:48 +0200 (CEST) From: freebsd@oldach.net (Helge Oldach) To: sthaug@nethelp.no Cc: freebsd-stable@freebsd.org Subject: Re: BIND 9.19.24 not listening to rndc port (953) Message-ID: <202406301218.45UCImcO021592@nuc.oldach.net> In-Reply-To: <20240630.134609.2166404118346455953.sthaug@nethelp.no> from "sthaug@nethelp.no" at "30 Jun 2024 13:46:09"
next in thread | previous in thread | raw e-mail | index | archive | help
sthaug@nethelp.no wrote on Sun, 30 Jun 2024 13:46:09 +0200 (CEST): > Short description: Fresh install of bind9-devel-9.19.24_1 doesn't > listen to localhost port 953, with the result that rndc doesn't work. > Problem is 100% reproducible. > > Environment: > > - FreeBSD 13.3-STABLE #n257580 > - BIND 9.19.24 installed using "pkg install bind9-devel-9.19.24_1" > - Default (directly from the package) named.conf, no changes > - rc.conf has named_enable="YES" added > - named started using service named start > > If I then try to use rndc, it doesn't work: > > # rndc status > rndc: connect failed: 127.0.0.1#953: connection refused > > In syslog I can see among the startup messages: > > Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel 127.0.0.1#953: permission denied > Jun 30 12:53:31 nlab0 named[31772]: couldn't add command channel ::1#953: permission denied Potentially a change in 9.19's port binding logic triggering by mac_portacl(4)? https://forums.freebsd.org/threads/named-could-not-listen-on-udp-socket-permission-denied.11196/ Does it help adding 953 to security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53? Kind regards Helge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202406301218.45UCImcO021592>