Есть проблема с chrooted bind 9.3.0 on freebsd 4.10 server.
server interfaces:
inet 172.29.92.110 netmask 0xffffff80 broadcast 172.29.92.127
inet 80.82.x.x netmask 0xfffffff8 broadcast 80.82.x.x
inet 172.29.95.200 netmask 0xffffff00 broadcast 172.29.95.255named conf:
acl listen_on {80.82.x.x; 172.29.92.110; 172.29.95.200;};
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
listen-on { listen_on; };
allow-query { my_nets; };
allow-recursion { my_nets; };
blackhole { bogusnets; };
}...НО bind не хочет слушать ни одного интерфейса кроме белого(80.82.*.*)
bash-2.05b# sockstat | grep named
named named 1146 22 udp4 80.82.x.x:53 *:*
named named 1146 23 tcp4 80.82.x.x:53 *:*
named named 1146 26 udp4 *:4923 *:*
named named 1146 28 tcp4 127.0.0.1:953 *:*
named named 1146 27 udp6 *:4924 *:*and
bash-2.05b# tail -n 50 var/log/bind.log
21-Apr-2005 16:04:25.383 general: received control channel command 'null'
21-Apr-2005 16:04:25.384 general: received control channel command 'reload'
21-Apr-2005 16:04:25.384 general: loading configuration from
'/etc/namedb/named.conf'
21-Apr-2005 16:04:25.385 network: listening on IPv4 interface fxp0,
172.29.92.110#53
21-Apr-2005 16:04:25.385 network: could not listen on UDP socket: permission
denied
21-Apr-2005 16:04:25.386 network: creating IPv4 interface fxp0 failed;
interface ignored
21-Apr-2005 16:04:25.386 network: listening on IPv4 interface vlan1,
172.29.95.200#53
21-Apr-2005 16:04:25.386 network: could not listen on UDP socket: permission
denied
21-Apr-2005 16:04:25.386 network: creating IPv4 interface vlan1 failed;
interface ignored
21-Apr-2005 16:04:25.386 network: listening on IPv4 interface lo0,
127.0.0.1#53Насколько я понял проблема в том что юзера named система не допускает к серым интерфейсам, но к белому пускает. Если бинд запустить от рута , то все ок.
Куда копать?
и все же, может быть будут какиенибудь идеи?
Hi,
when running as "bind" user named can not open port < 1024. It can open port 53 only as root on startup. Just stop it and start again.
Cheers,
Vladimir>Есть проблема с chrooted bind 9.3.0 on freebsd 4.10 server.
>server interfaces:
> inet 172.29.92.110 netmask 0xffffff80 broadcast 172.29.92.127
>inet 80.82.x.x netmask 0xfffffff8 broadcast 80.82.x.x
>inet 172.29.95.200 netmask 0xffffff00 broadcast 172.29.95.255
>
>named conf:
>acl listen_on {80.82.x.x; 172.29.92.110; 172.29.95.200;};
>options {
> directory "/etc/namedb";
> pid-file "/var/run/named.pid";
> statistics-file "/var/run/named.stats";
> listen-on { listen_on; };
>
> allow-query { my_nets; };
>
> allow-recursion { my_nets; };
>
> blackhole { bogusnets; };
>
>}...
>
>НО bind не хочет слушать ни одного интерфейса кроме белого(80.82.*.*)
>bash-2.05b# sockstat | grep named
>named named 1146
>22 udp4 80.82.x.x:53
>*:*
>named named 1146
>23 tcp4 80.82.x.x:53
>*:*
>named named 1146
>26 udp4 *:4923
> *:*
>named named 1146
>28 tcp4 127.0.0.1:953
> *:*
>named named 1146
>27 udp6 *:4924
> *:*
>
>and
>bash-2.05b# tail -n 50 var/log/bind.log
>21-Apr-2005 16:04:25.383 general: received control channel command 'null'
>21-Apr-2005 16:04:25.384 general: received control channel command 'reload'
>21-Apr-2005 16:04:25.384 general: loading configuration from
>'/etc/namedb/named.conf'
>21-Apr-2005 16:04:25.385 network: listening on IPv4 interface fxp0,
>172.29.92.110#53
>21-Apr-2005 16:04:25.385 network: could not listen on UDP socket: permission
>denied
>21-Apr-2005 16:04:25.386 network: creating IPv4 interface fxp0 failed;
>interface ignored
>21-Apr-2005 16:04:25.386 network: listening on IPv4 interface vlan1,
>172.29.95.200#53
>21-Apr-2005 16:04:25.386 network: could not listen on UDP socket: permission
>denied
>21-Apr-2005 16:04:25.386 network: creating IPv4 interface vlan1 failed;
>interface ignored
>21-Apr-2005 16:04:25.386 network: listening on IPv4 interface lo0,
>127.0.0.1#53
>
>Насколько я понял проблема в том что юзера named система не допускает
>к серым интерфейсам, но к белому пускает. Если бинд запустить от
>рута , то все ок.
>Куда копать?