named and vpn interface

Barry Margolin barmar at genuity.net
Mon Apr 10 21:28:12 UTC 2000 

In article <QQikis08094.200004101844 at wodc7mr0.ffx.ops.us.uu.net>,
Stephens, Bill <Bill.Stephens at fritolay.com> wrote:
>	I run named as a user (ie. bubba, or named or bind, whatever make
>sense to you) which has access to the database files .  You might want to
>check and make sure the userid you run named as has access to the files.  

Read the error message: it's complaining about not having access to perform
the bind(), which it needs to do to listen on a new interface.

I don't think you can run named as non-root if the interfaces can change
out from under it.  Every hour, named checks to see if there are new
interfaces on the system, and tries to bind to port 53 on them.  Since only
root can bind to port 53, this fails.

If you don't really need to run named on the VPN interface, you could use
the "listen-on" option to make named only listen on the real interface,
which won't go up and down.

>
>	-Bill Stephens
>
>
>
>
>	John Salinas <jsalinas at sgi.com>
>	04/10/2000 12:44 PM
>	To:	comp-protocols-dns-bind at moderators.isc.org@SMTP at Exchange
>	cc:	 
>	Subject:	named and vpn interface
>
>	When I started using vpn to connect between a 
>	small home server and work I started receiving 
>	a bunch of permission denied to delete what I 
>	belive is the vpn interface: 
>
>	named at start up: 
>	Mar 19 00:02:36 garden named[2672]: listening on
>[222.222.222.222].53 (vpn0)
>	Mar 19 00:02:36 garden named[2672]: Forwarding source address is
>[0.0.0.0].1026
>	Mar 19 00:02:36 garden named[2673]: group = 99
>	Mar 19 00:02:36 garden named[2673]: user = nobody
>	Mar 19 00:02:36 garden named[2673]: Ready to answer queries.
>	Mar 19 00:07:02 garden PAM_pwdb[2702]: (su) session opened for user
>nobody 
>	        by (uid=0)
>
>	error messages: 
>	Mar 19 04:24:50 garden named[20438]: deleting interface
>[222.222.222.222].53
>	Mar 19 04:24:50 garden named[20438]: USAGE 953457890 952719890
>CPU=1.79u/0.97s 
>	        CHILDCPU=0u/0s
>	Mar 19 04:24:50 garden named[20438]: NSTATS 953457890 952719890
>A=1984 
>	        SOA=88 PTR=1177 MX=258 ANY=636
>	Mar 19 04:24:50 garden named[20438]: XSTATS 953457890 952719890
>RR=3282 
>	        RNXD=49 RFwdR=2258 RDupR=4 RFail=3 RFErr=0 RErr=0 RAXFR=0
>RLame=301 
>	        ROpts=0 SSysQ=556 SAns=2205 SFwdQ=1934 SDupQ=362 SErr=0
>RQ=4143 RIQ=0 
>	        RFwdQ=0 RDupQ=17 RTCP=13 SFwdR=2258 SFail=0 SFErr=0
>SNaAns=1233 SNXD=291
>	Mar 19 05:24:50 garden named[20438]: Cleaned cache of 0 RRs
>	Mar 19 05:24:50 garden named[20438]: bind(dfd=24,
>[222.222.222.222].53): 
>	        Permission denied
>
>	Does this mean I have to run named as root - is their anyway around
>	this type of error - it logs about every 10 mintues. 
>
>	thanks, 
>	john
>
>
>
>
>
>
>
>


-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list