Bind named to 0.0.0.0 (INADDR_ANY)
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Thu Oct 2 07:03:31 UTC 2008
At Wed, 1 Oct 2008 10:08:36 -0700,
Chris Buxton <cbuxton at menandmice.com> wrote:
> > BIND9 has no problem with seeing new interfaces. You don't need rndc
> > for
> > that, it's quite automatic. You can use interface-interval to adjust
> > the
> > frequency of the checking.
>
> Only if named is running as root. As any other user, it doesn't have
> the right to bind to port 53; therefore, any interface that appears
> after named drops privileges is unavailable. (You might be able to
> work around this on Linux by setting capabilities [libcap2].)
BIND9 actually sets proper capabilities for Linux before doing
setuid(). (Another option is to switch to IPv6, for which named uses
a wildcard socket to receive queries by default:-)
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list