named doesn't listen on a interface after interface down-up
Mark Andrews
Mark_Andrews at isc.org
Fri Jun 2 23:14:17 UTC 2006
> On Fri Jun 02, 2006 at 18:37:27 +0200, Peter Dambier wrote:
> >blrmaani wrote:
> >>
> >> 1. Is this a known issue when named is run as a non-root user?
> >> 2. What is the workaround other than stopping and starting named?
> >>
> >> thanks in advance
> >> Blr
> >>
> >
> >I had a similar problem with named running on my aDSL router.
> >Once every 24 hours my ISP would break the connection and my
> >router, reconnecting, would get a new ip ...
> >
> >No dice.
> >
> >I had to either run named behind the router with rfc 1918 addresses
> >or restart named in the interface_up procedure.
> >
> Run named on Solaris 10, preferrably in a local zone, and use svccfg/setprop
> to give the named service net_privaddr privileges ( and to remove
> unnecessary privileges as well ) so that it can listen on port 53
> without having to be started by root.
>
> It's easy to adapt the model at
> http://www.sun.com/software/solaris/howtoguides/s10securityhowto.jsp
>
> to named.
>
> As far as I know, there is no equivalent functionality in linux, fbsd,
> obsd, hpux, aix, or any other unixish OS.
Under Linux, as long as the kernel supports capabilities,
named keeps the ability to bind(2) to reserved ports as
it switched from root to the named user.
> -P.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list