Bind to INADDR_ANY
Mark Andrews
marka at isc.org
Wed Jan 11 05:14:03 UTC 2012
In message <4F0CEBB5.3040401 at dougbarton.us>, Doug Barton writes:
> On 01/10/2012 17:34, Mark K. Pettit wrote:
> > There are some caveats to trying to use "interface-interval" to pick up new
> IPs. If your BIND drops privileges (e.g., by using the "-u" command-line op
> tion to named), you might have a problem getting BIND to bind() to the new IP
> addresses.
> >
> > For example, on FreeBSD if you use "-u" to drop privileges, BIND will not b
> e able to bind() to new addresses without modifying the kernel to allow non-r
> oot users to bind() to port 53.
> >
> > On modern versions of Linux, BIND can bind() to new IP addresses even with
> the "-u" option because the kernel has a mechanism to allow it.
> >
> > In my environment (FreeBSD) we've worked around this problem (just recently
> , in fact), and I can provide more details if there's any interest.
>
> well I'm definitely interested. :)
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-portacl.html
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list