Problems with interfaces going down

Paul Kosinski bind at iment.com
Mon Feb 15 04:26:59 UTC 2021 

Would it be possible to use a virtual interface from within bind/named that gets mapped by some privileged facility to a hardware interface? (This is the sort of thing that VMs have to do all the time.) For example, could a brctl bridge help?

Or maybe CAP_NET_BIND_SERVICE would allow the interface to be reactivated (if it's a privileged port issue).

Just brainstorming.

Paul


On Fri, 12 Feb 2021 18:33:21 -0500
bindusers at prograde.net wrote:

> Greetings,
> 
> I’ve been fighting a two-fold problem with named (bind 9.16.11) running on macOS.
> 
> 1: If an ethernet interface being listened to drops link, named immediately stops listening to it:
> 
> 12-Feb-2021 17:33:19.326 no longer listening on 192.168.88.220#53
> 
> and
> 
> 2: when link returns I get 2 tries to reestablish listening:
> 
> 12-Feb-2021 17:33:39.458 listening on IPv4 interface en1, 192.168.88.220#53
> 12-Feb-2021 17:33:39.463 creating IPv4 interface en1 failed; interface ignored
> 12-Feb-2021 17:33:41.946 listening on IPv4 interface en1, 192.168.88.220#53
> 12-Feb-2021 17:33:41.951 creating IPv4 interface en1 failed; interface ignored
> 
> which both fail because named is no longer running as root.
> 
> --------------
> 
> Where I’m confused is that this ISC KB article:
> 
> https://kb.isc.org/docs/aa-00420
> 
> seems to imply that the "no longer listening" event is due to a periodic interface scan finding the interface "unavailable".
> 
> That doesn’t fit my observations since it happens as soon as link is lost. If some minutes-long periodic scan were needed to detect the interface being down it would take, on average, half of that period to happen. It does not.
> 
> Further, I tried what the KB article advised by adding the option:
> 
> 	interface-interval 0;
> 
> That does seem to stop the periodic scan (since my log is no longer filled with errors) but the “no longer listening” event still occurs right when the interface drops.
> 
> --------------
> 
> Is it not possible to have named drop to a non-root user (via -u) but still recover from (or ride through) a momentary ethernet link loss?
> 
> Having the server stop working due to a switch I have no control over burping is very suboptimal.
> 
> Thanks for any ideas.
> 
>

More information about the bind-users mailing list