V 9.18.1 not listen on port 853 after rndc reload
Borja Marcos
borjam at sarenet.es
Mon Mar 21 14:26:27 UTC 2022
> On 21 Mar 2022, at 14:51, MAYER Hans <Hans.Mayer at iiasa.ac.at> wrote:
>
>
> Looking at the log I see:
> network: error: creating TLS socket: permission denied
>
> Why doesn’t named have the permissions after a „rndc reload“ but it has the permissions after a start ? And why on one server but not on another ?
> In both cases the daemon is running as user „bind“ with UID below 128 but not as root.
Because it usually starts as root and it demotes itself to “bind” whenever possible.
Maybe there is a mechanism in Linux to grant permission to a certain UID to bind() a socket to certain privileged
port number, as it is used for NTP on FreeBSD?
Borja.
More information about the bind-users
mailing list