V 9.18.1 not listen on port 853 after rndc reload
sthaug at nethelp.no
sthaug at nethelp.no
Mon Mar 21 16:12:35 UTC 2022
> now BIND 9.18 is supporting DoT directly I tried to go away from a solution with stunnel4 and therefore I compiled 9.18.1 and modified named.conf
> So far everything is working fine. All the tests with dig , openssl and lsof is showing it’s working.
> The problem: when I run a „rndc reload“ the named process is not listen on 853/tcp anymore. All tests with TLS fail. And this on IPv4 as well on IPv6.
> The rest of BIND is working well. Still listening on port 53 on UDP and TCP
> When I restart the service so that named stops and a new process is started and running then DoT is working again.
> I run this on Debian 10 buster.
> The interesting story is I run the same version 9.18.1 on a different Debian 10 buster server. On this server the process „named" survives a „rndc reload“ on port 853
>
> Looking at the log I see:
> network: error: creating TLS socket: permission denied
Known bug, see
https://gitlab.isc.org/isc-projects/bind9/-/issues/3122
and the thread starting at
https://lists.isc.org/pipermail/bind-users/2022-January/105596.html
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the bind-users
mailing list