search

TritonDataCenter / pkgsrc

NetBSD/pkgsrc fork for our binary package repositories
https://pkgsrc.smartos.org/
134 stars 50 forks source link

bind is not able to listen on new interfaces when interfaces change #233

Open bahamat opened 4 years ago

bahamat commented 4 years ago

After the last change to drop permissions on bind, if the interfaces change named won't be able to open a socket.

Using either rndc scan or rndc reconfig will result in the following errors written to syslog:

2019-11-16T20:54:00+00:00 localhost named[23042]: [ID 873579 daemon.error] could not listen on UDP socket: permission denied
2019-11-16T20:54:00+00:00 localhost named[23042]: [ID 873579 daemon.error] creating IPv4 interface lo0 failed; interface ignored
2019-11-16T20:54:00+00:00 localhost named[23042]: [ID 873579 daemon.error] could not listen on UDP socket: permission denied
2019-11-16T20:54:00+00:00 localhost named[23042]: [ID 873579 daemon.error] creating IPv4 interface lo0 failed; interface ignored

I can run ppriv -s A+net_privaddr $(pgrep -c $(svcs -H -o ctid pkgsrc/bind)), which will allow named to recognize new interfaces and work properly with both rndc scan and rndc reconfig.

bahamat commented 4 years ago

It looks like a full explicit restart of the pkgsrc/bind smf service fixes this.