* On 12.04.2012 04:44 PM, Todd Snyder wrote: > You can set interface-interval to a low number to make BIND scan for new > interfaces frequently:
Interesting option! Weird thing is, the documentation as per /usr/share/doc/bind-9.9.0/html/Bv9ARM.ch06.html says: The server will scan the network interface list every interface-interval minutes. The default is 60 minutes. The maximum value is 28 days (40320 minutes). If set to 0, interface scanning will only occur when the configuration file is loaded. After the scan, the server will begin listening for queries on any newly discovered interfaces (provided they are allowed by the listen-on configuration), and will stop listening on interfaces that have gone away. So the default value is 60 minutes. In theory, I should see named binding to ppp0 after about 60 minutes after the ppp0 interface gets up again. This never happened to me. I set the interval to zero and forced a reconfig/reload via rndc. I feel so stupid for not grepping the log file for ppp0 before, anyway, here's the culprit: 12-Apr-2012 17:03:38.661 general: info: received control channel command 'reconfig' 12-Apr-2012 17:03:38.661 general: info: loading configuration from '/etc/bind/named.conf' 12-Apr-2012 17:03:38.662 general: info: reading built-in trusted keys from file '/etc/bind/bind.keys' 12-Apr-2012 17:03:38.662 general: info: using default UDP/IPv4 port range: [1024, 65535] 12-Apr-2012 17:03:38.662 general: info: using default UDP/IPv6 port range: [1024, 65535] 12-Apr-2012 17:03:38.664 network: info: listening on IPv4 interface ppp0, 85.183.67.131#53 12-Apr-2012 17:03:38.664 network: error: could not listen on UDP socket: permission denied 12-Apr-2012 17:03:38.664 network: error: creating IPv4 interface ppp0 failed; interface ignored 12-Apr-2012 17:03:38.679 general: info: sizing zone task pool based on 6 zones 12-Apr-2012 17:03:38.680 database: debug 1: decrement_reference: delete from rbt: 0x7f667e609e28 . 12-Apr-2012 17:03:38.680 general: debug 1: managed-keys-zone: synchronizing trusted keys 12-Apr-2012 17:03:38.681 general: debug 1: now using logging configuration from config file 12-Apr-2012 17:03:38.682 network: info: additionally listening on IPv4 interface ppp0, 85.183.67.131#53 12-Apr-2012 17:03:38.682 network: error: could not listen on UDP socket: permission denied 12-Apr-2012 17:03:38.682 network: error: creating IPv4 interface ppp0 failed; interface ignored 12-Apr-2012 17:03:38.682 general: debug 1: load_configuration: success 12-Apr-2012 17:03:38.682 general: info: reloading configuration succeeded Hmm, permission denied while binding to ppp0? Maybe that's because my named is running as the non-privileged system user "named" and binding to the privileged port 53? Makes sense... but... hm. I guess in this case there's no other way but running named as root? I've tried using setcap to give /usr/sbin/named privileged port binding capabilities: root@valery~# getcap /usr/sbin/named /usr/sbin/named = cap_net_bind_service+ep Restarted bind9, killed -1 pppd and watched the permission denied error flying by again.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users