On Wed, Sep 27, 2017 at 05:51:31PM +0000, David Wolfskill wrote: > On Wed, Sep 27, 2017 at 01:35:25PM -0400, Christopher Sean Hilton wrote: > > I'm trying to configure bind 9.11 as a nameserver on FreeBSD > > 11-STABLE. When the bind9 port compile it enables TCP_FASTOPEN but the > > changes haven't yet been baked into the GENERIC Kernel. I can't find a > > way to disable the use of TCP_FASTOPEN in bind at startup. Is the only > > way to fix this problem to build a new kernel with TCP_FASTOPEN > > enabled? > > > > -- Chris > > .... > > ? I'm running bind99-9.9.11 (dns/bind99) on a couple systems running > stable/11 (amd64; currently r323950). The kernels are (lightly) > customized, based on GENERIC. I don't recall setting anything involving > TCP_FASTOPEN on anything, and have used rndc without issue.... > > Perhaps you could elaborate a bit on exactly what you are trying to do > and how the system responds? (The systems in question run kernels that > are built on a dedicated "build machine" -- which is presently powered > off for the day. I can bring it up for a reality check, should that be > wanted.) >
Good afternoon David, Thanks for the help! I'm running ports ?net?/bind911 of FreeBSD 11-STABLE with the GENERIC kernel. When I start bind, I get this in my logs: Sep 27 13:16:13 alderaan named[30169]: starting BIND 9.11.2 <id:0a2b929> Sep 27 13:16:13 alderaan named[30169]: running on FreeBSD amd64 11.1-PRERELEASE FreeBSD 11.1-PRERELEASE #2 r321128: Tue Jul 18 11:30:08 EDT 2017 root@freebsd-mule:/usr/obj/usr/src/sys/GENERIC Sep 27 13:16:13 alderaan named[30169]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-dnstap' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--with-idn=/usr/local' '--enable-ipv6' '--with-libjson' '--disable-largefile' '--with-lmdb' '--without-python' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-threads' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-gost' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.0' 'build_alias=amd64-portbld-freebsd11.0' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-strict-aliasing' 'LDFLAGS= -fstack-protector' 'LIBS =-L/usr/local/lib' 'CPPFLAGS=-D Sep 27 13:16:13 alderaan named[30169]: running as: named -t /var/named -u bind -c /etc/namedb/named.conf Sep 27 13:16:13 alderaan named[30169]: ---------------------------------------------------- Sep 27 13:16:13 alderaan named[30169]: BIND 9 is maintained by Internet Systems Consortium, Sep 27 13:16:13 alderaan named[30169]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Sep 27 13:16:13 alderaan named[30169]: corporation. Support and training for BIND 9 are Sep 27 13:16:13 alderaan named[30169]: available at https://www.isc.org/support Sep 27 13:16:13 alderaan named[30169]: ---------------------------------------------------- Sep 27 13:16:13 alderaan named[30169]: socket.c:5695: unexpected error: Sep 27 13:16:13 alderaan named[30169]: setsockopt(21, TCP_FASTOPEN) failed with Protocol not available Sep 27 13:16:13 alderaan named[30169]: socket.c:5695: unexpected error: Sep 27 13:16:13 alderaan named[30169]: setsockopt(22, TCP_FASTOPEN) failed with Protocol not available Sep 27 13:16:13 alderaan named[30169]: socket.c:5695: unexpected error: Sep 27 13:16:13 alderaan named[30169]: setsockopt(23, TCP_FASTOPEN) failed with Protocol not available Sep 27 13:16:13 alderaan named[30169]: socket.c:5695: unexpected error: Sep 27 13:16:13 alderaan named[30169]: setsockopt(24, TCP_FASTOPEN) failed with Protocol not available Sep 27 13:16:13 alderaan named[30169]: couldn't add command channel 127.0.0.1#953: file not found Sep 27 13:16:13 alderaan named[30169]: couldn't add command channel ::1#953: file not found Sep 27 13:16:13 alderaan named[30169]: all zones loaded I haven't read the bind source code yet but I'm assuming that the inability to start rndc at 127.0.0.1#953 is related to the TCP_FASTOPEN error from the log above. Not much Google reveals this thread: https://forums.freebsd.org/threads/59367/ Which talks about the problem and mentions one, and only one, solution of rebuilding the kernel to support TCP_FASTOPEN. That solution is kind of heavyweight for me. If you read more about tcp_fastopen, you'll get indications that the code may be too green right now to be enabled by default. Please pardon any file blunders here, I'm at work so it's not easy to research this completely. From what I can see though, with the option id defined in <socket/tcp.h> but it needs to be compiled in and then enabled via sysctl if you want to actually use it. I was hoping that bind had a runtime option disable this feature but I can't find it anywhere. I'll look at the bind source code tonight. I'll be hoping to find a config switch or something that can turn TCP_FASTOPEN off even if the header files say that it's available. If it's there, I'll submit a patch to the port's config to toggle that switch at compile time. -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)____.___o____..___..o...________ooO..._____________________ Christopher Sean Hilton [chris/at/vindaloo/dot/com] _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"