On 2012-01-01, Pete Vickers <p...@systemnet.no> wrote: > snippet from /etc/named-gn.conf : > controls { > inet 10.20.30.2 port 954 allow {10.20.30.2;} keys {"rndc-key";}; > }; > > then it also fails and complains thus: > > Jan 1 09:01:49 ns0 named[8504]: [child]: disallowed port 954 > Jan 1 09:01:49 ns0 named[8504]: /etc/named-gn.conf:19: couldn't add command > channel 10.20.30.2#954: permission denied > Jan 1 09:01:49 ns0 named[8504]: running > > So I guess that named's (unprivileged?) child does not honour (inherit?) the > parent's rdomain, and thus cannot bind to either rdomain '0' or '1', > succesfully ?
The child process only allows binding to ports 53/953/921, see usr.sbin/bind/lib/isc/unix/privsep.c line 190. I'm pretty sure the child will be inheriting the rdomain from the process which forked it.