On 2012-01-01, Pete Vickers <p...@systemnet.no> wrote:
> snippet from /etc/named-gn.conf :
> controls {
> inet 10.20.30.2 port 954 allow {10.20.30.2;} keys {"rndc-key";};
> };
>
> then it also fails and complains thus:
>
> Jan 1 09:01:49 ns0 named[8504]: [child]: disallowed port 954
> Jan 1 09:01:49 ns0 named[8504]: /etc/named-gn.conf:19: couldn't add command
> channel 10.20.30.2#954: permission denied
> Jan 1 09:01:49 ns0 named[8504]: running
>
> So I guess that named's (unprivileged?) child does not honour (inherit?) the
> parent's rdomain, and thus cannot bind to either rdomain '0' or '1',
> succesfully ?
The child process only allows binding to ports 53/953/921, see
usr.sbin/bind/lib/isc/unix/privsep.c line 190.
I'm pretty sure the child will be inheriting the rdomain from the process
which forked it.
