On 2020-01-21 11:05, Paul de Weerd wrote:
On Tue, Jan 21, 2020 at 06:58:02PM +0100, Dieter Rauschenberger wrote: | Hi misc, | | on my intranet i have unbound and nsd running, both on the same | machine. unbount is listening on port 53, nsd is listening on port | 5353 on 127.0.0.1. If i run | | dig @127.0.0.1 -p 53 foo.bar | | everything is fine. But if I want to query nsd direct with | | dig @127.0.0.1 -p 5353 foo.bar | | dig core dumps and I can read the following line in /var/log/messages: That's pledge, as the below kernel message explains. | Jan 21 18:42:44 ws /bsd: dig[59239]: pledge "dns", syscall 28 Dig is only allowed to do port 53. This can be worked around by using dig from the bind port, or with a patch to dig that allows you to use other ports when -p is given on the command line. However, I'd recommend running nsd on port 53 on 127.0.0.1; there it doesn't interfere with unbound (assuming that's not listening on 127.0.0.1). Alternatively, you can easily add a second IP address on your loopback interface (::2) and have nsd listen there. | The issue can be easily reporduced with any other port. No need to | have a nsd running. That's because it has nothing to do with nsd but with dig. Dig has promised not to use ports other than 53, and then when you do use ports other than 53, the kernel terminates the process. Cheers, Paul 'WEiRD' de Weerd
dig doesnt core dump for me, it just prints this warning: ";; Error, only port 53 supported". I wonder why the error isnt being printed for OP.
