Hi,
I've got the following intermittent socket bind errors in my log files:
error: can't bind socket: Permission denied for
Frequency: 1-3 per day
The config contains 10 specific IPv6 addresses and 4 IPv4
'outgoing-interface:'
addresses.
The errors show only IPv6 addresses (no IPv4).
The IPv6
> I found an old (from 2014) thread in the ML archive [1]
> with a similar error but it did not include a solution for me.
I'll also try to limit the used ports via 'outgoing-port-permit'
as described in [2] even though the default (>1024) should be fine as well.
> [1] https://www.unbound.net/p
>> I've got the following intermittent socket bind errors in my log files:
>>
>> error: can't bind socket: Permission denied for
>
> Does the patch fix the problem for you?
I'm running 1.7.3 with this patch applied and still got an
can't bind socket: Permission denied for ...
error in the l
W.C.A. Wijngaards via Unbound-users:
> I think it is harmless, but the permission denied shouldn't really be
> happening? In the code repository is a patch that prints out the port
> number as well, perhaps the port number is somehow reserved for a purpose.
>
> No need to disable IPv6, but it i
W.C.A. Wijngaards via Unbound-users:
>> Will this be included in future unbound releases?
>
> Yes, sure. I'll keep it in. Perhaps something similar is happening and
> is what I need to do to fix it, somehow. That would be a failure where
> the socket structure is reused with the addr and port
Hi Wouter,
W.C.A. Wijngaards wrote:
> Thank you for the information. I don't see any problem and the config
> looks spotless. Lots of outgoing interfaces is interesting information,
> perhaps I can find something in that part of the code.
if you need me to run with an additional diagnostics pat
> I can see the similar issue with similar config (which is there btw
> because of selinux preventing use of non-dynamic ports.
>
> Jul 3 12:56:28 resolver unbound: [18382:0] error: can't bind socket:
> Permission denied for ::
> Jul 3 13:56:27 resolver unbound: [18382:0] error: can't bind socke
W.C.A. Wijngaards via Unbound-users:
> Yes that is the problem, the auth zone probes did not consult the
> config. They had 16 bit random numbers, good for security, but not
> config. So, made patch. This patch is also more capable in case of a
> lot of traffic and interfaces fully in use, it'
Hi,
Since unbound's missing TLS connection reuse feature
is now used as a justification [1] why DoH [2] has better software
than DoT I was wondering if you had any timeline
for TLS connection reuse in unbound, which is already in your bugzilla:
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?
Eric Luehrsen via Unbound-users:
> If Unbound cache and prefetch parameters are configured properly,
> they can mitigate the TLS handshake overhead.
Unless you have a cache hit rate of 100%, cacheing and prefetching
will not be able to compensate missing TLS connection reuse.
(but that was not w
> One of the benefits of DoH over DoT seems that port 443 is utilized as
> opposed to port 853 and thus less likely to to be blocked by firewalls.
since may DoT servers also run on 443 this should not be a reason for using
DoH instead of DoT
>
> Some are voicing their concern that it would cede
nusenu via Unbound-users:
>> One of the benefits of DoH over DoT seems that port 443 is utilized as
>> opposed to port 853 and thus less likely to to be blocked by firewalls.
>
> since may DoT servers also run on 443 this should not be a reason for using
> DoH instead of
>>> One of the benefits of DoH over DoT seems that port 443 is utilized as
>>> opposed to port 853 and thus less likely to to be blocked by firewalls.
>> since may DoT servers also run on 443 this should not be a reason for using
>> DoH instead of DoT
>
> Sure, if they were. Do you know of any pub
13 matches
Mail list logo
