Named could not listen on UDP socket: permission denied

[Brian Candler]

On Thu, Jan 26, 2006 at 05:01:50PM +0200, Oleg Tarasov wrote:
> I run FreeBSD 6.0 and I have begun to recieve quite periodic error messages like these:
> 
> Jan 25 19:45:50 central named[728]: could not listen on UDP socket: permission denied
> Jan 25 19:45:50 central named[728]: creating IPv4 interface ng0 failed; interface ignored
> 
> ng0 is my main internet interface and is created on early boot
> (rcordered like ppp-user) by mpd. Certainly, I need DNS listening on
> this interface.
> 
> The reason is that if mpd is restarted for some reason, interface ng0
> is destroyed and created again while listener on this interface is
> destroyed too. Named is chrooted at this time and cannot re-bind
> listener on this interface. Only manual restart of named helps it bind
> to this interface.
> 
> This is not deadly situation as if I manually restart mpd I will be
> able to restart named too...
> 
> Running named under root user or out of chroot environment is not
> quite acceptable way...

named needs to be root in order to bind to port 53.

If ng0 has a fixed IP address, then you could configure an alias on lo0 with
that address. Then, even though named cannot rebind to ng0, it will still
answer queries to that address.

If ng0 has a dynamic address, then I think your only solution is to run
named as root within a chroot environment or jail(8) - or to write a script
which is run when ng0 comes up, which kills and restarts bind. Does mpd have
a hook to call a script on interface up?

Regards,

Brian.