named: client (a broadcast address)#(port): error sending response: permission denied

Xin LI delphij at delphij.net
Fri Nov 12 21:56:24 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Since I have seen this issue resolved nowhere within Google results, I
would like to post it here for future reference - its cause, how to work
around it.

Thanks for rwatson@ for his expertise.

This is what I have seen on my own system:

Nov 11 19:13:02 tarsier named[21464]: client 211.166.10.255#38500: error
sending response: permission denied

Which happens very frequently.

======

The cause:

Some other system on the same subnet produced a DNS query, claiming it
from the IP broadcast address (either full 1's or full 0's from the same
subnet), and unicast to the system running a DNS service.

named(8), in turn, attempts to respond the DNS query.  When sending out
the response packet, the destination IP address would be that IP
broadcast address.  The FreeBSD implementation (also other TCP/IP stacks
I am aware of) does not permit this unless the socket have SO_BROADCAST,
according to sendmsg(2) manual page.

This EACCES would result in the messsage "error sending response:
permission denied".

Basically our TCP/IP stack is doing the right thing.

======

The workaround is to filter out the traffic from the offending host.  I
am not yet aware of which operating system did that.

Another workaround is to patch named (contrib/bind9/bin/named/client.c)
around the log and disable the whole log thing.

======

The fix is to either fix the offending host or remove it.

Cheers,
- -- 
Xin LI <delphij at delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!	       Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iQEcBAEBCAAGBQJM3bf4AAoJEATO+BI/yjfBc1AH/R/jt6/wS0Doy6o4cZairo3q
zeYlQspPSNfBMI65OKl9F08iEI9kVSvfokgQg/eyriqtLre/upu2TnKyx+y/zDxX
4RD17i4lYqAnYP6Hp4z++yk8gKU10FZe0rlPjGZ14UV2WKgqPuAYXR5qIAFlB3Hz
I/7okVNY6TahkgcCfZQ1mCtQPbXtHHsmM37HEkPPz7GbFNYNYTxp7Zb9tEhyE5Ye
4b/ocJuBSN12FY9GTsgeyGWMp2ZO6JhEUgwuThVYB6CU9oi56pIpVOFIgI0IW0Q6
UQh6N4VjcoRF9Z12uwqXgS84gPPAIbNZ8Pa3z5FkVpXoJOxT4rP9INU/mA5Ay+Q=
=sgKB
-----END PGP SIGNATURE-----

More information about the freebsd-net mailing list