Re: BIND 9.19.24 not listening to rndc port (953)

In reply to: Craig Leres : "Re: BIND 9.19.24 not listening to rndc port (953)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net>
Date: Tue, 02 Jul 2024 17:08:41 UTC

On Mon, 1 Jul 2024, Craig Leres wrote:

> On 7/1/24 10:17, Bakul Shah wrote:
>> On Jul 1, 2024, at 9:18 AM, Craig Leres <leres@freebsd.org> wrote:
>>> 
>>> On 6/30/24 04:46, sthaug@nethelp.no wrote:
>>>> Short description: Fresh install of bind9-devel-9.19.24_1 doesn't
>>>> listen to localhost port 953, with the result that rndc doesn't work.
>>>> Problem is 100% reproducible.
>>> 
>>> bind-tools-9.18.27_1 with 14.1-RELEASE-p1 suffers from this as well.
>> 
>> I was ignoring this until now but finally chased it down! I had to add
>>
>>         inet 127.0.0.1 port 953
>>           allow { 127.0.0.1; } keys { "rndc-key"; };
>> 
>> to "controls { ... }" in /etc/named.conf
>
> Ah... I already had that but I see now that the problem is due to the 14.1 
> issue I reported (see  "FreeBSD 14.x localhost source address" on the 
> freebsd-stable list).
>
>> For 14.1 at least, this has the side effect that the source address
>> for anything in the 127.0.0.0/8 domain becomes 127.0.0.2 instead
>> of 127.0.0.1.
>
> So I changed named.conf and now it works!

[... hijacking ...]

This all wouldn't be a problem if they wouldn't have taken away UNIX
Domain sockets ... 
https://gitlab.isc.org/isc-projects/bind9/-/issues/4311

Maybe more people want to complain ;-)

-- 
Bjoern A. Zeeb                                                     r15:7