named (bind) in jail does not start

Matthew Seaman m.seaman at
Sat Nov 29 07:40:30 PST 2003

On Sat, Nov 29, 2003 at 03:23:48PM +0100, Axel S. Gruner wrote:
> Hi.
> I have configured named in jail (FreeBSD 5.1-RELEASE-p10).
> If i want to start named in the jail
> /usr/sbin/named
> i get this error message:
> opensocket_f: bind([].53): Address already in use
> Ok, Port 53 is not in use in the jail nor the hostsystem.
> I think the problem is, and i have to bind named on the IP of
> the jail. 
> I tested same named configuration on the hostsystem, i thought about
> some misconfigration, but on the hostsystem named starts perfectly.
> I also tried to start named with -g and -u in the jail, same error.
> So, my short question is, how can i run named in the jail?
> Any ideas?

Yes.  The problem is that named is attempting to bind(2) to
INADDR_ANY.  In a jail, that includes the loopback address.  Problem
is, jails don't get their own loopback addresses -- there's just the
one loopback shared between the host system and all jails.  Which
effectively means that jailed processes can't bind to the loopback.

The answer is to configure named to only bind to the jail IP number --
see (for bind8) or (for bind9)
[available in HTML as
file:///usr/local/share/doc/bind9/arm/Bv9ARM.html if you've installed
the bind9 port.]

In bind9 you need to add something like the following to named.conf --
bind8 will be similar:

    options {


        listen-on {
        query-source address port 53;
        transfer-source port 53;
        notify-source port 53;

There are equivalent IPv6 statements if you're an IPv6 user.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-current mailing list