BIND vs. mac_portacl
David Malone
dwmalone at maths.tcd.ie
Tue Jul 5 06:32:17 GMT 2005
On Tue, Jul 05, 2005 at 12:17:40AM +0200, K?vesd?n G?bor wrote:
> The bind user has the uid 55. I've added a rule for it, as You can see,
> but it doesn't help. I get this error with the ruleset can be seen
> above, and also without any rules. But apache works. It can change to
> the www user. Proftpd can change to the proftpd user. BIND is the only
> one that doesn't work. What's wrong?
The portrange stuff doesn't work for IPv6 sockets at the moment,
and I suspect that BIND is trying to bind to some IPv6 ports (or
maybe to the IPv6 wildcard port, which can cover the IPv4 addresses
too). I'm planning to fix the portrange stuff soon, but just haven't
had time yet - I'll try to get to it by the end of the week.
If you don't actually want to use IPv6, you could give explicit
addresses to named using the listen-on and query-source directives.
Alternatively, a kernel without IPv6 might work.
David.
More information about the freebsd-stable
mailing list