bind9 "UDP socket: address family not supported" problem

koper · Sep 13, 2009

Hi guys,

I'm trying to fix this for quite a while now, without any results, that's why I'm here.

So here is the problem: I'm trying to run a test instance of named from uid!=0 shell (I've got no root access here)
, by starting:

named -4 -c named.conf -d 3 -u 5157

I've got multiple interfaces to bind to, and on each and every one of them I get this:

13-Sep-2009 23:33:54.971 listening on IPv4 interface lo0, 127.0.0.1#10053
13-Sep-2009 23:33:54.971 could not listen on UDP socket: address family not supported

what can be the problem? I've managed to run bind on higher ports from any uid without any problems.

My current bind is:

volt% named -V
BIND 9.6.1-P1 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--with-libxml2=/usr/local'

Can anybody point me in the right direction?

Thanks!

DutchDaemon · Sep 13, 2009

koper said:
I've managed to run bind on higher ports from any uid without any problems.

What's different this time then? I'm assuming you're still trying to bind to a high port? Is there anything more detailed in a log file somewhere?

koper · Sep 14, 2009

That's rather "I had managed to do this before"... sorry

no more details in bind log. It looks that the problem exists during any kind of IP communication by bind (that includes sending master-slave zone communications):

14-Sep-2009 00:53:06.106 zone XXX.pl/IN/external: sending notify to 10.10.10.13#10053
14-Sep-2009 00:53:06.106 dns_request_createvia
14-Sep-2009 00:53:06.106 dns_request_createvia: failed address family not supported

I suspect some kind of limitations for regular user account...
on the other hand I have no trouble binding to higher udp port (for instance with netcat).

Thanks!

DutchDaemon · Sep 14, 2009

Very long shot:

could you try adding

Code:

files 1024;

to the options in named.conf?

koper · Sep 14, 2009

DutchDaemon: tried it already, also with even smaller file limits, same thing happens

little more info about limitations:

volt% ulimit -a
-t: cpu time (seconds) 1000
-f: file size (blocks) unlimited
-d: data seg size (kbytes) 33554432
-s: stack size (kbytes) 8192
-c: core file size (blocks) 0
-m: resident set size (kbytes) unlimited
-l: locked-in-memory size (kb) unlimited
-u: processes 100
-n: file descriptors 512
-N 9: socket buffer size (kb) unlimited
-v: virtual memory size (kb) unlimited
-N 11: unlimited

sys:

volt% uname -v
FreeBSD 9.0-CURRENT #0: Sat Sep 5 18:59:28 CEST 2009

DutchDaemon · Sep 14, 2009

Are you confined to a jailed/chroot'ed environment with limited access to (creating) sockets?

koper · Sep 14, 2009

DutchDaemon said:
Are you confined to a jailed/chroot'ed environment with limited access to (creating) sockets?

Nope, regular system account, no chrooting, etc.

I am able to bind to a higher port with nc -l local <port> (also with -u for UDP)

DutchDaemon · Sep 14, 2009

Well, not having run BIND any other way than 'start as root, drop to bind', I can only suggest going back to a bare-bones installation (e.g. dropping openssl/dnssec and other added functionality, and maybe replacing the compile-time paths to point to directories owned by you -- unless the entire installation already chroot's to your directory) and a bare-bones config (only include the minimal necessities) and see if it will start and which additions break it eventually.

bind9 "UDP socket: address family not supported" problem

koper

DutchDaemon

Administrator

koper

DutchDaemon

Administrator

koper

DutchDaemon

Administrator

koper

DutchDaemon

Administrator