• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Bind911 - could not listen on UDP socket: permission denied

bryn1u

Well-Known Member

Thanks: 2
Messages: 287

#1
Hello guys,
After few hours bind has stopped listening on interface. I don't know where is the problem.
Code:
Jan  2 18:48:49 dns named[68857]: starting BIND 9.11.2 <id:0a2b929>
Jan  2 18:48:49 dns named[68857]: running on FreeBSD amd64 11.1-STABLE-HBSD FreeBSD 11.1-STABLE-HBSD #1  bd4021162f1(hardened/11-stable/master): Tue Jan  2 14:56:45 CET 2018     bryn1u@HardenedBSD:/usr/obj/usr/src/sys/Proton
Jan  2 18:48:49 dns named[68857]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-dnstap' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--with-idn=/usr/local' '--enable-ipv6' '--with-libjson' '--disable-largefile' '--with-lmdb' '--with-python=/usr/local/bin/python2.7' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-threads' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-gost' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.1' 'build_alias=amd64-portbld-freebsd11.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DHARDENEDBSD -DLIBICONV_PLUG -fPIE -fPIC -fsanitize=safe-stack -fstack-protector-all -isystem /usr/local/include -fno-strict-a
Jan  2 18:48:49 dns named[68857]: running as: named -u bind -c /usr/local/etc/namedb/named.conf
Jan  2 18:48:49 dns named[68857]: ----------------------------------------------------
Jan  2 18:48:49 dns named[68857]: BIND 9 is maintained by Internet Systems Consortium,
Jan  2 18:48:49 dns named[68857]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan  2 18:48:49 dns named[68857]: corporation.  Support and training for BIND 9 are
Jan  2 18:48:49 dns named[68857]: available at https://www.isc.org/support
Jan  2 18:48:49 dns named[68857]: ----------------------------------------------------
Jan  2 18:48:49 dns named[68857]: command channel listening on 127.0.0.1#953
Jan  2 18:48:49 dns named[68857]: all zones loaded
Jan  2 18:48:49 dns named[68857]: running
Jan  3 08:51:16 dns named[68857]: not listening on any interfaces
Jan  3 08:57:18 dns named[68857]: could not listen on UDP socket: permission denied
Jan  3 08:57:18 dns named[68857]: creating IPv4 interface em0 failed; interface ignored
Jan  3 08:57:18 dns named[68857]: not listening on any interfaces
Jan  3 09:48:50 dns named[68857]: could not listen on UDP socket: permission denied
Jan  3 09:48:50 dns named[68857]: creating IPv4 interface em0 failed; interface ignored
Jan  3 09:48:50 dns named[68857]: not listening on any interfaces
Jan  3 10:48:50 dns named[68857]: could not listen on UDP socket: permission denied
Jan  3 10:48:50 dns named[68857]: creating IPv4 interface em0 failed; interface ignored
Jan  3 10:48:50 dns named[68857]: not listening on any interfaces
Jan  3 11:48:50 dns named[68857]: could not listen on UDP socket: permission denied
Jan  3 11:48:50 dns named[68857]: creating IPv4 interface em0 failed; interface ignored
Jan  3 11:48:50 dns named[68857]: not listening on any interfaces
Jan  3 12:48:50 dns named[68857]: could not listen on UDP socket: permission denied
Jan  3 12:48:50 dns named[68857]: creating IPv4 interface em0 failed; interface ignored
Jan  3 12:48:50 dns named[68857]: not listening on any interfaces
Jan  3 13:30:16 dns named[68857]: stopping command channel on 127.0.0.1#953
Jan  3 13:30:16 dns named[68857]: exiting
Someone can help ?
Bind is closed in jail.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,509
Messages: 25,699

#2
HardendBSD is a fork/derivative. I suggest you report the error at their project page.
 

bryn1u

Well-Known Member

Thanks: 2
Messages: 287

#3
Problem resloved. There was a problem with SafeStack which is next security layer included in Bind911 - HardenedBSD.