bind911 socket error

IT_Architect

Member

Reaction score: 7
Messages: 90

FreeBSD 11.0-RELEASE-p1
I did a pkg install bind911
I notice this on startup:
Code:
Jan 16 14:54:11 secure3 named[1176]: socket.c:5681: unexpected error:
Jan 16 14:54:11 secure3 named[1176]: setsockopt(21, TCP_FASTOPEN) failed with Protocol not available
Jan 16 14:54:11 secure3 named[1176]: socket.c:5681: unexpected error:
Jan 16 14:54:11 secure3 named[1176]: setsockopt(22, TCP_FASTOPEN) failed with Protocol not available
Jan 16 14:54:11 secure3 named[1176]: socket.c:5681: unexpected error:
Jan 16 14:54:11 secure3 named[1176]: setsockopt(23, TCP_FASTOPEN) failed with Protocol not available
Jan 16 14:54:11 secure3 named[1176]: socket.c:5681: unexpected error:
Jan 16 14:54:11 secure3 named[1176]: setsockopt(24, TCP_FASTOPEN) failed with Protocol not available
How do I fix that? (I'm surprised I have such an error with a default install)

Thanks!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,210
Messages: 31,923

I have several bind99 servers running but I'm not seeing this issue. It may be something that was introduced in 9.11. If you have other servers with the same version running without this issue it's most likely a configuration setting somewhere. I'd start comparing the named.conf file for any differences.
 
OP
OP
I

IT_Architect

Member

Reaction score: 7
Messages: 90

I have several bind99 servers running but I'm not seeing this issue. It may be something that was introduced in 9.11. If you have other servers with the same version running without this issue it's most likely a configuration setting somewhere. I'd start comparing the named.conf file for any differences.
bind911 and bind910 both post errors. bind99 posts no errors. bind99 it is.

Thanks TONS!!!
 

megapearl

Member

Reaction score: 8
Messages: 86

Already compared /usr/local/etc/namedb/named.conf, they are the same except for the zones.
Also compared /etc/sysctl.conf and /boot/loader.conf and the kernel config of both servers, all the same.
 
OP
OP
I

IT_Architect

Member

Reaction score: 7
Messages: 90

As SirDice noticed in my thread; Added 'options TCP_RFC7413' to custom kernel config and added 'net.inet.tcp.fastopen.enabled=1' to /etc/sysctl.conf no errors anymore from bind911.
Thanks for you reply on this. I assumed a custom kernel would fix it, but I was hoping for a flag for bind911 package. I'm not the FreeBSD guru, however I find it peculiar for a generic package configuration for something like bind to have a dependency of a custom kernel. I have plenty older ones with custom kernels, but FreeBSD 11 has everything I need in Generic, so I don't feel inclined to change that for something as simple as bind.

Thanks!!!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,210
Messages: 31,923

What I find odd is that identical servers have different settings. Reading the release notes:
named can now use the TCP Fast Open mechanism on the server side, if supported by the local operating system. [RT #42866]
So it looks like named may not detect it properly. Or it simply tries to enable the option (causing the error message) and falling back to 'normal' mode if it fails.
 

megapearl

Member

Reaction score: 8
Messages: 86

Maybe you can load the tcp_rfc7413 in the GENERIC kernel via /boot/loader.conf.local, adding something like tcp_rfc7413_load="YES" but I don't know for sure and didn't test it.
 
Top