It probably has to do with BIND dropping privileges. If you run BIND with "-u" so it changes to an unprivileged user, then BIND may not be able to bind() to new interfaces created on your system.
I use FreeBSD, and my solution was to do this every time I add a new interface: RESET=`sysctl -e net.inet.ip.portrange.reservedhigh` sysctl net.inet.ip.portrange.reservedhigh=52 rndc reconfig <wait for named to start responding> sysctl $RESET Linux has some hacks that let you bypass those steps. FreeBSD also has a kernel feature called MAC-PORTACL that behaves like the Linux hack, but since enabling that would require a kernel recompile on more than a thousand servers, we decided not to do that. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-portacl.html What OS are you using, and what's the command-line you use to launch BIND? On Apr 12, 2012, at 9:52 AM, Phil Mayers wrote: > On 12/04/12 16:44, Mihai Moldovan wrote: > >> Hmm, permission denied while binding to ppp0? Maybe that's because my named >> is >> running as the non-privileged system user "named" and binding to the >> privileged >> port 53? Makes sense... but... hm. I guess in this case there's no other way >> but >> running named as root? > > I vaguely seem to recall this has come up on the list before. > > However: at our site: > > 1. Bind runs as user "named" > 2. "rndc reconfig" works with a new IP, e.g. > > # rndc reconfig > # lsof -n -i :53 | fgrep 192.168. > # ip addr add 192.168.230.230/32 dev lo > # rndc reconfig > # lsof -n -i :53 | fgrep 192.168. > named 17052 named 32u IPv4 1395639422 TCP > 192.168.230.230:domain (LISTEN) > named 17052 named 531u IPv4 1395639421 UDP 192.168.230.230:domain > > This is on RHEL5, with SELinux enabled. > > So, it's definitely possible to do this as non-root. As above, I'm sure > this has been discussed, but I can't remember what we decided the > mechanism that allowed this was. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
