IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6
I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message: /etc/named.conf:56: couldn't add command channel 127.0.0.1#953: address in use That's with an rndc.key file in place no controls config, which implies TCP 953 on 127.0.0.1 ::1. Control via IPv6 (::1 port 953) works fine, but IPv4 doesn't: % netstat -an -A inet | fgrep :953 % netstat -an -A inet6 | fgrep :953 tcp0 0 ::1:953:::* LISTEN Even if I try to configure the controls to listen on a different port for IPv6, such as: controls { inet ::1 port 954 allow { localhost; }; inet 127.0.0.1 allow { localhost; }; }; the IPv4 bind still fails, while the IPv6 bind works. Interestingly, the bindings for the query ports (TCP UDP 53 IPv4 IPv6) work fine, with just this under options: listen-on-v6 { any; }; This is all using BIND built from ISC source (not a RedHat package). Here's the named -V output: BIND 9.9.4-RedHat-9.9.4-P1_UIOWA.el6 (Extended Support Version) id:8f9657aa built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-rrl' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 using libxml2 version: 2.7.6 RHEL6 has kernel variable net.ipv6.bindv6only set to 0, which might or might not be related. BIND 9.8.5-P2 works correctly on a RHEL5 system which also has it set to 0. There are some comments in some of the 9.9 release notes about bindv6only, but I couldn't find anything specific to this situation. Is this a configuration problem or something more in the bug category? Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6
On 12/5/13 11:49 AM, Jay Ford wrote: I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message: /etc/named.conf:56: couldn't add command channel 127.0.0.1#953: address in use That's with an rndc.key file in place no controls config, which implies TCP 953 on 127.0.0.1 ::1. Control via IPv6 (::1 port 953) works fine, but IPv4 doesn't: % netstat -an -A inet | fgrep :953 % netstat -an -A inet6 | fgrep :953 tcp0 0 ::1:953:::* LISTEN Even if I try to configure the controls to listen on a different port for IPv6, such as: controls { inet ::1 port 954 allow { localhost; }; inet 127.0.0.1 allow { localhost; }; }; the IPv4 bind still fails, while the IPv6 bind works. I'm going to take a guess: you might have portreserve running that is reserving the control channel port, or v4 only because they forgot about v6. We usually turn it off. PORTRESERVE(1) TCP port reservation utility PORTRESERVE(1) NAME portreserve - reserve ports to prevent portmap mapping them SYNOPSIS portreserve DESCRIPTION The portreserve program aims to help services with well-known ports that lie in the bindresvport range. It prevents portmap (or other programs using bindresvport) from occupying a real service?s port by occupying it itself, until the real service tells it to release the port (generally in its init script). It is intended that portreserve runs from an initscript of its own, and services wishing to interact with it should use portrelease. --Shumon. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6
On Thu, 5 Dec 2013, Shumon Huque wrote: On 12/5/13 11:49 AM, Jay Ford wrote: I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message: /etc/named.conf:56: couldn't add command channel 127.0.0.1#953: address in use I'm going to take a guess: you might have portreserve running that is reserving the control channel port, or v4 only because they forgot about v6. We usually turn it off. That was indeed the problem killing portreserve lets things work correctly now. Thanks much! Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users