IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6
I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message:
/etc/named.conf:56: couldn't add command channel 127.0.0.1#953: address in
use
That's with an rndc.key file in place no controls config, which implies
TCP 953 on 127.0.0.1 ::1.
Control via IPv6 (::1 port 953) works fine, but IPv4 doesn't:
% netstat -an -A inet | fgrep :953
% netstat -an -A inet6 | fgrep :953
tcp0 0 ::1:953:::* LISTEN
Even if I try to configure the controls to listen on a different port for
IPv6, such as:
controls {
inet ::1 port 954 allow { localhost; };
inet 127.0.0.1 allow { localhost; };
};
the IPv4 bind still fails, while the IPv6 bind works.
Interestingly, the bindings for the query ports (TCP UDP 53 IPv4 IPv6)
work fine, with just this under options:
listen-on-v6 { any; };
This is all using BIND built from ISC source (not a RedHat package). Here's
the named -V output:
BIND 9.9.4-RedHat-9.9.4-P1_UIOWA.el6 (Extended Support Version)
id:8f9657aa built with '--host=x86_64-redhat-linux-gnu'
'--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var'
'--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static'
'--disable-openssl-version-check' '--enable-rrl' '--with-gssapi=yes'
'--disable-isc-spnego'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS=
-DDIG_SIGCHASE'
using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
using libxml2 version: 2.7.6
RHEL6 has kernel variable net.ipv6.bindv6only set to 0, which might or might
not be related. BIND 9.8.5-P2 works correctly on a RHEL5 system which also
has it set to 0. There are some comments in some of the 9.9 release notes
about bindv6only, but I couldn't find anything specific to this situation.
Is this a configuration problem or something more in the bug category?
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6
On 12/5/13 11:49 AM, Jay Ford wrote:
I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message:
/etc/named.conf:56: couldn't add command channel 127.0.0.1#953:
address in use
That's with an rndc.key file in place no controls config, which implies
TCP 953 on 127.0.0.1 ::1.
Control via IPv6 (::1 port 953) works fine, but IPv4 doesn't:
% netstat -an -A inet | fgrep :953
% netstat -an -A inet6 | fgrep :953
tcp0 0 ::1:953:::* LISTEN
Even if I try to configure the controls to listen on a different port for
IPv6, such as:
controls {
inet ::1 port 954 allow { localhost; };
inet 127.0.0.1 allow { localhost; };
};
the IPv4 bind still fails, while the IPv6 bind works.
I'm going to take a guess: you might have portreserve running
that is reserving the control channel port, or v4 only because
they forgot about v6. We usually turn it off.
PORTRESERVE(1) TCP port reservation utility
PORTRESERVE(1)
NAME
portreserve - reserve ports to prevent portmap mapping them
SYNOPSIS
portreserve
DESCRIPTION
The portreserve program aims to help services with well-known ports
that lie in the bindresvport range. It prevents portmap (or other
programs using bindresvport) from occupying a real service?s port by
occupying it itself, until the real service tells it to release the
port (generally in its init script).
It is intended that portreserve runs from an initscript of its
own, and
services wishing to interact with it should use portrelease.
--Shumon.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6
On Thu, 5 Dec 2013, Shumon Huque wrote: On 12/5/13 11:49 AM, Jay Ford wrote: I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message: /etc/named.conf:56: couldn't add command channel 127.0.0.1#953: address in use I'm going to take a guess: you might have portreserve running that is reserving the control channel port, or v4 only because they forgot about v6. We usually turn it off. That was indeed the problem killing portreserve lets things work correctly now. Thanks much! Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
