Date: Tue, 5 Jul 2005 07:32:15 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu> Cc: freebsd-stable@freebsd.org Subject: Re: BIND vs. mac_portacl Message-ID: <20050705063215.GA50936@walton.maths.tcd.ie> In-Reply-To: <42C9B584.8040805@t-hosting.hu> References: <42C9B584.8040805@t-hosting.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 05, 2005 at 12:17:40AM +0200, K?vesd?n G?bor wrote: > The bind user has the uid 55. I've added a rule for it, as You can see, > but it doesn't help. I get this error with the ruleset can be seen > above, and also without any rules. But apache works. It can change to > the www user. Proftpd can change to the proftpd user. BIND is the only > one that doesn't work. What's wrong? The portrange stuff doesn't work for IPv6 sockets at the moment, and I suspect that BIND is trying to bind to some IPv6 ports (or maybe to the IPv6 wildcard port, which can cover the IPv4 addresses too). I'm planning to fix the portrange stuff soon, but just haven't had time yet - I'll try to get to it by the end of the week. If you don't actually want to use IPv6, you could give explicit addresses to named using the listen-on and query-source directives. Alternatively, a kernel without IPv6 might work. David.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050705063215.GA50936>