Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15775

Re: Upgrade from 9.14 to 9.16 - transfer-source with low source port no longer works.

From Ondřej Surý <ondrej@isc.org>
Newsgroups comp.protocols.dns.bind
Subject Re: Upgrade from 9.14 to 9.16 - transfer-source with low source port no longer works.
Date 2020-05-26 11:47 +0200
Message-ID <mailman.436.1590486453.942.bind-users@lists.isc.org> (permalink)
References <202005260938.04Q9cKxg006927@nordnytt.cc.uit.no> <DCB62D16-BC5C-4544-BC50-6F5496722DD8@isc.org>

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hi Ingeborg,

please see release notes:

https://downloads.isc.org/isc/bind9/9.16.3/RELEASE-NOTES-bind-9.16.3.html

This is listed in Known Issues for BIND 9.16.1:

> 	• UDP network ports used for listening can no longer simultaneously be used for sending traffic. An example configuration which triggers this issue would be one which uses the same address:port pair for listen-on(-v6) statements as for notify-source(-v6) or transfer-source(-v6). While this issue affects all operating systems, it only triggers log messages (e.g. "unable to create dispatch for reserved port") on some of them. There are currently no plans to make such a combination of settings work again.

Ondrej
--
Ondřej Surý
ondrej@isc.org

> On 26 May 2020, at 11:38, Ingeborg Hellemo <ingeborg.hellemo@uit.no> wrote:
> 
> FreeBSD 11.3-RELEASE-p3
> 
> This morning I upgraded from BIND 9.14.11 to 9.16.3 via FreeBSD ports.
> 
> Then I realize that my slave server no longer transfer zones from the master.
> The zone transfers worked as expected before the upgrade.
> 
> There are no error messages. The slave receives notifies from the master:
> 
> May 26 09:40:35 ludvigsen named[22721]: client @0x81d593f68
> 129.242.4.254#24673: received notify for zone 'av.uit.no'
> May 26 09:40:35 ludvigsen named[22721]: zone av.uit.no/IN: notify from
> 129.242.4.254#24673: serial 2020052600
> 
> I can do a 'rndc reload <zone>' without errors:
> 
> May 26 09:57:29 ludvigsen named[22721]: received control channel command
> 'reload av.uit.no'
> 
> If I do a full 'rndc reload' I finally get an error:
> 
> May 26 11:08:14 ludvigsen named[25953]: unable to create dispatch for reserved
> port 129.242.5.254#53: permission denied
> 
> Since this is a host with serveral virtual interfaces this address/port is set
> in named.conf:
> 
>        transfer-source 129.242.5.254 port 53;
> 
> The solution was to remove the 'port 53' part of the config,
> 
> 
> 
> Finally, the question:
> 
> Has there been some change in when named changes user id and drops privilege
> from root? Or some other changes that can explain the error?
> 
> 
> 
> 
> --Ingeborg
> --
> Ingeborg Østrem Hellemo  --  ingeborg.hellemo@uit.no
> Dep. of Information Technology  ---  Univ. of Tromsø
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread

Thread

Re: Upgrade from 9.14 to 9.16 - transfer-source with low source port no  longer works. Ondřej Surý <ondrej@isc.org> - 2020-05-26 11:47 +0200

csiph-web