Maintained by: NLnet Labs

[Unbound-users] New member, maybe old question?

Filipe Cifali
Thu Jun 5 12:13:15 CEST 2014


I'll update the kernel to search for that option, running 3.10.10 atm.

Yes I have binds running on another 2 interfaces (that's one reason for not
running 0.0.0.0, the other is: simple configure the only IPs for him to use
that he needs only)


On Thu, Jun 5, 2014 at 4:38 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Filipe,
>
> For me such a trace would end like this (with interface-automatic: yes):
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
> setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
> setsockopt(5, SOL_IP, IP_MTU_DISCOVER, [0], 4) = 0
> bind(5, {sa_family=AF_INET, sin_port=htons(53),
> sin_addr=inet_addr("0.0.0.0")}, 16) = 0
>
> Notice the SO_REUSEADDR option. The trace you post is missing that.
> That must be a #ifdef SO_REUSEADDR that fails at compile time
> (services/listen_dnsport.c) ?
>
> In latest code there is a so-reuseport option for linux (very recent
> 3.9) kernels.  This option is really there to distribute queries over
> threads more easily, but it may also act like reuseaddr in some ways
> that you need.
>
> Also, something else is using port 53 somehow?  Or does your system
> have secure-linux or something like that that prevents binding to this
> port by any old program?
>
> Best regards,
>    Wouter
>
> On 06/04/2014 11:32 PM, Filipe Cifali wrote:
> > Just installed -> http://pastebin.com/R8wLXrX7
> >
> > Just tried w/ only interface-automatic: yes (no interface: ips)
> > and still same error.
> >
> > Thanks for the help everyone btw.
> >
> >
> >
> > On Wed, Jun 4, 2014 at 6:15 PM, W.C.A. Wijngaards
> > <wouter at nlnetlabs.nl <mailto:wouter at nlnetlabs.nl>> wrote:
> >
> > Hi Filipe,
> >
> > On 06/04/2014 07:33 PM, Filipe Cifali wrote:
> >> On Wed, Jun 4, 2014 at 7:17 AM, Jarno Huuskonen
> >> <jarno.huuskonen at uef.fi <mailto:jarno.huuskonen at uef.fi>
> >
> >> Have you tested with interface-automatic: yes ?
> >
> >> interface-automatic: yes works for me with keepalived managed
> >> vips (and interface: 0.0.0.0).
> >
> >> -Jarno
> >
> >
> >
> >> Yes, I have tested, which returned the message that I sent
> >> before:
> >
> >> $ /usr/sbin/unbound -d -c /etc/unbound/unbound.conf [1401816527]
> >> unbound[19141:0] error: bind: address already in use
> >> [1401816527] unbound[19141:0] fatal error: could not open ports
> >
> >> Which makes no sense (interface: 0.0.0.0) since there's nothing
> >> already runinng on 53
> >
> > If you enable interface-automatic, the interface: statements are
> > ignored, the code uses 0.0.0.0 (and ::0 if ipv6 is enabled), and
> > the options should make it work.  So if there is nothing running,
> > why does it fail?  Use strace? (that shows trace of system calls).
> > Could it be that ipv4 works but the bind to ::0 for ipv6 somehow
> > fails?  This is controlled with do-ip6.
> >
> > Best regards, Wouter
> >
> > _______________________________________________ Unbound-users
> > mailing list Unbound-users at unbound.net
> > <mailto:Unbound-users at unbound.net>
> > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> >
> >
> >
> >
> > -- [ ]'s
> >
> > Filipe Cifali Stangler
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTkB5pAAoJEJ9vHC1+BF+NuwcP/ikSxBbBdeLMmvD3hGW1iztN
> yBf6xsSxlwtQdIcdxaweYBBWQEUKlLzGEzQoRr/Pz+695zYzAHjoy4i27H39jkI8
> MgDYeEKqFE+g9xB7ZZHyePLbNEP4TU/M1foG/laRfWhgQblL208ViXrz9zjeAXFR
> wvFKsDYdXuTzfQv9zDG7tj4uJo5Rb6XUQLHC/8fe0t/hW7v+senbenbxRk2x+tbf
> KUZtF6RG7F7A2Tt8Bv0W4i8Tmw8/2mBSeyBRa6n0LiH5hz+nvodvWLksFPez6qZu
> iSvUwyxQrk/H9TZSPqIyaq7k1+Bn1ACw/r2lWPYaex3hHfpEEqhUER2aMFAzkAM/
> iE+j8YfsOUl0p8x4i32p3V76u/UBKtHg0CeX5u2Bx/3b6PKcIoU9OrXdTlKaQvQ6
> j1s3frU/scp84grZFNKCkuw4rxRf+bOrv2jksD1gCnUXb5vv9hhw9WGuQXRn2AEP
> qZn8cR/bfiFfp6qdZSUSDfHab0DjuUyBhZPVy+3zw9XlntN0KJtfmtyGSR1Gh2Lk
> aIjfbbS5cZM7FP6xlG+mM1CTi78TNq0FH4LcAfMEXhXMbHOR+0lN+B9wgvAspsfr
> gzxRqhV1iXAz5mhiDF+75cBDJNQjIJ/bP5RrJ6bNj2/47XO6q6ZIYC+6ciWOEVPS
> WtauCXjH5qId9FiDLyn9
> =XY4t
> -----END PGP SIGNATURE-----
>



-- 
[ ]'s

Filipe Cifali Stangler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140605/7be7a871/attachment.html>