Maintained by: NLnet Labs

[Unbound-users] Troubleshooting occasional "Permission denied" errors?

Tom Samplonius
Wed Jun 17 04:20:37 CEST 2015


> On Jun 16, 2015, at 7:55 AM, Paul Wouters <paul at nohats.ca> wrote:
> 
> On Tue, 16 Jun 2015, Jarno Huuskonen wrote:
> 
>>> Unbound seems to be running normally, and appears to be answer all queries normally.  It is version 1.4.20 on CentOS 7.
>> 
>> Are you running with selinux enabled ?
>> 
>> Check selinux audit log (/var/log/audit/audit.log), denied ports might be
>> logged there. Or try with something like this in unbound.conf:
>> outgoing-port-avoid: 8953
>> outgoing-port-avoid: 5546
>> 
>> (I think I got selinux denied for (at least) these two ports).
> 
> the fedora config ships with:
> 
> 	outgoing-port-permit: 32768-65535
> 	outgoing-port-avoid: 0-32767
> 
> I see the rhel7 build is missing those lines. I will file a bug report
> for RHEL7.
> 

  I don’t know what else is using those ports of my server (or blocking access to these ports), but adding that config to unbound.conf has eliminated the “Permission denied” errors that I was seeing.

  Also, any idea what the closest-to-official way to upgrade a RHEL7-like system to Unbound 1.5.x is?


Tom