unable to create dispatch for reserved port <ip>#53: permission denied
Summary
A lot of those lines are logged when named starts.
BIND version used
BIND 9.16.0 (Stable Release) <id:6270e60>
running on FreeBSD amd64 11.3-RELEASE-p5 FreeBSD 11.3-RELEASE-p5 #0: Tue Nov 12 08:59:04 UTC 2019 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd11.3' 'build_alias=amd64-portbld-freebsd11.3' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -Wl,-rpath,/usr/local/lib -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.0 (tags/RELEASE_800/final 356365)
compiled with OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock
Steps to reproduce
Start named?
What is the current bug behavior?
When named starts, those lines are printed:
Feb 24 16:05:03 ns1 named[58048]: unable to create dispatch for reserved port 79.143.243.129#53: permission denied
Feb 24 16:05:03 ns1 named[58048]: unable to create dispatch for reserved port 2a01:678:2:100::53#53: permission denied
A lot.
# grep 'unable to create dispatch for reserved port' /var/log/named.log|grep 'Feb 24 16:05'|wc
5330 79950 623610
What is the expected correct behavior?
Well, maybe a bit less.
Relevant configuration files
acl "friends" {
127.0.0.1/32;
::1/128;
79.143.243.129/32;
key "yop";
key "oups";
key "ouinch";
key "ns1-gw.in";
key "ns1-gw.mat";
217.70.177.40/32;
82.66.245.111/32;
62.212.120.194/32;
82.229.45.53/32;
217.128.128.42/32;
79.143.243.135/32;
79.143.243.150/32;
79.143.241.142/32;
};
acl "nsabso" {
217.174.201.32/28;
79.143.243.129/32;
83.169.77.112/28;
80.245.57.152/32;
185.167.19.240/28;
};
acl "blocs" {
79.143.240.0/20;
2a01:678::/29;
};
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1/32;
} keys {
"rndc-key";
};
inet 79.143.243.129 port 953 allow {
"nsabso";
} keys {
"nsabso";
};
};
logging {
channel "dnssec-log" {
file "/var/log/dnssec.log" versions 4 size 10485760;
severity debug 3;
print-time yes;
print-severity yes;
print-category yes;
};
category "default" {
"default_syslog";
};
category "dnssec" {
"dnssec-log";
};
category "queries" {
"null";
};
};
options {
directory "/usr/local/etc/namedb";
dump-file "/var/dump/named_dump.db";
listen-on {
79.143.243.129/32;
127.0.0.1/32;
};
listen-on-v6 {
2a01:678:2:100::53/128;
2a01:678:2:100::2:53/128;
::1/128;
};
managed-keys-directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
recursing-file "/var/stats/named.recurse";
statistics-file "/var/stats/named.stats";
transfers-in 100;
transfers-out 2000;
transfers-per-ns 10;
allow-recursion {
127.0.0.1/32;
};
dnssec-enable yes;
query-source address 79.143.243.129 port 0;
rate-limit {
exempt-clients {
"blocs";
"friends";
};
responses-per-second 10;
window 30;
};
allow-query {
"any";
};
allow-transfer {
"friends";
};
masterfile-format text;
notify yes;
notify-source 79.143.243.129 port 53;
notify-source-v6 2a01:678:2:100::53 port 53;
transfer-source 79.143.243.129;
transfer-source-v6 2a01:678:2:100::53;
};
key "rndc-key" {
algorithm "hmac-md5";
secret "????????????????????????????????????????????????????????????????????????????????????????";
};
key "nsabso" {
algorithm "hmac-md5";
secret "????????????????????????";
};
key "yop" {
algorithm "hmac-sha256";
secret "????????????????????????";
};
key "oups" {
algorithm "hmac-sha256";
secret "????????????????????????";
};
key "ouinch" {
algorithm "hmac-sha256";
secret "????????????????????????";
};
trust-anchors {
"." initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
};
zone "." {
type hint;
file "named.root";
};