[netmgr] named does not listen on port 53 any more.
So, yesterday I updated the bind9-devel FreeBSD port to b4a015eb, and today, I did a pkg upgrade on the authoritative nameserver I have that uses this port. I then started getting alerts about it. It turns out that it does not listen on port 53 any more.
Startup says:
Nov 13 16:33:05 ns4 named[94232]: starting BIND 9.15.5-b4a015ebcda51d5975375d64b662963472df76a0 (Development Release) <id:b4a015ebcda51d5975375d64b662963472df76a0>
Nov 13 16:33:05 ns4 named[94232]: running on FreeBSD amd64 12.1-RELEASE FreeBSD 12.1-RELEASE r354233 GENERIC
Nov 13 16:33:05 ns4 named[94232]: built with '--localstatedir=/var' '--disable-linux-caps' '--with-libxml2' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--with-openssl=/usr' '--sysconfdir=/usr/local/etc/namedb' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' '--enable-geoip' '--with-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--enable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.0' 'build_alias=amd64-portbld-freebsd12.0' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
Nov 13 16:33:05 ns4 named[94232]: running as: named -t /var/named -u bind -c /usr/local/etc/namedb/named.conf
Nov 13 16:33:05 ns4 named[94232]: compiled by CLANG 4.2.1 Compatible FreeBSD Clang 6.0.1 (tags/RELEASE_601/final 335540)
Nov 13 16:33:05 ns4 named[94232]: compiled with OpenSSL version: OpenSSL 1.1.1a-freebsd 20 Nov 2018
Nov 13 16:33:05 ns4 named[94232]: linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
Nov 13 16:33:05 ns4 named[94232]: compiled with libxml2 version: 2.9.9
Nov 13 16:33:05 ns4 named[94232]: linked to libxml2 version: 20909
Nov 13 16:33:05 ns4 named[94232]: compiled with json-c version: 0.13.1
Nov 13 16:33:05 ns4 named[94232]: linked to json-c version: 0.13.1
Nov 13 16:33:05 ns4 named[94232]: compiled with zlib version: 1.2.11
Nov 13 16:33:05 ns4 named[94232]: linked to zlib version: 1.2.11
Nov 13 16:33:05 ns4 named[94232]: ----------------------------------------------------
Nov 13 16:33:05 ns4 named[94232]: BIND 9 is maintained by Internet Systems Consortium,
Nov 13 16:33:05 ns4 named[94232]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Nov 13 16:33:05 ns4 named[94232]: corporation. Support and training for BIND 9 are
Nov 13 16:33:05 ns4 named[94232]: available at https://www.isc.org/support
Nov 13 16:33:05 ns4 named[94232]: ----------------------------------------------------
Nov 13 16:33:05 ns4 named[94232]: found 4 CPUs, using 4 worker threads
Nov 13 16:33:05 ns4 named[94232]: using 4 UDP listeners per interface
Nov 13 16:33:05 ns4 named[94232]: using up to 4096 sockets
Nov 13 16:33:05 ns4 named[94232]: loading configuration from '/usr/local/etc/namedb/named.conf'
Nov 13 16:33:05 ns4 named[94232]: reading built-in trust anchors from file '/usr/local/etc/namedb/bind.keys'
Nov 13 16:33:05 ns4 named[94232]: looking for GeoIP2 databases in '/usr/local/share/GeoIP'
Nov 13 16:33:05 ns4 named[94232]: statistics channel listening on 79.143.241.138#8742
Nov 13 16:33:05 ns4 named[94232]: using default UDP/IPv4 port range: [49152, 65535]
Nov 13 16:33:05 ns4 named[94232]: using default UDP/IPv6 port range: [49152, 65535]
Nov 13 16:33:05 ns4 named[94232]: listening on IPv4 interface em1, 80.67.160.62#53
Nov 13 16:33:05 ns4 named[94232]: listening on IPv6 interface em1, 2001:910:0:3021::62#53
Nov 13 16:33:05 ns4 named[94232]: listening on IPv6 interface lo0, ::1#53
Nov 13 16:33:05 ns4 named[94232]: listening on IPv4 interface lo0, 127.0.0.1#53
Nov 13 16:33:05 ns4 named[94232]: generating session key for dynamic DNS
Nov 13 16:33:05 ns4 named[94232]: sizing zone task pool based on 2804 zones
Nov 13 16:33:05 ns4 named[94232]: none:100: 'max-cache-size 90%' - setting to 3651MB (out of 4057MB)
Nov 13 16:33:05 ns4 named[94232]: obtaining root key for view _default from '/usr/local/etc/namedb/bind.keys'
Nov 13 16:33:05 ns4 named[94232]: set up managed keys zone for view _default, file '/usr/local/etc/namedb/working/managed-keys.bind'
But the part about it listening on port 53 is a lie...
# sockstat -l |grep named
bind named 94232 41 tcp4 79.143.241.138:8742 *:*
bind named 94232 42 udp4 *:* *:*
bind named 94232 43 udp4 *:* *:*
bind named 94232 44 udp4 *:* *:*
bind named 94232 45 udp4 *:* *:*
bind named 94232 46 udp6 *:* *:*
bind named 94232 47 udp6 *:* *:*
bind named 94232 48 udp6 *:* *:*
bind named 94232 49 udp6 *:* *:*
bind named 94232 50 udp6 *:* *:*
bind named 94232 51 udp6 *:* *:*
bind named 94232 52 udp6 *:* *:*
bind named 94232 53 udp6 *:* *:*
bind named 94232 54 udp4 *:* *:*
bind named 94232 55 udp4 *:* *:*
bind named 94232 56 udp4 *:* *:*
bind named 94232 57 udp4 *:* *:*
bind named 94232 58 tcp4 127.0.0.1:953 *:*
bind named 94232 59 tcp4 80.67.160.62:953 *:*
bind named 94232 61 tcp4 *:43714 *:*
bind named 94232 63 tcp4 *:43715 *:*
bind named 94232 64 tcp46 *:43716 *:*
bind named 94232 65 tcp46 *:43717 *:*
root syslogd 782 7 dgram /var/named/var/run/log