Decode "Permission Denied" Message
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Mon Feb 12 02:28:52 UTC 2001
> > Index: src/bin/named/ns_main.c
> > ===================================================================
> > RCS file: /proj/cvs/isc/bind8/src/bin/named/ns_main.c,v
> > retrieving revision 8.142
> > retrieving revision 8.143
> > diff -u -r8.142 -r8.143
> > --- ns_main.c 2001/01/15 20:06:25 8.142
> > +++ ns_main.c 2001/02/02 03:57:06 8.143
> > @@ -751,6 +751,7 @@
> > int
> > tcp_send(struct qinfo *qp) {
> > struct qstream *sp;
> > + struct sockaddr_in src;
> > int on = 1, n;
> >
> > ns_debug(ns_log_default, 1, "tcp_send");
> > @@ -777,8 +778,9 @@
> > "tcp_send: setsockopt(SO_REUSEPORT): %s",
> > strerror(errno));
> > #endif
> > - if (bind(sp->s_rfd, (struct sockaddr *)&server_options->query_source,
> > - sizeof server_options->query_source) < 0)
> > + src = server_options->query_source;
> > + src.sin_port = htons(0);
> > + if (bind(sp->s_rfd, (struct sockaddr *)&src, sizeof(src)) < 0)
> > ns_info(ns_log_default, "tcp_send: bind(query_source): %s",
> > strerror(errno));
> > if (fcntl(sp->s_rfd, F_SETFD, 1) < 0) {
> >
> > > Can someone help me decode the following message which is showing up in o
> ur
> > > newly-updated BIND 8.2.3 servers over 100 times an hour?
>
> I think that means he doesn't know either.
You really want to know the cause. Named is running as a user
other that root, as such it cannot bind to a reserved port. It
is attempting to bind to a reserved port as that was what was
specified in query-source. The reason it is attempt to bind
to this port is most likely that it needed to retry a query
using tcp (there are other causes).
The patch above clears the port field prior to binding allowing
the system to assign a local port. The port field should only
apply to UDP traffic, not TCP traffic.
>
>
> > >
> > >
> > > Feb 11 13:01:15 rtdhcp01 named[7081]: tcp_send: bind(query_source):
> > > Permission denied
> > >
> > >
> > > The daemon is running as user and group named and apparently unable to
> > > access a tcp resource, but why? what resource? what can be done about i
> t?
> > > and what can I go to get more info?
> > >
> > > AFAIK, no TCP/IP resources are being allocated after the daemon starts.
> > > There is only one IP interface on the box. The query-source port is pinn
> ed
> > > to 53. We have now updated three machines and are getting this message o
> n
> > > the two of them that are permmitted through the firewall. Thinking back,
> > > we didn't see these right away after upgrading the first machine - they
> > > started a day or so later after the firewall was updated. Does anyone se
> e
> > > a connection there?
> > >
> > > Thanks for any ideas.
> > >
> > > Ken Traynham
> > >
> > >
> > >
> > >
> > >
> > --
> > Mark Andrews, Nominum Inc.
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
> >
>
>
> --
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> . .
> - L. F. (Larry) Sheldon, Jr. -
> . Unix Systems and Network Administration .
> - Creighton University Computer Center-Old Gym -
> . 2500 California Plaza .
> - Omaha, Nebraska, U.S.A. 68178 Two identifying characteristics -
> . lsheldon at creighton.edu of System Administrators: .
> - 402 280-2254 (work) Infallibility, and the ability to -
> . 402 681-4726 (cellular) learn from their mistakes. .
> - 402 332-4622 (residence) -
> . http://www.creighton.edu/~lsheldon Adapted from Stephen Pinker .
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list