re-bind named to all interfaces

Phil Mayers p.mayers at imperial.ac.uk
Thu Apr 12 16:52:42 UTC 2012


On 12/04/12 16:44, Mihai Moldovan wrote:

> Hmm, permission denied while binding to ppp0? Maybe that's because my named is
> running as the non-privileged system user "named" and binding to the privileged
> port 53? Makes sense... but... hm. I guess in this case there's no other way but
> running named as root?

I vaguely seem to recall this has come up on the list before.

However: at our site:

  1. Bind runs as user "named"
  2. "rndc reconfig" works with a new IP, e.g.

# rndc reconfig
# lsof -n -i :53 | fgrep 192.168.
# ip addr add 192.168.230.230/32 dev lo
# rndc reconfig
# lsof -n -i :53 | fgrep 192.168.
named   17052 named   32u  IPv4 1395639422       TCP 
192.168.230.230:domain (LISTEN)
named   17052 named  531u  IPv4 1395639421       UDP 192.168.230.230:domain

This is on RHEL5, with SELinux enabled.

So, it's definitely possible to do this as non-root. As above, I'm sure 
this has been discussed, but I can't remember what we decided the 
mechanism that allowed this was.



More information about the bind-users mailing list