re-bind named to all interfaces

Mark Pettit pettit at
Thu Apr 12 19:11:11 UTC 2012

It probably has to do with BIND dropping privileges.

If you run BIND with "-u" so it changes to an unprivileged user, then BIND may not be able to bind() to new interfaces created on your system.

I use FreeBSD, and my solution was to do this every time I add a new interface:

  RESET=`sysctl -e net.inet.ip.portrange.reservedhigh`
  sysctl net.inet.ip.portrange.reservedhigh=52
  rndc reconfig
  <wait for named to start responding>
  sysctl $RESET

Linux has some hacks that let you bypass those steps.  FreeBSD also has a kernel feature called  MAC-PORTACL that behaves like the Linux hack, but since enabling that would require a kernel recompile on more than a thousand servers, we decided not to do that.

What OS are you using, and what's the command-line you use to launch BIND?

On Apr 12, 2012, at 9:52 AM, Phil Mayers wrote:

> On 12/04/12 16:44, Mihai Moldovan wrote:
>> Hmm, permission denied while binding to ppp0? Maybe that's because my named is
>> running as the non-privileged system user "named" and binding to the privileged
>> port 53? Makes sense... but... hm. I guess in this case there's no other way but
>> running named as root?
> I vaguely seem to recall this has come up on the list before.
> However: at our site:
>  1. Bind runs as user "named"
>  2. "rndc reconfig" works with a new IP, e.g.
> # rndc reconfig
> # lsof -n -i :53 | fgrep 192.168.
> # ip addr add dev lo
> # rndc reconfig
> # lsof -n -i :53 | fgrep 192.168.
> named   17052 named   32u  IPv4 1395639422       TCP 
> named   17052 named  531u  IPv4 1395639421       UDP
> This is on RHEL5, with SELinux enabled.
> So, it's definitely possible to do this as non-root. As above, I'm sure 
> this has been discussed, but I can't remember what we decided the 
> mechanism that allowed this was.
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at

More information about the bind-users mailing list