Error could not bind to port 43. Is another irrd running?

Nick Hilliard nick at inex.ie
Sat Aug 16 17:11:20 UTC 2014


On 15/08/2014 22:26, Randy Bush wrote:
> neither am i.  but i do not know the correct one.  clue bat please.

http://www.merit.edu/mail.archives/irrd-discuss/

last posting 2010.

>> I just fired up a test irrd instance on an fbsd10 dev box of mine and
>> it seemed to work fine running as nonroot.
> 
> whoppens if you
> 
>     # grep irrd /etc/rc.conf
>     # for irrd
>     irrd_enable=YES
>     irrd_user=irrd
>     irrd_group=staff

maybe i see what's going on here.

${daemon}_user and ${daemon}_group are defined in /etc/rc.subr to use su to
change the UID.  If you use your config with irrd, then it will execute
something like:

su -m irrd -c 'sh -c "/usr/local/sbin/irrd"'

This will fail because irrd needs to run as root and then drop privs.

What you probably want to do is have the following in /etc/rc.conf:

--
irrd_enable=YES
irrd_flags="-l irrd -g staff"
--

This will run irrd as root, but will cause it to drop privs to irrd:staff
after bind().

Nick


More information about the irrtoolset mailing list