[dnsdist] IP_BINDANY warnings in FreeBSD jail

Leo Vandewoestijne dnsdist at dns.company
Thu Sep 8 10:07:23 UTC 2016


Hi,

I'm running dnsdist in a FreeBSD jail, and when I restart I get warnings.
Looks like this (all IP's are figurative):

root at jail: # /usr/local/etc/rc.d/dnsdist restart
Stopping dnsdist.
Waiting for PIDS: 7579, 7579.
Starting dnsdist.
Read configuration from '/usr/local/etc/dnsdist/dnsdist.conf'
Added downstream server 35.225.21.145:54
Added downstream server 35.225.21.144:54
Added downstream server 35.225.21.145:55
Added downstream server 35.225.21.144:55
Added downstream server 35.225.21.145:56
Added downstream server 35.225.21.144:56
Added downstream server 35.225.21.145:52
Added downstream server 35.225.21.144:52
Added downstream server 35.225.21.140:52
Added downstream server 35.225.21.141:52
Added downstream server 35.225.21.142:52
Added downstream server 35.225.21.143:52
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 127.0.0.2:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 125.4.4.1:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 125.4.4.28:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.80:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.81:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.82:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.83:53
Warning: IP_BINDANY setsockopt failed: Operation not permitted
Listening on 123.8.71.84:53


When I run dnsdist on the host -in stead of the jail- then these warnings do not occur.

When I allow sockets in the jail it makes no difference:
root at host# sysctl security.jail.allow_raw_sockets=1
security.jail.allow_raw_sockets: 0 -> 1

I anyway expect it's more a packages redirecting thing.
But wether the firewall is running or not makes no difference,
so I suspect it's more a kernel issue.
Now I do have a very customized kernel, but I remember running dnsdist the first time
was in a GENERIC kernel, and gave the same warning in a jail.

Also it makes no difference when I bind to physical or virtual interfaces or even lo0.

I delved into the source a bit, but can not find what the "setsockopt" is about.


Now it's just a warning, not an error, but I wonder what the impact is.


--

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne.
www.unicycle.net


More information about the dnsdist mailing list