[dnsdist] IP_BINDANY warnings in FreeBSD jail

Remi Gacogne remi.gacogne at powerdns.com
Thu Sep 8 12:27:39 UTC 2016


Hi Leo,

On 09/08/2016 12:07 PM, Leo Vandewoestijne wrote:
> Warning: IP_BINDANY setsockopt failed: Operation not permitted I
> delved into the source a bit, but can not find what the "setsockopt"
> is about.

dnsdist tries to enable this by default on any listening socket, to be
able to listen on an address that does not exist yet on the machine.

> Now it's just a warning, not an error, but I wonder what the impact
> is.

It's mostly useful in HA setups and if you don't need it, you can simply
ignore the warning.

> When I run dnsdist on the host -in stead of the jail- then these
> warnings do not occur.

My very limited knowledge about the FreeBSD capabilities model is quite
outdated, but I remember that at one point the list of privileges
available in a jail was pretty much hard-coded, and perhaps the one
required to use IP_BINDANY is simply not available in a jail.


-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20160908/5f589f6d/attachment.sig>


More information about the dnsdist mailing list