Project

General

Profile

Actions

Bug #7271

closed

Co-existence of unbound and BIND/named

Added by Rolf Sommerhalder over 7 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
BIND
Target version:
-
Start date:
02/17/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.4
Affected Plus Version:
Affected Architecture:
All

Description

Problem: both packages (want to) use same port 953 on 127.0.0.1 for (remote) control. If BIND is installed and enabled, then unbound fails to start after reboot.

2.4.0-BETA][admin@fwA]/root: /usr/local/sbin/unbound -c /var/unbound/unbound.conf
[1487326118] unbound[44792:0] error: can't bind socket: Address already in use for 127.0.0.1
[1487326118] unbound[44792:0] error: cannot open control interface 127.0.0.1 953
[1487326118] unbound[44792:0] fatal error: could not open ports

Implications of unbound failing to come up can be pretty drastic after restoring a config backup on a freshly installed pfSense box when its DNS Server Settings depend on unbound. It will try repeatedly to resolve beta.pfsense.com until timing out after minutes, be unable to install packages that are listed in the config backup, and fail to bring up SSHd or Web-configurator.

Proposed and tested solution: Move control port of unbound from 953 back to its default value 8953 (see [1]), e.g. in

/etc/inc/unbound.inc
replace:
 control-port: 953

by:
 control-port: 8953

Thanks,
Rolf

[1] https://www.freebsd.org/cgi/man.cgi?unbound.conf
...
control-port: port number
The port number to listen on for IPv4 or IPv6 control interfaces,
default is 8953. If you change this and permissions have been
dropped, you must restart the server for the change to take
effect.

Actions #1

Updated by Kill Bill over 7 years ago

Yeah, I'd definitely rather move the BIND control port than mess with default ports for a default pfSense resolver that's been there for ages without any issues.

Actions #2

Updated by Jim Pingle over 7 years ago

  • Target version deleted (2.4.0)

Agreed. Move the BIND port instead.

Actions #3

Updated by Jim Pingle over 7 years ago

  • Project changed from pfSense to pfSense Packages
  • Category changed from DNS Resolver to BIND
Actions #4

Updated by Jim Thompson over 7 years ago

  • Assignee set to Jim Pingle
  • Priority changed from High to Normal
  • Target version set to 2.4.0
Actions #5

Updated by David Wood over 7 years ago

The work-round I used back in the days of the pfSense 2.2.x BIND port was to call rndc-confgen with the "-p <control port>" option. I believe that is all that is needed here.

Actions #6

Updated by Jim Pingle over 7 years ago

  • Target version deleted (2.4.0)
Actions #7

Updated by Kill Bill about 7 years ago

Actions #9

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions #10

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #11

Updated by Max Leighton almost 4 years ago

Testing with bind 9.16_6 the default control port is still showing as 953 and conflicting with unbound.

Actions #12

Updated by Viktor Gurov almost 4 years ago

Max Leighton wrote:

Testing with bind 9.16_6 the default control port is still showing as 953 and conflicting with unbound.

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/14

Actions #13

Updated by Renato Botelho almost 4 years ago

PR has been merged. Thanks!

Actions #14

Updated by Danilo Zrenjanin over 3 years ago

Tested on the latest release. Bind package version 9.16_9. It's still not fixed. Please check.

Actions #15

Updated by Viktor Gurov over 3 years ago

  • Status changed from Feedback to Resolved

this fix is only for clean BIND install

9.16_9 works as expected

Actions

Also available in: Atom PDF