# bind9 "UDP socket: address family not supported" problem



## koper (Sep 13, 2009)

Hi guys,

I'm trying to fix this for quite a while now, without any results, that's why I'm here.

So here is the problem: I'm trying to run a test instance of named from uid!=0 shell (I've got no root access here)
, by starting: 



> named -4 -c named.conf -d 3 -u 5157



I've got multiple interfaces to bind to, and on each and every one of them I get this:



> 13-Sep-2009 23:33:54.971 listening on IPv4 interface lo0, 127.0.0.1#10053
> 13-Sep-2009 23:33:54.971 could not listen on UDP socket: address family not supported



what can be the problem? I've managed to run bind on higher ports from any uid without any problems.

My current bind is:



> volt% named -V
> BIND 9.6.1-P1 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--with-libxml2=/usr/local'



Can anybody point me in the right direction?

Thanks!


----------



## DutchDaemon (Sep 13, 2009)

koper said:
			
		

> I've managed to run bind on higher ports from any uid without any problems.



What's different this time then? I'm assuming you're still trying to bind to a high port? Is there anything more detailed in a log file somewhere?


----------



## koper (Sep 14, 2009)

That's rather "I had managed to do this before"... sorry 

no more details in bind log. It looks that the problem exists during any kind of IP communication by bind (that includes sending master-slave zone communications):



> 14-Sep-2009 00:53:06.106 zone XXX.pl/IN/external: sending notify to 10.10.10.13#10053
> 14-Sep-2009 00:53:06.106 dns_request_createvia
> 14-Sep-2009 00:53:06.106 dns_request_createvia: failed address family not supported



I suspect some kind of limitations for regular user account...
on the other hand I have no trouble binding to higher udp port (for instance with netcat).

Thanks!


----------



## DutchDaemon (Sep 14, 2009)

Very long shot:

could you try adding 
	
	



```
files 1024;
```
 to the options in named.conf?


----------



## koper (Sep 14, 2009)

DutchDaemon: tried it already, also with even smaller file limits, same thing happens 

little more info about limitations:


> volt% ulimit -a
> -t: cpu time (seconds)         1000
> -f: file size (blocks)         unlimited
> -d: data seg size (kbytes)     33554432
> ...




sys:


> volt% uname -v
> FreeBSD 9.0-CURRENT #0: Sat Sep  5 18:59:28 CEST 2009


----------



## DutchDaemon (Sep 14, 2009)

Are you confined to a jailed/chroot'ed environment with limited access to (creating) sockets?


----------



## koper (Sep 14, 2009)

DutchDaemon said:
			
		

> Are you confined to a jailed/chroot'ed environment with limited access to (creating) sockets?



Nope, regular system account, no chrooting, etc.

I am able to bind to a higher port with nc -l local <port> (also with -u for UDP)


----------



## DutchDaemon (Sep 14, 2009)

Well, not having run BIND any other way than 'start as root, drop to bind', I can only suggest going back to a bare-bones installation (e.g. dropping openssl/dnssec and other added functionality, and maybe replacing the compile-time paths to point to directories owned by you -- unless the entire installation already chroot's to your directory) and a bare-bones config (only include the minimal necessities) and see if it will start and which additions break it eventually.


----------

