NSD failed to start via service on CentOS 7

Юрий_Иванов · September 6, 2019, 8:43am

Hi,
I’ve installed nsd from packages via epel-repository.

When try to start service listening on port 65053 with:
[root@ns1 nsd]# service nsd status
Is does not work:

cat /var/log/messages | grep nsd

Sep 6 11:28:35 ns1 nsd[1370]: nsd starting (NSD 4.1.24)

Sep 6 11:28:35 ns1 nsd[1370]: can’t bind udp socket: Permission denied

Sep 6 11:28:35 ns1 nsd: [2019-09-06 11:28:35.314] nsd[1370]: notice: nsd starting (NSD 4.1.24)

Sep 6 11:28:35 ns1 nsd: [2019-09-06 11:28:35.314] nsd[1370]: error: can’t bind udp socket: Permission denied

Sep 6 11:28:35 ns1 nsd: [2019-09-06 11:28:35.314] nsd[1370]: error: server initialization failed, nsd could not be started

Sep 6 11:28:35 ns1 nsd[1370]: server initialization failed, nsd could not be started

Sep 6 11:28:35 ns1 systemd: nsd.service: main process exited, code=exited, status=1/FAILURE

Sep 6 11:28:35 ns1 systemd: Unit nsd.service entered failed state.

Sep 6 11:28:35 ns1 systemd: nsd.service failed.

Looks like something wrong with user rights because nsd-control works:
[root@ns1 nsd]# nsd-control start

[2019-09-06 11:39:38.295] nsd[1414]: notice: nsd starting (NSD 4.1.24)

[root@ns1 nsd]# ps aux | grep nsd

nsd 1415 0.9 16.9 168776 84872 ? Ss 11:39 0:00 nsd -c /etc/nsd/nsd.conf

nsd 1416 0.3 6.5 100304 32880 ? S 11:39 0:00 nsd -c /etc/nsd/nsd.conf

nsd 1417 0.0 0.2 100436 1136 ? S 11:39 0:00 nsd -c /etc/nsd/nsd.conf

This is only centos package issue or I should tweak nsd.conf somehow?

Thanks in advance.

Юрий_Иванов · September 6, 2019, 8:57am

Resolved.
Sorry for incorrect question.

SELinux prevents NSD from starting.

anandb · September 6, 2019, 8:59am

Hi Yuri,

Hi,
I've installed nsd from packages via epel-repository.

When try to start service listening on port 65053 with:
[root@ns1 nsd]# service nsd status
Is does not work:

I haven't had time to download the EPEL package and check it. Can you
please paste the output of "systemctl cat nsd" to show us how the
systemd unit file is defined?

Regards,
Anand

Юрий_Иванов · September 6, 2019, 9:37am

Yes of course:

[root@ns1 ~]# systemctl cat nsd

/usr/lib/systemd/system/nsd.service

[Unit]

Description=NSD DNS Server

After=syslog.target network-online.target

After=nsd-keygen.service

Wants=nsd-keygen.service

[Service]

Type=simple

PIDFile=/var/run/nsd/nsd.pid

EnvironmentFile=-/etc/sysconfig/nsd

ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf $NSD_EXTRA_OPTS

ExecReload=/bin/kill -HUP $MAINPID

KillMode=mixed

PrivateTmp=true

[Install]

WantedBy=multi-user.target

But as I mention earlier, this is selinux prevents nsd from start.
Now I need to figure how to allow nsd in selinux.

Regards, Yuri