I’m seeing some Permission denied errors in the log:
Jun 15 19:51:56 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 20:02:03 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 20:19:51 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 20:32:35 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 20:55:43 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:00:05 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:25:44 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:30:26 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:33:38 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:41:51 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:48:41 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 21:52:04 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 22:00:55 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 22:01:56 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 22:03:38 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Unbound seems to be running normally, and appears to be answer all queries normally. It is version 1.4.20 on CentOS 7.
I suspect it may be a conflict between the random port algorithm and something else running on this server, though I don’t know what it could be. The error message would be more helpful if it included a port number and possibly the source IP. I have not set outgoing_interface, or made any changes to the port selection options, so Unbound is using defaults.
How do I track this down? Would version 1.5.3 fix this? 1.4.20 is from CentOS 7 base repo.
Tom
Hi,
From: Tom Samplonius <tom@samplonius.org>
I?m seeing some Permission denied errors in the log:
Jun 15 19:51:56 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 20:02:03 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Unbound seems to be running normally, and appears to be answer all queries normally. It is version 1.4.20 on CentOS 7.
Are you running with selinux enabled ?
Check selinux audit log (/var/log/audit/audit.log), denied ports might be
logged there. Or try with something like this in unbound.conf:
outgoing-port-avoid: 8953
outgoing-port-avoid: 5546
(I think I got selinux denied for (at least) these two ports).
-Jarno
the fedora config ships with:
outgoing-port-permit: 32768-65535
outgoing-port-avoid: 0-32767
I see the rhel7 build is missing those lines. I will file a bug report
for RHEL7.
Paul
Hi,
From: Tom Samplonius <tom@samplonius.org>
I?m seeing some Permission denied errors in the log:
Jun 15 19:51:56 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Jun 15 20:02:03 dns2 unbound: [18520:1] error: can't bind socket: Permission denied
Unbound seems to be running normally, and appears to be answer all queries normally. It is version 1.4.20 on CentOS 7.
Are you running with selinux enabled ?
Check selinux audit log (/var/log/audit/audit.log), denied ports might be
logged there. Or try with something like this in unbound.conf:
outgoing-port-avoid: 8953
outgoing-port-avoid: 5546
(I think I got selinux denied for (at least) these two ports).
Yes, I run SELinux in enforcing mode. But audit.log has no rejections for anything.
That is another reason why I suspect either a conflict with another process of an Unbound bug in 1.4.20
-Jarno
Tom
I don’t know what else is using those ports of my server (or blocking access to these ports), but adding that config to unbound.conf has eliminated the “Permission denied” errors that I was seeing.
Also, any idea what the closest-to-official way to upgrade a RHEL7-like system to Unbound 1.5.x is?
Tom
You can probably just grab a fedora 21, 22 or source rpm of unbound and
recompile it on rhel7:
wget Making sure you're not a bot!
rpm -hiv unbound-1.5.3-8.fc22.src.rpm
rpmbuild -ba ~/rpmbuild/SPECS/unbound.spec
Paul