[nsd-users] nsd can't bind udp socket: Address already in use
zongo saiba
zongosaiba at gmail.com
Wed Jul 10 12:20:22 UTC 2013
On 10/07/2013 12:29, Anand Buddhdev wrote:
> On 10/07/2013 12:10, zongo saiba wrote:
>
> Hi Zongo,
>
>> Sorry i forgot to mention that NSD is listening on port 5353
>> Unbound is listening 53.
>> One of my main goal is to have unbound talk directly to NSD for
>> authoritative server on 127.0.0.1 only.
>> For that I understood that unbound and NSD would have to use the same
>> port - Is this correct ?
>> Nevertheless, i tried the same port "53" but got same error message as
>> mentioned above>
> Okay, so you're on a Mac, where port 5353 is already in use by
> mDNSResponder. Just configure your NSD to use some other high-numbered port.
>
> Regards,
>
> Anand
@inigo
Creating a virtual network on OS X is not an easy task. I do no that you
have to go through the GUI to do so. The NIC gets created but does not
work with DNS. Was going down the road of 'tun/tap' as well as the setup
of this server is going to go into a virtual environment. First needs to
finish the testing :)
Thanks Anand. That was easily solved:) The error has gone and I now have
NSD and Unbound working great.
One question though about reverse lookup which is not working with
current setup. Any idea what i could change to have the reverse lookup
work ?
The setup is based on 'https://calomel.org/unbound_dns.html' and
'https://wiki.archlinux.org/index.php/Unbound
Also i am getting this error
*10/07/2013 14:03:12.523 unbound[705]: [705:0] error: could not open
autotrust file for writing, /usr/local/etc/unbound/root.key.705-0:
Permission denied*
Is it safe to disregard? Was reading that it appears to not affect
unbound process. I can tell that unbound is still working properly :)
Below is my setup.
*NSD Setup: *
server:
ip-address: 127.0.0.1
port: 56
server-count: 1
hide-version: yes
identity: ""
username: nsd
database: /usr/local/etc/nsd/nsd.db
pidfile: /usr/local/etc/nsd.pid
zonesdir: /usr/local/etc/nsd
key:
name: "sec_key"
algorithm: hmac-md5
secret: "654c6da8f3b0fd8fe819669daf07996738d21a53c02c731b0aee6373"
zone:
name: zalloc.lan
zonefile: zalloc.lan.forward
zone:
name: 1.168.192.in-addr.arpa
zonefile: zalloc.lan.reverse
*Forward-Zone *
server:
$ORIGIN zalloc.lan. ; default zone domain
$TTL 86400 ; default time to live
@ IN SOA kagami.zalloc.lan. admin.zalloc.lan. (
2013010704 ; serial number
28800 ; refresh
7200 ; retry
864000 ; expire
86400 ; min ttl
)
NS kagami.zalloc.lan.
MX 10 mail.zalloc.lan.
router IN A 192.168.1.1
kagami IN A 192.168.1.38
*Reverse-Zone *
$ORIGIN zalloc.lan. ; default zone domain
$TTL 86400 ; default time to live
1.168.192.in-addr.arpa. IN SOA kagami.zalloc.lan.
admin.zalloc.lan. (
2013010704 ; serial number
28800 ; refresh
7200 ; retry
864000 ; expire
86400 ; min ttl
38.1.168.192.in-addr.arpa. IN PTR kagami.zalloc.lan.
1.1.168.192.in-addr.arpa. IN PTR router.zalloc.lan.
Unbound Set Up:
server:
verbosity: 3
val-log-level: 2
interface: 127.0.0.1
access-control: 127.0.0.1/8 allow
access-control: 192.168.1.0/24 allow
interface-automatic: no
module-config: "validator iterator"
chroot: ""
port: 53
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
prefetch-key: yes
num-threads: 4
root-hints: "/usr/local/etc/unbound/root.hints"
#### OPTIMIZATION ####
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 4m
private-address: 192.168.1.0/24
private-domain: "zalloc.lan"
domain-insecure: "zalloc.lan"
unwanted-reply-threshold: 10000
do-not-query-localhost: no
val-clean-additional: yes
auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
local-zone: "doubleclick.net" redirect
local-data: "doubleclick.net A 127.0.0.1"
local-zone: "googlesyndication.com" redirect
local-data: "googlesyndication.com A 127.0.0.1"
local-zone: "googleadservices.com" redirect
local-data: "googleadservices.com A 127.0.0.1"
local-zone: "google-analytics.com" redirect
local-data: "google-analytics.com A 127.0.0.1"
local-zone: "ads.youtube.com" redirect
local-data: "ads.youtube.com A 127.0.0.1"
local-zone: "adserver.yahoo.com" redirect
local-data: "adserver.yahoo.com A 127.0.0.1"
# 127.0.0.1
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN SOA localhost. nobody.invalid.
1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN SOA localhost.
nobody.invalid. 2 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost"
# Local Zones
local-zone: "192.in-addr.arpa." typetransparent
forward-zone:
name: "zalloc.lan"
*forward-addr: 127.0.0.1 at 56 --> I have asked Unbound to forward to port
56 where NSD is listening*
forward-zone:
name: "192.in-addr.arpa."
*forward-addr: 127.0.0.1 at 56 --> Same here*
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
server-key-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_server.key"
server-cert-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_server.pem"
control-key-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_control.key"
control-cert-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_control.pem"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20130710/a009a801/attachment.htm>
More information about the nsd-users
mailing list