[nsd-users] Fwd: Re: nsd can't bind udp socket: Address already in use

zongo saiba zongosaiba at gmail.com
Wed Jul 10 18:09:30 UTC 2013


My apologies :)


-------- Original Message --------
Subject: 	Re: [nsd-users] nsd can't bind udp socket: Address already in use
Date: 	Wed, 10 Jul 2013 19:33:20 +0200
From: 	Rick van Rein (OpenFortress) <rick at openfortress.nl>
To: 	zongo saiba <zongosaiba at gmail.com>


you only sent this to me…


On Jul 10, 2013, at 7:04 PM, zongo saiba <zongosaiba at gmail.com> wrote:

> On 10/07/2013 18:42, Rick van Rein (OpenFortress) wrote:
>> Hi,
>>> The same file suggests:
>>> # The Dynamic and/or Private Ports are those from 49152 through 65535
>>> so pick one in that range to be on the safe side.
>> Hmm, these are the so-called ephemeral ports, which are automatically assigned, pretty much at random, if you don't bind to a local port before you make an outbound connection.  It's a bit strange to be picking a port in that range for a server process.  I would go for the range up to 49152 since those are fixated.  You'd have to accept that 5353 has been taken, but at least any problems claiming a port are always the same and not something you would resolve with trying again or rebooting.  Let's not turn UNIX into Windows, shall we?  ;-)
>> -Rick
>> _______________________________________________
>> nsd-users mailing list
>> nsd-users at NLnetLabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> Thank you guys for all your reply.
> Unbound and NSD working beautifully. NSD being the authoritative on
> NSD is running on port 49152 with queries forwarded to that port from unbound on at 49152.
> When i reload unbound --> i still get 'error: could not open autotrust file for writing, /usr/local/etc/unbound/root.key.705-0: Permission denied'
> When i run 'unbound-anchor -a /root.key' i get no complaining
> When i run ' +dnssec @ ukuug.jpmens.org txt' i get the 'ad' flag. DNSSEC is validating with correct RRSIG.
> I know Rick answered me once already on this: But the fact that i validate DNSSEC with known good RRSIG would that mean its safe to ignore ? I think I did not quite get the meaning of the answer from Rick. My apologies for that :)
> I am also getting this message quite often
> '10/07/2013 19:01:56.530 unbound[705]: *** process 705 exceeded 500 log message per second limit  -  remaining messages this second discarded ***'
> If any one would be so kind to shade some light on that error message, that would be wonderful :)
> Kind Regards,
> zongo saiba

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20130710/01892d8f/attachment.htm>

More information about the nsd-users mailing list