can't bind socket: Permission denied for IPv6 (port bellow 1024)

Tuomo Soini tis at
Tue Jul 3 11:19:06 UTC 2018

On Tue, 3 Jul 2018 09:54:02 +0200
"W.C.A. Wijngaards via Unbound-users" <unbound-users at> wrote:

> I want to ask to make sure.  Do you have other config with
> outgoing-port-permit or outgoing-port-avoid in the file?  They are
> processed in order they appear.
> An inspection of the code and some debug says that <1024 should really
> not be in the list of possibilities, but apparantly it is for you,
> perhaps due to config?
> Best regards, Wouter
> > 
> > my config has:
> > 	outgoing-port-permit: 32768-65535
> > 	outgoing-port-avoid: 0-32767
> > 
> >   

I can see the similar issue with similar config (which is there btw
because of selinux preventing use of non-dynamic ports.

Jul  3 12:56:28 resolver unbound: [18382:0] error: can't bind socket:
Permission denied for ::
Jul  3 13:56:27 resolver unbound: [18382:0] error: can't bind socket:
Permission denied for

But in my log lines there are is no port.

More from my config:

     interface-automatic: no
     outgoing-port-permit: 32768-60999
     outgoing-port-avoid: 0-32767
     ip-transparent: yes

And after these I bind to ip addresses.

    interface: 2001:DB8::5

Could it be auth-zone not using those outgoing-port-permit and
outoging-port-avoid settings - timing from log looks like it could be
caused by rfc7706 config.

Tuomo Soini <tis at>
Foobar Linux services
+358 40 5240030
Foobar Oy <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Unbound-users mailing list