> On 21 Mar 2022, at 14:51, MAYER Hans <hans.ma...@iiasa.ac.at> wrote: > > > Looking at the log I see: > network: error: creating TLS socket: permission denied > > Why doesn’t named have the permissions after a „rndc reload“ but it has the > permissions after a start ? And why on one server but not on another ? > In both cases the daemon is running as user „bind“ with UID below 128 but not > as root.
Because it usually starts as root and it demotes itself to “bind” whenever possible. Maybe there is a mechanism in Linux to grant permission to a certain UID to bind() a socket to certain privileged port number, as it is used for NTP on FreeBSD? Borja. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
