Eugene M. Kim wrote: > Greetings, > > I am running a VPN gateway, where interfaces come and go frequently. I > set up BIND so that it listens on all interfaces. > It seems that, instead of listening on a wildcard IPv4 address (*:53, > that is), BIND monitors for address changes on all interfaces and > creates a separate listening socket for each address (note that IPv6 > uses the wildcard address, but IPv4 does not):
I suspect that you are using something like "listen-on-v6 { any; };" in which case this is normal behavior. > Then, when a new address comes up (such as on a dynamically created L2TP > tun(4) interface), BIND tries to listen on it, but fails because it is > running setuid as bind: That is also normal behavior. > The only workarounds that I can think of is either to run BIND as setuid > root, or to restart (not reload) BIND every time a new VPN connection > comes up, both of which I am not comfortable with. > > Any better ideas? Nope, sorry. That is how it works. Doug -- This .signature sanitized for your protection _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"