[nsd-users] nsd can't bind udp socket: Address already in use

zongo saiba zongosaiba at gmail.com
Wed Jul 10 14:20:22 CEST 2013


On 10/07/2013 12:29, Anand Buddhdev wrote:
> On 10/07/2013 12:10, zongo saiba wrote:
>
> Hi Zongo,
>
>> Sorry i forgot to mention that NSD is listening on port 5353
>> Unbound is listening 53.
>> One of my main goal is to have unbound talk directly to NSD for
>> authoritative server on 127.0.0.1 only.
>> For that I understood that unbound and NSD would have to use the same
>> port - Is this correct ?
>> Nevertheless, i tried the same port "53" but got same error message as
>> mentioned above>
> Okay, so you're on a Mac, where port 5353 is already in use by
> mDNSResponder. Just configure your NSD to use some other high-numbered port.
>
> Regards,
>
> Anand

@inigo

Creating a virtual network on OS X is not an easy task. I do no that you 
have to go through the GUI to do so. The NIC gets created but does not 
work with DNS. Was going down the road of 'tun/tap' as well as the setup 
of this server is going to go into a virtual environment. First needs to 
finish the testing :)

Thanks Anand. That was easily solved:) The error has gone and I now have 
NSD and Unbound working great.
One question though about reverse lookup which is not working with 
current setup. Any idea what i could change to have the reverse lookup 
work ?
The setup is based on 'https://calomel.org/unbound_dns.html' and 
'https://wiki.archlinux.org/index.php/Unbound

Also i am getting this error
*10/07/2013 14:03:12.523 unbound[705]: [705:0] error: could not open 
autotrust file for writing, /usr/local/etc/unbound/root.key.705-0: 
Permission denied*
Is it safe to disregard?  Was reading that it appears to not affect 
unbound process. I can tell that unbound is still working properly :)

Below is my setup.
*NSD Setup: *

server:
ip-address: 127.0.0.1
port: 56
server-count: 1
hide-version: yes
identity: ""
username: nsd
database: /usr/local/etc/nsd/nsd.db
pidfile: /usr/local/etc/nsd.pid
zonesdir: /usr/local/etc/nsd

key:
         name: "sec_key"
         algorithm: hmac-md5
         secret: "654c6da8f3b0fd8fe819669daf07996738d21a53c02c731b0aee6373"

zone:
         name: zalloc.lan
         zonefile: zalloc.lan.forward
zone:
         name: 1.168.192.in-addr.arpa
         zonefile: zalloc.lan.reverse

*Forward-Zone *

server:
$ORIGIN zalloc.lan.     ; default zone domain
$TTL 86400              ; default time to live

@ IN SOA kagami.zalloc.lan. admin.zalloc.lan. (
                 2013010704 ; serial number
                 28800      ; refresh
                 7200       ; retry
                 864000     ; expire
                 86400      ; min ttl
                 )

                 NS      kagami.zalloc.lan.
                 MX      10 mail.zalloc.lan.

router  IN      A       192.168.1.1
kagami  IN      A       192.168.1.38

*Reverse-Zone *

$ORIGIN zalloc.lan.     ; default zone domain
$TTL 86400              ; default time to live

1.168.192.in-addr.arpa. IN      SOA     kagami.zalloc.lan. 
admin.zalloc.lan. (
                 2013010704      ; serial number
                 28800           ; refresh
                 7200            ; retry
                 864000          ; expire
                 86400           ; min ttl

38.1.168.192.in-addr.arpa.              IN PTR kagami.zalloc.lan.
1.1.168.192.in-addr.arpa.               IN PTR router.zalloc.lan.


Unbound Set Up:

server:
         verbosity: 3
         val-log-level: 2
         interface: 127.0.0.1
         access-control: 127.0.0.1/8 allow
         access-control: 192.168.1.0/24 allow
         interface-automatic: no
         module-config: "validator iterator"
         chroot: ""
         port: 53
         do-ip4: yes
         do-ip6: yes
         do-udp: yes
         do-tcp: yes
         hide-identity: yes
         hide-version: yes
         harden-glue: yes
         harden-dnssec-stripped: yes
         use-caps-for-id: yes
         cache-min-ttl: 3600
         cache-max-ttl: 86400
         prefetch: yes
         prefetch-key: yes
         num-threads: 4
         root-hints: "/usr/local/etc/unbound/root.hints"

#### OPTIMIZATION ####

         msg-cache-slabs: 8
         rrset-cache-slabs: 8
         infra-cache-slabs: 8
         key-cache-slabs: 8
         rrset-cache-size: 256m
         msg-cache-size: 128m
         so-rcvbuf: 4m
         private-address: 192.168.1.0/24
         private-domain: "zalloc.lan"
         domain-insecure: "zalloc.lan"
         unwanted-reply-threshold: 10000
         do-not-query-localhost: no
         val-clean-additional: yes
         auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"

         local-zone: "doubleclick.net" redirect
         local-data: "doubleclick.net A 127.0.0.1"
         local-zone: "googlesyndication.com" redirect
         local-data: "googlesyndication.com A 127.0.0.1"
         local-zone: "googleadservices.com" redirect
         local-data: "googleadservices.com A 127.0.0.1"
         local-zone: "google-analytics.com" redirect
         local-data: "google-analytics.com A 127.0.0.1"
         local-zone: "ads.youtube.com" redirect
         local-data: "ads.youtube.com A 127.0.0.1"
         local-zone: "adserver.yahoo.com" redirect
         local-data: "adserver.yahoo.com A 127.0.0.1"

# 127.0.0.1
         local-zone: "localhost." static
         local-data: "localhost. 10800 IN NS localhost."
         local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 
1 3600 1200 604800 10800"
         local-data: "localhost. 10800 IN A 127.0.0.1"
         local-zone: "127.in-addr.arpa." static
         local-data: "127.in-addr.arpa. 10800 IN NS localhost."
         local-data: "127.in-addr.arpa. 10800 IN SOA localhost. 
nobody.invalid. 2 3600 1200 604800 10800"
         local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost"

          # Local Zones
         local-zone: "192.in-addr.arpa." typetransparent
         forward-zone:
         name: "zalloc.lan"
*forward-addr: 127.0.0.1 at 56 --> I have asked Unbound to forward to port 
56 where NSD is listening*
         forward-zone:
         name: "192.in-addr.arpa."
*forward-addr: 127.0.0.1 at 56 --> Same here*

remote-control:
         control-enable: yes
         control-interface: 127.0.0.1
         control-port: 8953
         server-key-file: 
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_server.key"
         server-cert-file: 
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_server.pem"
         control-key-file: 
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_control.key"
         control-cert-file: 
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_control.pem"


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://open.nlnetlabs.nl/pipermail/nsd-users/attachments/20130710/a009a801/attachment-0001.html>


More information about the nsd-users mailing list