1 |
john@×××××××××××××××.nz wrote: |
2 |
|
3 |
>Hi, |
4 |
>I'm having my first experience with gnap on a soekris unit. |
5 |
> |
6 |
>Everything almost works. The catch is dnsmasq. |
7 |
>It always says "cannot make/bind socket permission denied" |
8 |
>on whatever upstream servers I use. |
9 |
> |
10 |
>I used netstat to ensure that no other dns servers had bound to port 53. |
11 |
>192.168.1.2 is the adsl router. |
12 |
> |
13 |
>my conf file is |
14 |
> |
15 |
>query-port=53 |
16 |
>interface=eth1 |
17 |
>domain-needed |
18 |
> |
19 |
>server=/danske.co.nz/192.168.40.254 |
20 |
>server=192.168.1.2 |
21 |
> |
22 |
>dhcp-authoritative |
23 |
>dhcp-range=192.168.41.16,192.168.41.64,infinite |
24 |
> |
25 |
> |
26 |
>Can anyone shed light on this for me please? |
27 |
> |
28 |
> |
29 |
|
30 |
Some general info that might be helpful. |
31 |
|
32 |
You need to have root permission to bind to port 53. |
33 |
|
34 |
You don't need to (and you shouldn't) use port 53 as source port when |
35 |
you do a query to an upstream server. |
36 |
|
37 |
The daemon should drop root privileges to a non-root UID after it has |
38 |
opened the listening socket (that is and should be bind to port 53). (I |
39 |
havent checked if dnsmasq does this but since you get permission denied, |
40 |
I guess it does) |
41 |
|
42 |
What happens if you remove the "query-port=53" line? |
43 |
|
44 |
What happens if you set query-port to something above 1024? |
45 |
|
46 |
You can try dnrd if you want an alternative to dnsmasq. But it does not |
47 |
have an integrated dhcp service so you probably want to stay with dnsmasq. |
48 |
|
49 |
-- |
50 |
Natanael Copa |
51 |
|
52 |
-- |
53 |
gentoo-embedded@g.o mailing list |