nsd users - Jul 2013 - Fwd: Re: nsd can't bind udp socket: Address already in use

Rick,

My apologies :)

zongo

-------- Original Message --------
Subject: 	Re: [nsd-users] nsd can't bind udp socket: Address already in use
Date: 	Wed, 10 Jul 2013 19:33:20 +0200
From: 	Rick van Rein (OpenFortress) <rick at openfortress.nl>
To: 	zongo saiba <zongosaiba at gmail.com>



zongo,

you only sent this to me?

-rick

On Jul 10, 2013, at 7:04 PM, zongo saiba <zongosaiba at gmail.com> wrote:
> On 10/07/2013 18:42, Rick van Rein (OpenFortress) wrote:
>> Hi,
>>
>>> The same file suggests:
>>> # The Dynamic and/or Private Ports are those from 49152 through
65535
>>> so pick one in that range to be on the safe side.
>> Hmm, these are the so-called ephemeral ports, which are automatically
assigned, pretty much at random, if you don't bind to a local port before
you make an outbound connection.  It's a bit strange to be picking a port in
that range for a server process.  I would go for the range up to 49152 since
those are fixated.  You'd have to accept that 5353 has been taken, but at
least any problems claiming a port are always the same and not something you
would resolve with trying again or rebooting.  Let's not turn UNIX into
Windows, shall we?  ;-)
>>
>> -Rick
>> _______________________________________________
>> nsd-users mailing list
>> nsd-users at NLnetLabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> Thank you guys for all your reply.
> Unbound and NSD working beautifully. NSD being the authoritative on
127.0.0.1
> NSD is running on port 49152 with queries forwarded to that port from
unbound on 127.0.0.1 at 49152.
> When i reload unbound --> i still get 'error: could not open
autotrust file for writing, /usr/local/etc/unbound/root.key.705-0: Permission
denied'
> When i run 'unbound-anchor -a /root.key' i get no complaining
> When i run ' +dnssec @127.0.0.1 ukuug.jpmens.org txt' i get the
'ad' flag. DNSSEC is validating with correct RRSIG.
> I know Rick answered me once already on this: But the fact that i validate
DNSSEC with known good RRSIG would that mean its safe to ignore ? I think I did
not quite get the meaning of the answer from Rick. My apologies for that :)
> I am also getting this message quite often
> '10/07/2013 19:01:56.530 unbound[705]: *** process 705 exceeded 500 log
message per second limit  -  remaining messages this second discarded ***'
> If any one would be so kind to shade some light on that error message, that
would be wonderful :)
>
> Kind Regards,
>
> zongo saiba
>
>
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20130710/01892d8f/attachment.htm>