SO_BINDTODEVICE failing with virtual interface

[and0x000]

I tried to run NSD 4.3.1 on a machine (Debian 10.4), which uses bonding for LACP. Starting NSD fails with this error message:

setsockopt(..., SO_BINDTODEVICE, ..., ...) failed: No such device

Running it on a pretty much identical setup with plain interfaces works.

Best guess so far is, that SO_BINDTODEVICE introduced with NSD 4.3.0 seems to not play well with virtual devices.

Is it possible to detect such virtual interfaces automatically and subsequently not apply this socket option to avoid startup failures?

Furthermore, the option to disable this functionality for config files (bindtodevice: <yes or no>) seems broken. It is considered invalid by nsd-checkconf. Setting it prevents NSD from being started as well.

[k0ekk0ek]

Hi @and0x000! bindtodevice is an option attribute and should be specified per ip-address, so an = (equal sign) rather than : (colon). Judging by the message though it must indeed have something to do with that option, but bindtodevice should be disabled by default, so I'm really curious what's going on there. Do you have reuseport enabled? Maybe you can paste an anonymized version of the config (server: block is enough)?

[k0ekk0ek]

Looking through the code, there may be an issue when combined with reuseport if bindtodevice is enabled (I'll have a better look tomorrow). Still, if it's not enabled, it shouldn't try to enable it, so still interested in that config 🙂

[and0x000]

hi @k0ekk0ek thanks for the quick reply.
this is my configuration:

server:
    ip-address: 127.0.0.1
    ip-address: ::1
    ip-transparent: yes
    ip-freebind: yes
    reuseport: yes
    debug-mode: no
    database: ""
    identity: ""
    nsid: ""
    server-count: 8
    tcp-count: 250
    tcp-query-count: 0
    tcp-timeout: 5
    ipv4-edns-size: 4096
    ipv6-edns-size: 4096
    port: 53
    username: nsd
    xfrd-reload-timeout: 1
    verbosity: 2
    hide-version: yes
    rrl-size: 1000000
    rrl-ratelimit: 200
    rrl-slip: 2
    rrl-ipv4-prefix-length: 24
    rrl-ipv6-prefix-length: 64
    rrl-whitelist-ratelimit: 4000

ip-freebind and ip-transparent are both required, as it is a HA setup with a hot standby.

I tried specifying the bindtodevice per ip-address but to no avail (iirc). Will test it again tomorrow to be on the safe site though.

Regarding where to specify it, the documentation seems a bit contradictory to me.
From the man pate I thought it would have to be specified as a regular server option. Only from the sample config I got the hint about the attribute.

[and0x000]

Follow-up:

it does not work either with

    ip-address: 127.0.0.1 bindtodevice=no
    ip-address: ::1 bindtodevice=no

[k0ekk0ek]

I think #100 will fix the problem for you. You're probably using a package, but can you try to compile with that fix?

[and0x000]

@k0ekk0ek I got a version with the fix compiled by @asciiprod (kudos). The fix works for my case.