Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NSD not running on v0.41 #1527

Closed
alento-group opened this Issue Mar 2, 2019 · 13 comments

Comments

Projects
None yet
3 participants
@alento-group
Copy link

alento-group commented Mar 2, 2019

People are reporting that NSD is not running .... it looks like the port is already in use by BIND. Isn't BIND supposed to only listen on localhost? Something is not right here.

https://discourse.mailinabox.email/t/problems-with-nsd4-on-a-fresh-server/4686

@0xFelix

This comment has been minimized.

Copy link
Contributor

0xFelix commented Mar 3, 2019

According to this output BIND is exactly doing what it is supposed to. It is listening on port 53 on localhost (127.0.0.1) but not on the public ip address of the host. I'd suggest to rather read nsd's logfile before jumping to false conclusions.

@virse

This comment has been minimized.

Copy link

virse commented Mar 3, 2019

Hey 0xFelix,
the logs gives me:

[2019-03-02 17:02:12.756] nsd[13631]: error: can't bind tcp socket: Cannot assign requested address
[2019-03-02 17:02:12.756] nsd[13631]: error: cannot open control interface ::1 8952
[2019-03-02 17:02:12.756] nsd[13631]: error: could not open remote control port
[2019-03-02 17:02:12.756] nsd[13631]: error: could not perform remote control setup
[2019-03-02 17:02:12.973] nsd[13637]: notice: nsd starting (NSD 4.1.17)
[2019-03-02 17:02:12.977] nsd[13637]: error: can't bind tcp socket: Cannot assign requested address
[2019-03-02 17:02:12.977] nsd[13637]: error: cannot open control interface ::1 8952
[2019-03-02 17:02:12.977] nsd[13637]: error: could not open remote control port
[2019-03-02 17:02:12.977] nsd[13637]: error: could not perform remote control setup

Thx for helping

Best reards

@alento-group

This comment has been minimized.

Copy link
Author

alento-group commented Mar 3, 2019

I'd suggest answering a question without the attack! There was no false conclusion - there was a question of whether or not that was the proper behaviour.
I have posted on the discussion board asking the users in question for output of the nsd.log file.
Logs have already been posted in the discussion board thread.

@0xFelix

This comment has been minimized.

Copy link
Contributor

0xFelix commented Mar 3, 2019

Sorry, did not mean to be rude. Yes it is proper behaviour for bind to use port 53 on localhost.

@virse Did you disable IPv6 by chance?

@alento-group

This comment has been minimized.

Copy link
Author

alento-group commented Mar 3, 2019

@0xFelix No problem, thanks! I somehow imagined that BIND was listening on the external IP - not sure where I saw that, but it is not in the posts now. I realized that BIND should be listening on localhost but not on the external IP which is what prompted the question, which you have now clarified, thanks again!

@virse

This comment has been minimized.

Copy link

virse commented Mar 3, 2019

Hey 0xFelix:

No IPv6 is running:

# lsof -c nginx -a -i6
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   19483 www-data   12u  IPv6 106316      0t0  TCP *:http (LISTEN)
nginx   19483 www-data   14u  IPv6 106318      0t0  TCP *:https (LISTEN)
nginx   19484 www-data   12u  IPv6 106316      0t0  TCP *:http (LISTEN)
nginx   19484 www-data   14u  IPv6 106318      0t0  TCP *:https (LISTEN)
nginx   29753     root   12u  IPv6 106316      0t0  TCP *:http (LISTEN)
nginx   29753     root   14u  IPv6 106318      0t0  TCP *:https (LISTEN)

Best regards

@virse

This comment has been minimized.

Copy link

virse commented Mar 3, 2019

Interesting with netstat there is no nsd with ipv6:

netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      15680/postgrey --pi 
tcp        0      0 0.0.0.0:4200            0.0.0.0:*               LISTEN      24461/shellinaboxd  
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      12579/perl          
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      23957/dovecot       
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      24146/master        
tcp        0      0 127.0.0.1:10222         0.0.0.0:*               LISTEN      8175/python         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      19483/nginx: worker 
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      453/perl            
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      12310/named         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      448/sshd            
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      24146/master        
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      12310/named         
tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN      13616/opendkim      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      19483/nginx: worker 
tcp        0      0 127.0.0.1:8893          0.0.0.0:*               LISTEN      21029/opendmarc     
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      23957/dovecot       
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1/init              
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      23957/dovecot       
tcp6       0      0 :::587                  :::*                    LISTEN      24146/master        
tcp6       0      0 :::80                   :::*                    LISTEN      19483/nginx: worker 
tcp6       0      0 :::4949                 :::*                    LISTEN      12729/perl          
tcp6       0      0 :::22                   :::*                    LISTEN      448/sshd            
tcp6       0      0 :::25                   :::*                    LISTEN      24146/master        
tcp6       0      0 :::443                  :::*                    LISTEN      19483/nginx: worker 
tcp6       0      0 :::4190                 :::*                    LISTEN      23957/dovecot       
tcp6       0      0 :::993                  :::*                    LISTEN      1/init              
tcp6       0      0 :::995                  :::*                    LISTEN      23957/dovecot 

best regards

@0xFelix

This comment has been minimized.

Copy link
Contributor

0xFelix commented Mar 3, 2019

What does ip ad say on your system?

@virse

This comment has been minimized.

Copy link

virse commented Mar 3, 2019

ip ad says:

ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:3e:2c:d6 brd ff:ff:ff:ff:ff:ff
    inet 167.86.81.230/24 brd 167.86.81.255 scope global ens18
       valid_lft forever preferred_lft forever
@0xFelix

This comment has been minimized.

Copy link
Contributor

0xFelix commented Mar 3, 2019

IPv6 seems to be globally disabled on your system? Your loopback interface has no v6 address (::1) but nsd requires it in the configuration deployed by mailinabox.

@alento-group

This comment has been minimized.

Copy link
Author

alento-group commented Mar 3, 2019

I am a bit confused ... I have many MiaB installs running without IPv6. Are you saying that it is supposed to be a requirement? Or is it now a requirement that MiaB is running on Ubuntu 18.04?

@0xFelix

This comment has been minimized.

Copy link
Contributor

0xFelix commented Mar 3, 2019

Even though you have no external IPv6 connectivity the system may still have IPv6 enabled for the loopback interface (::1) and link-local adresses (fe80::) on other interfaces. Therefore yes, IPv6 is a requirement for mailinabox. See this old issue #296

@virse

This comment has been minimized.

Copy link

virse commented Mar 3, 2019

thank you 0xFelix!

sysctl -w net.ipv6.conf.all.disable_ipv6=0
and
sysctl -w net.ipv6.conf.default.disable_ipv6=0

did the trick. my provider disabled ipv6 in his installations on Ubuntu 18.04.

Best regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.