blob: ee928e7b98c200ef40863c44c60c587fd0ce59c9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[
{ type: install
message: <<EOM
As of version 3.0.0, gdnsd no longer has the ability to bind to
privileged ports and then drop privileges. As a result, you must use
mac_portacl to allow the gdnsd user to bind to 53 udp/tcp.
Please execute the following commands to prep this system to run gdnsd:
echo "# required for gdnsd3">>/boot/loader.conf.local
echo 'mac_portacl_load="YES"' >>/boot/loader.conf.local
echo 'accf_dns_load="YES"' >>/boot/loader.conf.local
echo 'accf_data_load="YES"' >>/boot/loader.conf.local
echo "# required for gdnsd3">>/etc/sysctl.conf.local
echo "security.mac.portacl.suser_exempt=1">>/etc/sysctl.conf.local
echo "security.mac.portacl.port_high=1023">>/etc/sysctl.conf.local
echo "net.inet.ip.portrange.reservedlow=0">>/etc/sysctl.conf.local
echo "net.inet.ip.portrange.reservedhigh=0">>/etc/sysctl.conf.local
echo "security.mac.portacl.rules=uid:179:udp:53,uid:179:tcp:53">>/etc/sysctl.conf.local
Then, either reboot or run the following commands to implement the above
changes:
kldload mac_portacl
kldload accf_dns
kldload accf_data
service sysctl reload
EOM
}
]
|
