Stacey Marshall's Weblog: Stac, Stace, ace - blog space

BIND 9.3.6-P1 requires poll(7d) to improve networking performance which was very badly impacted by the changes applied to BIND to help fight of attack from the Kaminsky issue, Sun Alert 239392.

If BIND's named process is running within a chroot(2) environment then that environment requires the poll device to be installed. Though I recommend using zones(5) and Role-Based Access Control, rbac(5), rather than chroot environments which does then avoid this issue.

Example 1: missing poll device:

# /usr/sbin/named -t /var/named -u dns -f -g
31-Jan-2009 21:07:16.697 starting BIND 9.3.6 -t /var/named -u dns -f -g
31-Jan-2009 21:07:16.697 found 8 CPUs, using 8 worker threads
31-Jan-2009 21:07:16.715 socket.c:3259: unexpected error:
31-Jan-2009 21:07:16.715 open(/dev/poll) failed: No such file or directory
31-Jan-2009 21:07:16.715 ./main.c:495: unexpected error:
31-Jan-2009 21:07:16.715 isc_socketmgr_create() failed: file not found
31-Jan-2009 21:07:16.715 create_managers() failed: unexpected error
31-Jan-2009 21:07:16.715 exiting (due to early fatal error)

The '-t /var/named' option causes named to use the /var/named as the chroot directory. Named is unable to continue because the required device /dev/poll is missing.

To address the missing poll device simply create it:

Example 2: Create poll device with same properties as root (/) device using mknod(1M)

   # ls -ld /devices/pseudo/poll@0:poll
   crw-rw-rw-  1 root  sys  138, 0 May 28 04:25 /devices/pseudo/poll@0:poll
   # cd /var/named/dev
   # ls
   null    random
   # mknod poll c 138 0
   # chmod 666 poll

If using SMF remember to clear and re-enable the service:

   # svcadm clear svc:/network/dns/server:default
   # svcadm enable svc:/network/dns/server:default