From: Colin Vidal <colin@isc.org>
Date: Tue, 16 Sep 2025 13:49:42 +0000 (+0200)
Subject: comment about ifs scan twice the first time
X-Git-Tag: v9.21.14~29^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17a2cbcbc5a8ca4b9b8168fb0dd3dd8ae39e4128;p=thirdparty%2Fbind9.git

comment about ifs scan twice the first time

Add comment message about why we're scanning interfaces twice during the
initial configuration (FreeBSD compatibility). See #3583
---

diff --git a/bin/named/server.c b/bin/named/server.c
index fad8716f809..bb46d6e48ce 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8696,6 +8696,12 @@ apply_configuration(cfg_parser_t *configparser, cfg_obj_t *config,
 		 * Rescan the interface list to pick up changes in the
 		 * listen-on option. This requires the loopmgr to be
 		 * temporarily resumed.
+		 *
+		 * The reason we're doing this the first time (instead of having
+		 * only one scan later) is because we're are dropping root
+		 * privileges shortly after and FreeBSD doesn't have Linux
+		 * capabilities so can't listen to a privileged port without
+		 * being root.
 		 */
 		isc_loopmgr_resume();
 		result = ns_interfacemgr_scan(server->interfacemgr, true, true);