[Unbound-users] [PATCH] UNIX sockets support for unbound-control
Ilya_Bakulin at genua.de
Fri Aug 3 14:10:51 UTC 2012
We develop a product that contains unbound server, and we want to use
unbound-control utility for managing running unbound instances. This utility
looks very powerful, with ability to query server status, flush/restore zone
caches and even add new zone entries on the fly.
One thing that we miss is the ability to control unbound via unix sockets.
This may be quite useful and secure setup. Using unix sockets makes it
possible to use traditional unix permissions for controlling access to
unbound, and it's impossible to access control interface when an attacker
occasionally breaks some other chrooted process on the system (because chroot
restricts access only to file system namespace, not to IP sockets namespace).
The other advantage is that they are faster than local TCP, which may be
useful if loading cache via load_cache command.
Attached is a patch that adds unix sockets support to unbound and
unbound-control. After applying patch it is possible to have such
Additionally, this patch fixes log_addr() function in libunbound, that is not
fully compatible with unix sockets.
This patch is made for unbound 1.4.15.
Please review attached patch and tell me if you find this feature useful! :-)
Gesellschaft fuer Netzwerk- und Unix-Administration mbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de
Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander,
Bernhard Schneck. Amtsgericht Muenchen HRB 98238
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4829 bytes
Desc: not available
More information about the Unbound-users