unbound-control: general question

Petr Spacek pspacek at redhat.com
Mon Feb 29 12:04:11 UTC 2016

On 25.2.2016 14:06, A. Schulze via Unbound-users wrote:
> Hello,
> as far as I understand the unbound.conf(5) the communication between
> unbound-control and unbound itself
> always require the setup of an TLS connection. Is this also true when we setup
> control-interface as a unix socket.
> But we could set
>   control-use-cert: no
>   control-interface: /path/to/socket
> My question: how much less secure is such setup?

Basically as secure as access to the socket. If only root has access to it
then it is just fine (at least on Linux) because kernel will enforce access

If somebody manages to get around MAC in Linux kernel you have bigger problems
than Unbound configuration :-)

Petr Spacek  @  Red Hat

More information about the Unbound-users mailing list