-
-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide remote-control over Unix domain socket #633
Comments
Moreover, Unix domain sockets are quite fast. I've already asked Adguard home team, providing the pros and cons, to implement it in their software |
Oh man, you stunned me. I thought my father to my Unbound ticket, then I realized you share the same name. |
The feature already exists. Set the With |
Indeed, that seems truly like an issue in the docs. Read it multiple times:
It obviously shoud mention Unix domain socket, local socket is just totally overlooked. It can be simply misunderstood with a TCP socket listening on localhost. |
Works for me now:
and denied:
@wcawijngaards Should I open a followup ticket for docs? |
Does the unbound-control process have the privileges to access the file in the /var/run directory? Perhaps you need to sudo that, or set the permissions on the socket the way you like it. I can update the docs :-) |
The error is just fine since I tried to access the socket as an unpriviledged user. As root I am perfectly able to access it:
|
Added a commit to fix the documentation issue that you talked about. Is that something that fixes the text you think? Good to see that it is working for you. |
Almost, I would even make it in the first sentence: If you set it to an absolute path, a unix domain socket is used. This socket |
Dank u |
Okay, I updated to the new text in the commit. Good to fix the documentation! |
* nlnet/master: (27 commits) Changelog note for NLnetLabs#644, move commands together for library binary. Make `install-lib` make target install the pkg-config file. - Fix configure for python to use sysutils, because distutils is deprecated. It uses sysutils when available, distutils otherwise. - Fix for NLnetLabs#637: fix integer overflow checks in sldns_str2period. - Fix NLnetLabs#637: Integer Overflow in sldns_str2period function. - Fix compile warnings for printf ll format on mingw compile. - Various fixes for NLnetLabs#632: variable initialisation, convert the qinfo to str once, accept trailing dot in the local-zone ipset option. Changelog entry for NLnetLabs#632 - Merge PR NLnetLabs#632 from scottrw93: Match cnames in ipset. - Added tests for ipset. - Fix pythonmod for change in iter_dp_is_useless function prototype. - Fix for edns client subnet option add fix in removal code, from review. - Fix edns client subnet to add the option based on the option list, so that it is not state dependent, after the state fix of NLnetLabs#605 for double EDNS options. Changelog entry for NLnetLabs#623: - Merge NLnetLabs#623 from rex4539: Fix typos. - Fix NLnetLabs#630: Unify the RPZ log messages. - Fix for NLnetLabs#633: updated fix with new text. - Fix NLnetLabs#633: Document unix domain socket support for unbound-control. - Fix check interface existence for support detection in remote lookup. - update Makefile dependencies. - Fix to detect that no IPv6 support means that IPv6 addresses are useless for delegation point lookups. Match cnames in ipset ...
Currently, remote control forces users to fiddle with certificates to make transport and authentication secure even if it is listening on localhost. Proposal is to utilize Unix domain sockets as an alternative to TCP sockets.
Benefits:
unbound:wheel
and everyone inwheel
can communicate with the processNote: UDS is now also available on Windows as well.
Default path could be
/var/run/unbound-remote-control.sock
. Ideally configured in a way that it does not need to be passed constantly tounbound-control(8)
(read from config file, like-s
).New option could be
-u /path/to/socket
.The text was updated successfully, but these errors were encountered: