-
Notifications
You must be signed in to change notification settings - Fork 887
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request: UNIX socket for HTTP API #8677
Comments
I don't work for OX, so this is just my personal opinion. 1. I basically agreeAdding unix-socket support should be relatively trivial, and the cost of running the calls up & down the TCP stack is a little unnecessary. A unix socket is opened differently (but only slightly) from a TCP socket, but from then onwards the API is identical, on Linux anyway, so all the existing code should just work. This is my experience. However, I would think your use case, of most API calls originating on the same host, is probably relatively niche. 2. Your firewall issueYou can mostly resolve your firewall issue by only listening on one of the
Linux is really very good about safeguarding
Our experience is that the 3. Abstract NamespaceI've never come across that before - thanks :) - I always thought using a file as a socket was unnecessary and, if the server didn't remove it at termination, you were left with an annoying problem. |
I need this too, I'm using pdns inside docker. Now I must set pdns as a dependency of the "controller" container, and restart both when I just want to restart pdns. |
+1 |
This would be amazing. I need the socket because of: With TCP API, this situation would require to open the API Port on the physical NIC, listening only on 127.0.0.1:8081 would leed to no access for pdns-admin inside docker. With Socket, i could simply passthrough as a Docker Volume to pdns-admin. Same issue happens with dnsdist or recursor, putting them inside docker and publishing the UDP Ports, leads to Truncated messages. Cheers :-) |
It would simplify our integration with PowerDNS if the HTTP API were available via a unix/local socket rather than TCP. TCP entails firewall configuration and additional overhead, whereas a unix/local socket is much simpler.
On Linux, ideally this would also support abstract-namespace sockets (cf.
man 7 unix
) in order to avoid the race conditions inherent with filesystem-based sockets.The text was updated successfully, but these errors were encountered: