Maintained by: NLnet Labs

unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf

Phil Mayers
Wed Nov 4 17:35:07 CET 2015

On 04/11/2015 15:49, Tomas Hozza wrote:

> If you have some strong technical argument for this behavior I would
> be more than glad to hear it. The reason is that similar people will
> fight hard against having Unbound as the default DNS resolver in
> Fedora, which is our ultimate plan. Ability to spare hundreds of
> emails arguing with them would be great :)

Which "behaviour"?

I'm honestly confused. As far as I can tell, everything is working as 
designed here.

The code tries to open an IPv6 socket, the kernel tries to load the 
module, SELinux denies and logs this. Each of these items is by design. 
Which are you suggesting should change?

Is it the audit log that is annoying people? If so, the SELinux policy 
should be a dontaudit.

Can we agree that unbound-anchor should not be reading sysctls to change 
it's behaviour?