Maintained by: NLnet Labs

unbound-control: general question

Petr Spacek
Mon Feb 29 13:04:11 CET 2016


On 25.2.2016 14:06, A. Schulze via Unbound-users wrote:
> Hello,
> 
> as far as I understand the unbound.conf(5) the communication between
> unbound-control and unbound itself
> always require the setup of an TLS connection. Is this also true when we setup
> control-interface as a unix socket.
> 
> But we could set
>   control-use-cert: no
>   control-interface: /path/to/socket
> 
> My question: how much less secure is such setup?

Basically as secure as access to the socket. If only root has access to it
then it is just fine (at least on Linux) because kernel will enforce access
control.

If somebody manages to get around MAC in Linux kernel you have bigger problems
than Unbound configuration :-)

-- 
Petr Spacek  @  Red Hat