unbound-control: general question

Petr Spacek pspacek at redhat.com
Mon Feb 29 12:04:11 UTC 2016


On 25.2.2016 14:06, A. Schulze via Unbound-users wrote:
> Hello,
> 
> as far as I understand the unbound.conf(5) the communication between
> unbound-control and unbound itself
> always require the setup of an TLS connection. Is this also true when we setup
> control-interface as a unix socket.
> 
> But we could set
>   control-use-cert: no
>   control-interface: /path/to/socket
> 
> My question: how much less secure is such setup?

Basically as secure as access to the socket. If only root has access to it
then it is just fine (at least on Linux) because kernel will enforce access
control.

If somebody manages to get around MAC in Linux kernel you have bigger problems
than Unbound configuration :-)

-- 
Petr Spacek  @  Red Hat



More information about the Unbound-users mailing list