Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#991017: unbound: remote-control port 127.0.0.1:8953 was opened to listen unexpectedly
164 views
Skip to first unread message
Michael Tokarev
Apr 18, 2022, 3:50:03 AM4/18/22
to
Control: tag -1 + confirmed
On Tue, 13 Jul 2021 01:11:30 +0000 laalaa laalaa <dbp...@hotmail.com> wrote:
> Package: unbound
> Version: 1.13.1-1
> Severity: normal
> After upgrade from buster to bullseye with same config file, port 127.0.0.1:8953 was additionally listened for.
>
> From man page, this is "remote-control" port and the default "control-enable" is "no".
>
> When adding extra config section "remote-control" as below, the listening port 127.0.0.1:8953 was gone.
>
> remote-control:
> control-enable: no
> server:
> ...
>
> The default setting from man page and the observing behavior mismatch.
This is due to a debian-specific patch, debian/patches/0001-Enable-remote-control-by-default.patch,
which turns on the default value for remote-control (but does not touch the manpage).
This is done as a fix for #923314 "systemctl reload unbound broken.." -
but there were 2 changes in there actually, one was to switch from
unbound-control reload to sending a SIGHUP, and another was to enable
remote-control by default.
Either of the two should be sufficient to fix #923314.
But I think the second change - switching remote-control to on
by default - is not a justified change from upstream here. It
is not turned on by default upstream, and upstream documentation
says it is not enabled by default, too (and even on Debian we
forgot to fix the manpage together with this change).
To me it looks like we should flip the default back to the default
and remove this patch.
Thanks,
/mjt
On Tue, 13 Jul 2021 01:11:30 +0000 laalaa laalaa <dbp...@hotmail.com> wrote:
> Package: unbound
> Version: 1.13.1-1
> Severity: normal
> After upgrade from buster to bullseye with same config file, port 127.0.0.1:8953 was additionally listened for.
>
> From man page, this is "remote-control" port and the default "control-enable" is "no".
>
> When adding extra config section "remote-control" as below, the listening port 127.0.0.1:8953 was gone.
>
> remote-control:
> control-enable: no
> server:
> ...
>
> The default setting from man page and the observing behavior mismatch.
This is due to a debian-specific patch, debian/patches/0001-Enable-remote-control-by-default.patch,
which turns on the default value for remote-control (but does not touch the manpage).
This is done as a fix for #923314 "systemctl reload unbound broken.." -
but there were 2 changes in there actually, one was to switch from
unbound-control reload to sending a SIGHUP, and another was to enable
remote-control by default.
Either of the two should be sufficient to fix #923314.
But I think the second change - switching remote-control to on
by default - is not a justified change from upstream here. It
is not turned on by default upstream, and upstream documentation
says it is not enabled by default, too (and even on Debian we
forgot to fix the manpage together with this change).
To me it looks like we should flip the default back to the default
and remove this patch.
Thanks,
/mjt
0 new messages