Danny Mayer wrote:
Luc Pardon wrote:
In any case, it looks like it will always listen on 127.0.0.1 and on
the wildcard interface, there is no way to disable those.
Right. That was deliberate. You always want to listen on those addresses
as well as ::1 and ::. Is there and issue with that?
That depends on one's definition of "issue" <g>.
In my view it certainly does not meet the "principle of least
surprise". It might be OK now because of the single -I limitation. But
as soon as we can specify multiple addresses, if I want it to listen on
127.0.0.1 I will tell it to. I mean, I would expect this to be "all or
nothing": Either I let it use the defaults, or I take control. As it is
now, it is a little bit of both and that is, well, surprising.
There is also the issue of security. It is generally accepted as
common sense that one should only install and run the services and open
the ports that are absolutely needed.
You may argue that in this particular case it doesn't hurt, and you
may or may not have a point. But from the "common sense" point of view
that is irrelevant. The only question is: do I absolutely need it under
all circumstances? If not, don't open it.
Just my 0.02 Euro.
Luc
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
