> I'll discuss tweaks to the diff below but I'm in two minds about whether
> we want it. We don't enable the control socket in unbound by default at
> present (there is a diff somewhere to move this to unix domain sockets
> which we'd much prefer over network sockets..) Be aware, there is a
> downside to adding entries to /etc/services on OpenBSD. It isn't just a
> handy list of ports, it is used to populate net.inet.tcp.baddynamic and
> net.inet.udp.baddynamic which are used to block off ports from dynamic
> port allocation.

Absolutely!

> > > +named-rndc       953/tcp                         # Domain Name System 
> > > (DNS) BIND RNDC Service
> > > +named-rndc       953/udp                         # Domain Name System 
> > > (DNS) BIND RNDC Service
> 
> BIND uses TCP for the control socket, so if this does go in, please
> do not list the UDP one.

Well it depends what policy we want. Looking at the file most entries have both 
even if only one protocol is effectively in use.

>      
> 12345678901234567890123456789012345678901234567890123456789012345678901234567890
> > >  imaps            993/tcp                         # imap4 protocol over 
> > > TLS/SSL
> > >  imaps            993/udp                         # imap4 protocol over 
> > > TLS/SSL
> > >  pop3s            995/tcp         spop3           # pop3 protocol over 
> > > TLS/SSL
> > > @@ -301,6 +303,8 @@ spamd         8025/tcp                        # 
> > > spamd(8)
> > >  spamd-sync       8025/udp                        # spamd(8) 
> > > synchronisation
> > >  spamd-cfg        8026/tcp                        # spamd(8) configuration
> > >  dhcpd-sync       8067/udp                        # dhcpd(8) 
> > > synchronisation
> > > +nsd-cntl 8952/tcp                        # NSD authoritative DNS server 
> > > control
> > > +unbound-cntl     8953/tcp                        # Unbound validating, 
> > > recursive, and caching DNS server control
> > >  hunt             26740/udp                       # hunt(6)
> 
> +1 on sperreault's comment to use iana names. And let's try not
> to go over 80 columns unnecessarily please.
> 

-- 
Antoine

Reply via email to