> I'll discuss tweaks to the diff below but I'm in two minds about whether > we want it. We don't enable the control socket in unbound by default at > present (there is a diff somewhere to move this to unix domain sockets > which we'd much prefer over network sockets..) Be aware, there is a > downside to adding entries to /etc/services on OpenBSD. It isn't just a > handy list of ports, it is used to populate net.inet.tcp.baddynamic and > net.inet.udp.baddynamic which are used to block off ports from dynamic > port allocation.
Absolutely! > > > +named-rndc 953/tcp # Domain Name System > > > (DNS) BIND RNDC Service > > > +named-rndc 953/udp # Domain Name System > > > (DNS) BIND RNDC Service > > BIND uses TCP for the control socket, so if this does go in, please > do not list the UDP one. Well it depends what policy we want. Looking at the file most entries have both even if only one protocol is effectively in use. > > 12345678901234567890123456789012345678901234567890123456789012345678901234567890 > > > imaps 993/tcp # imap4 protocol over > > > TLS/SSL > > > imaps 993/udp # imap4 protocol over > > > TLS/SSL > > > pop3s 995/tcp spop3 # pop3 protocol over > > > TLS/SSL > > > @@ -301,6 +303,8 @@ spamd 8025/tcp # > > > spamd(8) > > > spamd-sync 8025/udp # spamd(8) > > > synchronisation > > > spamd-cfg 8026/tcp # spamd(8) configuration > > > dhcpd-sync 8067/udp # dhcpd(8) > > > synchronisation > > > +nsd-cntl 8952/tcp # NSD authoritative DNS server > > > control > > > +unbound-cntl 8953/tcp # Unbound validating, > > > recursive, and caching DNS server control > > > hunt 26740/udp # hunt(6) > > +1 on sperreault's comment to use iana names. And let's try not > to go over 80 columns unnecessarily please. > -- Antoine