On 2014/07/15 16:35, Antoine Jacoutot wrote: > > I'll discuss tweaks to the diff below but I'm in two minds about whether > > we want it. We don't enable the control socket in unbound by default at > > present (there is a diff somewhere to move this to unix domain sockets > > which we'd much prefer over network sockets..) Be aware, there is a > > downside to adding entries to /etc/services on OpenBSD. It isn't just a > > handy list of ports, it is used to populate net.inet.tcp.baddynamic and > > net.inet.udp.baddynamic which are used to block off ports from dynamic > > port allocation. > > Absolutely! > > > > > +named-rndc 953/tcp # Domain Name System > > > > (DNS) BIND RNDC Service > > > > +named-rndc 953/udp # Domain Name System > > > > (DNS) BIND RNDC Service > > > > BIND uses TCP for the control socket, so if this does go in, please > > do not list the UDP one. > > Well it depends what policy we want. Looking at the file most entries have > both even if only one protocol is effectively in use.
Looking at the file though, most of those are older entries - I think new entries should be specific, and where we have knowledge of the protocols we should remove silly old ones. BGP, Gopher, HTTP, POP, and IMAP over UDP look like good candidates for example.. > > > > 12345678901234567890123456789012345678901234567890123456789012345678901234567890 > > > > imaps 993/tcp # imap4 protocol over > > > > TLS/SSL > > > > imaps 993/udp # imap4 protocol over > > > > TLS/SSL > > > > pop3s 995/tcp spop3 # pop3 protocol over > > > > TLS/SSL > > > > @@ -301,6 +303,8 @@ spamd 8025/tcp > > > > # spamd(8) > > > > spamd-sync 8025/udp # spamd(8) > > > > synchronisation > > > > spamd-cfg 8026/tcp # spamd(8) configuration > > > > dhcpd-sync 8067/udp # dhcpd(8) > > > > synchronisation > > > > +nsd-cntl 8952/tcp # NSD authoritative DNS > > > > server control > > > > +unbound-cntl 8953/tcp # Unbound validating, > > > > recursive, and caching DNS server control > > > > hunt 26740/udp # hunt(6) > > > > +1 on sperreault's comment to use iana names. And let's try not > > to go over 80 columns unnecessarily please. Oh, 8953 is in already.
