On 2014/07/15 16:35, Antoine Jacoutot wrote:
> > I'll discuss tweaks to the diff below but I'm in two minds about whether
> > we want it. We don't enable the control socket in unbound by default at
> > present (there is a diff somewhere to move this to unix domain sockets
> > which we'd much prefer over network sockets..) Be aware, there is a
> > downside to adding entries to /etc/services on OpenBSD. It isn't just a
> > handy list of ports, it is used to populate net.inet.tcp.baddynamic and
> > net.inet.udp.baddynamic which are used to block off ports from dynamic
> > port allocation.
> 
> Absolutely!
> 
> > > > +named-rndc     953/tcp                         # Domain Name System 
> > > > (DNS) BIND RNDC Service
> > > > +named-rndc     953/udp                         # Domain Name System 
> > > > (DNS) BIND RNDC Service
> > 
> > BIND uses TCP for the control socket, so if this does go in, please
> > do not list the UDP one.
> 
> Well it depends what policy we want. Looking at the file most entries have 
> both even if only one protocol is effectively in use.

Looking at the file though, most of those are older entries - I think
new entries should be specific, and where we have knowledge of the
protocols we should remove silly old ones. BGP, Gopher, HTTP, POP,
and IMAP over UDP look like good candidates for example..

> >      
> > 12345678901234567890123456789012345678901234567890123456789012345678901234567890
> > > >  imaps          993/tcp                         # imap4 protocol over 
> > > > TLS/SSL
> > > >  imaps          993/udp                         # imap4 protocol over 
> > > > TLS/SSL
> > > >  pop3s          995/tcp         spop3           # pop3 protocol over 
> > > > TLS/SSL
> > > > @@ -301,6 +303,8 @@ spamd               8025/tcp                        
> > > > # spamd(8)
> > > >  spamd-sync     8025/udp                        # spamd(8) 
> > > > synchronisation
> > > >  spamd-cfg      8026/tcp                        # spamd(8) configuration
> > > >  dhcpd-sync     8067/udp                        # dhcpd(8) 
> > > > synchronisation
> > > > +nsd-cntl       8952/tcp                        # NSD authoritative DNS 
> > > > server control
> > > > +unbound-cntl   8953/tcp                        # Unbound validating, 
> > > > recursive, and caching DNS server control
> > > >  hunt           26740/udp                       # hunt(6)
> > 
> > +1 on sperreault's comment to use iana names. And let's try not
> > to go over 80 columns unnecessarily please.

Oh, 8953 is in already.

Reply via email to