On 25.2.2016 14:06, A. Schulze via Unbound-users wrote: > Hello, > > as far as I understand the unbound.conf(5) the communication between > unbound-control and unbound itself > always require the setup of an TLS connection. Is this also true when we setup > control-interface as a unix socket. > > But we could set > control-use-cert: no > control-interface: /path/to/socket > > My question: how much less secure is such setup?
Basically as secure as access to the socket. If only root has access to it then it is just fine (at least on Linux) because kernel will enforce access control. If somebody manages to get around MAC in Linux kernel you have bigger problems than Unbound configuration :-) -- Petr Spacek @ Red Hat
