Deprecation notice for BIND 9.20+: Unix Domain Sockets for control channel (rndc)
Ondřej Surý
ondrej at isc.org
Tue Sep 12 07:01:32 UTC 2023
Hello,
in line with out deprecation policy, I am notifying the mailing list about deprecation
of the 'unix' clause in the controls {} configuration block. The support for Unix
Domain Sockets is already non-operational since BIND 9.18.0 and it is a fatal
error in named. This is properly documented in BIND 9.18.0 release notes and
known issues.
We are now proceeding to complete remove the rest of the code and documentation
from BIND 9.20+ (future release).
The 'unix' description from the ARM:
> A :any:`unix` control channel is a Unix domain socket listening at the
> specified path in the file system. Access to the socket is specified by
> the ``perm``, ``owner``, and ``group`` clauses. Note that on some platforms
> (SunOS and Solaris), the permissions (``perm``) are applied to the parent
> directory as the permissions on the socket itself are ignored.
In BIND 9.20:
1. Using 'unix' option in 'controls {}' block in named.conf will be a fatal error in named and named-checkconf
In BIND 9.18 :
1. Using 'unix' option in 'controls {}' block in named.conf is already a fatal error in named
The original issue is tracked under: https://gitlab.isc.org/isc-projects/bind9/-/issues/1759
This is tracked under https://gitlab.isc.org/isc-projects/bind9/-/issues/4311
Cheers,
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
More information about the bind-users
mailing list