Dnstap Re: Deprecation notice for BIND 9.20+: Unix Domain Sockets for control channel (rndc)

Tue, 12 Sep 2023 09:19:05 -0700

No objections, however I hope somebody lets me know if the same thing is contemplated for Dnstap and what the timeline is. I won't be unduly lathered by such an occurrence but I'd rather not have fire drills (and it's not just me it's people / projects downstream of me). 

FTR, I've always used an IP address with RNDC.

On Tue, 12 Sep 2023, Ondřej Surý wrote:


[...] The support for Unix
Domain Sockets is already non-operational since BIND 9.18.0 and it is a fatal
error in named. This is properly documented in BIND 9.18.0 release notes and
known issues.

We are now proceeding to complete remove the rest of the code and documentation
from BIND 9.20+ (future release).

[...]

1. Using 'unix' option in 'controls {}' block in named.conf is already a fatal 
error in named

The original issue is tracked under: 
https://gitlab.isc.org/isc-projects/bind9/-/issues/1759
This wasn't particularly reassuring considering the Dnstap case. It discusses something called "netmgr" which is used for "incoming DNS queries and responses" and that now is apparently being adapted to a control channel; it talks about modifying it to support outbound TCP connections.
Dnstap has never been a server, it establishes an outbound connection to a listener (server) on a unix socket. Seems like TCP has always been an option for rndc, while it's never been an option for Dnstap; so that's a difference, there's no explicit migration path at this moment.
Personally I'd be happy to see the last of framestreams (we don't need the handshake, I've never used it and I've only ever seen it create confusion for people trying to roll their own servers). I'd love to see UDP so that we could get multicast (without a T/MG), but that doesn't allow for the Dnstap overhead since DNS message sizes are already capped at the maximum possible size of a UDP message. 

Doing nothing is an option. ;-)


Thanks for all the work you do...

--

Fred Morris

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to