Hi Fred,
the Dnstap UDS support is only tangential to this - the support for AF_UNIX is
implemented in the fstrm library
and is outside of the scope for this change.
Ondřej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 12. 9. 2023, at 18:18, Fred Morris <m3...@m3047.net> wrote:
>
> No objections, however I hope somebody lets me know if the same thing is
> contemplated for Dnstap and what the timeline is. I won't be unduly lathered
> by such an occurrence but I'd rather not have fire drills (and it's not just
> me it's people / projects downstream of me).
>
> FTR, I've always used an IP address with RNDC.
>
> On Tue, 12 Sep 2023, Ondřej Surý wrote:
>>
>> [...] The support for Unix
>> Domain Sockets is already non-operational since BIND 9.18.0 and it is a fatal
>> error in named. This is properly documented in BIND 9.18.0 release notes and
>> known issues.
>>
>> We are now proceeding to complete remove the rest of the code and
>> documentation
>> from BIND 9.20+ (future release).
>>
>> [...]
>>
>> 1. Using 'unix' option in 'controls {}' block in named.conf is already a
>> fatal error in named
>>
>> The original issue is tracked under:
>> https://gitlab.isc.org/isc-projects/bind9/-/issues/1759
>
> This wasn't particularly reassuring considering the Dnstap case. It discusses
> something called "netmgr" which is used for "incoming DNS queries and
> responses" and that now is apparently being adapted to a control channel; it
> talks about modifying it to support outbound TCP connections.
>
> Dnstap has never been a server, it establishes an outbound connection to a
> listener (server) on a unix socket. Seems like TCP has always been an option
> for rndc, while it's never been an option for Dnstap; so that's a difference,
> there's no explicit migration path at this moment.
>
> Personally I'd be happy to see the last of framestreams (we don't need the
> handshake, I've never used it and I've only ever seen it create confusion for
> people trying to roll their own servers). I'd love to see UDP so that we
> could get multicast (without a T/MG), but that doesn't allow for the Dnstap
> overhead since DNS message sizes are already capped at the maximum possible
> size of a UDP message.
>
> Doing nothing is an option. ;-)
>
>
> Thanks for all the work you do...
>
> --
>
> Fred Morris
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
