From ae30fe25d70a449a973247579b44b50f4e9ef1ba Mon Sep 17 00:00:00 2001 From: Girish Ramakrishnan Date: Mon, 12 Dec 2022 22:57:18 +0100 Subject: [PATCH] unbound: disable controller interface explicitly https://github.com/NLnetLabs/unbound/issues/806 --- CHANGES | 1 + scripts/init-ubuntu.sh | 4 ++-- setup/start/unbound.conf | 5 +++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 283f739be..0a9510b3c 100644 --- a/CHANGES +++ b/CHANGES @@ -2579,6 +2579,7 @@ * Start with a default to not fail if no swap is present * Fix bug in cert cleanup logic causing it to repeatedly cleanup * Fix crash in RBL check +* unbound: disable controller interface explicitly [7.4.0] * Update base image to jammy diff --git a/scripts/init-ubuntu.sh b/scripts/init-ubuntu.sh index ee53f2cea..d9223627f 100755 --- a/scripts/init-ubuntu.sh +++ b/scripts/init-ubuntu.sh @@ -179,8 +179,8 @@ systemctl disable systemd-resolved || true # on vultr, ufw is enabled by default. we have our own firewall ufw disable || true -# we need unbound to work as this is required for installer.sh to do any DNS requests -echo -e "server:\n\tinterface: 127.0.0.1\n" > /etc/unbound/unbound.conf.d/cloudron-network.conf +# we need unbound to work as this is required for installer.sh to do any DNS requests. control-enable is for https://github.com/NLnetLabs/unbound/issues/806 +echo -e "server:\n\tinterface: 127.0.0.1\n\nremote-control:\n\tcontrol-enable: no\n" > /etc/unbound/unbound.conf.d/cloudron-network.conf systemctl restart unbound # Ubuntu 22 has private home directories by default (https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/) diff --git a/setup/start/unbound.conf b/setup/start/unbound.conf index 86b58d363..67fbe2b64 100644 --- a/setup/start/unbound.conf +++ b/setup/start/unbound.conf @@ -14,3 +14,8 @@ server: # enable below for logging to journalctl -u unbound # verbosity: 5 # log-queries: yes + +# https://github.com/NLnetLabs/unbound/issues/806 +remote-control: + control-enable: no +