Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move BIND command channel port to avoid clashing with Unbound (Bug #7271) #416

Closed
wants to merge 3 commits into from
+8 −7
Closed

Move BIND command channel port to avoid clashing with Unbound (Bug #7271) #416

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5fb1095
Move BIND command channel port to avoid clashing with Unbound (Bug #7…
doktornotor Sep 3, 2017
b359b3a
Bump port revision
doktornotor Sep 3, 2017
3f0f3dc
Remove useless conf_mount_{ro,rw} calls
doktornotor Oct 21, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions dns/pfSense-pkg-bind9/files/usr/local/pkg/bind.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,13 +109,17 @@ function bind_sync() {
conf_mount_rw();
// Create rndc
$rndc_confgen = "/usr/local/sbin/rndc-confgen";
if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)) {
exec("$rndc_confgen ", $rndc_conf);
if (is_executable($rndc_confgen)) {
// Bug #7271: do not use the default command channel port, it conflicts with Unbound
unlink_if_exists(BIND_LOCALBASE . "/etc/rndc-confgen.pfsense");
exec("$rndc_confgen -p 8953 ", $rndc_conf);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can I suggest:
exec("$rndc_confgen -p 8953 -A hmac-sha256 ", $rndc_conf);

Whilst hmac-md5 remains the BIND default, MD5 is broken. It seems worth hardening the command channel by using SHA256 whilst this code is being touched.

$confgen_file = "";
foreach ($rndc_conf as $line) {
$confgen_file .= "$line\n";
}
file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsense", $confgen_file);
} else {
log_error("[bind] $rndc_confgen not found, please reinstall bind package.");
}
$rndc_bindconf = "";
$rndc_file = "";
Expand Down