safer default interfaces.

git-svn-id: file:///svn/unbound/trunk@737 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index ee7c160b52ed9d25faf9975a3141fc807679e7df..a1676d7dd19da44af1a69a9d1fa609b35ccf65e7 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
        - default config file is /etc/unbound/unbound.conf.
          If it doesn't exist, it is installed with the doc/example.conf file.
          The file is not deleted on uninstall.
+       - default listening is not all, but localhost interfaces.
        
 8 November 2007: Wouter
        - Fixup chroot and drop user privileges.

diff --git a/doc/example.conf b/doc/example.conf
index 1c9b8a4a17444983166923226a6a10f9835e38ba..b88a8d50aa91526c4a35164217dd43c1c6f623eb 100644 (file)
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -19,7 +19,8 @@ server:
        # num-threads: 1
 
        # specify the interfaces to answer queries from by ip-address.
-       # If you give none the default (all) interface is used.
+       # The default is to listen to localhost (127.0.0.1 and ::1).
+       # specify 0.0.0.0 and ::0 to bind to all available interfaces.
        # specify every interface on a new 'interface:' labelled line.
        # interface: 192.0.2.153
        # interface: 192.0.2.154

diff --git a/doc/unbound.conf.5 b/doc/unbound.conf.5
index c3e3f2a6e845299adaa21b10aa57e2c6f9113779..fdb0cdbe9674fa6280a8e48ae16f9eabce9cda5c 100644 (file)
--- a/doc/unbound.conf.5
+++ b/doc/unbound.conf.5
@@ -78,7 +78,7 @@ The port number, default 53, on which the server responds to queries.
 Interface to use to connect to the network. This interface is listened to
 for queries from clients, and answers to clients are given from it.
 Can be given multiple times to work on several interfaces. If none are 
-given the default (all) is used.
+given the default is to listen to localhost.
 .It \fBoutgoing-interface:\fR <ip address>
 Interface to use to connect to the network. This interface is used to send
 queries to authoritative servers and receive their replies. Can be given 
@@ -87,8 +87,8 @@ default (all) is used. You can specify the same interfaces in
 .Ic interface:
 and
 .Ic outgoing-interface:
-lines, the interfaces are then used for both purposes. Queries are sent
-via a random interface to counter spoofing.
+lines, the interfaces are then used for both purposes. Outgoing queries are 
+sent via a random outgoing interface to counter spoofing.
 .It \fBoutgoing-port:\fR <port number>
 The starting port number where the outgoing query port range is allocated.
 Default is 1053.

diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
index 960a8f37696eb326ff6ec1d51a32d817d4c30c59..52ec206af766825f497e0683f666925749cc7eae 100644 (file)
--- a/services/listen_dnsport.c
+++ b/services/listen_dnsport.c
@@ -409,7 +409,7 @@ listening_ports_open(struct config_file* cfg)
        if(cfg->num_ifs == 0) {
                if(do_ip6) {
                        hints.ai_family = AF_INET6;
-                       if(!ports_create_if(NULL, cfg->do_udp, do_tcp, 
+                       if(!ports_create_if("::1", cfg->do_udp, do_tcp, 
                                &hints, portbuf, &list)) {
                                listening_ports_free(list);
                                return NULL;
@@ -417,7 +417,7 @@ listening_ports_open(struct config_file* cfg)
                }
                if(do_ip4) {
                        hints.ai_family = AF_INET;
-                       if(!ports_create_if(NULL, cfg->do_udp, do_tcp, 
+                       if(!ports_create_if("127.0.0.1", cfg->do_udp, do_tcp, 
                                &hints, portbuf, &list)) {
                                listening_ports_free(list);
                                return NULL;