safer default interfaces.

git-svn-id: file:///svn/unbound/trunk@737 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2007-11-09 14:15:21 +00:00 · 2007-11-09 14:15:21 +00:00 · d41f40b028
commit d41f40b028
parent 518e7511d7
4 changed files with 8 additions and 6 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -3,6 +3,7 @@
 	- default config file is /etc/unbound/unbound.conf.
 	  If it doesn't exist, it is installed with the doc/example.conf file.
 	  The file is not deleted on uninstall.
+	- default listening is not all, but localhost interfaces.
 	
 8 November 2007: Wouter
 	- Fixup chroot and drop user privileges.
--- a/doc/example.conf
+++ b/doc/example.conf
@ -19,7 +19,8 @@ server:
 	# num-threads: 1

 	# specify the interfaces to answer queries from by ip-address.
-	# If you give none the default (all) interface is used.
+	# The default is to listen to localhost (127.0.0.1 and ::1).
+	# specify 0.0.0.0 and ::0 to bind to all available interfaces.
 	# specify every interface on a new 'interface:' labelled line.
 	# interface: 192.0.2.153
 	# interface: 192.0.2.154
--- a/doc/unbound.conf.5
+++ b/doc/unbound.conf.5
@ -78,7 +78,7 @@ The port number, default 53, on which the server responds to queries.
 Interface to use to connect to the network. This interface is listened to
 for queries from clients, and answers to clients are given from it.
 Can be given multiple times to work on several interfaces. If none are 
-given the default (all) is used.
+given the default is to listen to localhost.
 .It \fBoutgoing-interface:\fR <ip address>
 Interface to use to connect to the network. This interface is used to send
 queries to authoritative servers and receive their replies. Can be given 
@ -87,8 +87,8 @@ default (all) is used. You can specify the same interfaces in
 .Ic interface:
 and
 .Ic outgoing-interface:
-lines, the interfaces are then used for both purposes. Queries are sent
-via a random interface to counter spoofing.
+lines, the interfaces are then used for both purposes. Outgoing queries are 
+sent via a random outgoing interface to counter spoofing.
 .It \fBoutgoing-port:\fR <port number>
 The starting port number where the outgoing query port range is allocated.
 Default is 1053.
--- a/services/listen_dnsport.c
+++ b/services/listen_dnsport.c
@ -409,7 +409,7 @@ listening_ports_open(struct config_file* cfg)
 	if(cfg->num_ifs == 0) {
 		if(do_ip6) {
 			hints.ai_family = AF_INET6;
-			if(!ports_create_if(NULL, cfg->do_udp, do_tcp, 
+			if(!ports_create_if("::1", cfg->do_udp, do_tcp, 
 				&hints, portbuf, &list)) {
 				listening_ports_free(list);
 				return NULL;
@ -417,7 +417,7 @@ listening_ports_open(struct config_file* cfg)
 		}
 		if(do_ip4) {
 			hints.ai_family = AF_INET;
-			if(!ports_create_if(NULL, cfg->do_udp, do_tcp, 
+			if(!ports_create_if("127.0.0.1", cfg->do_udp, do_tcp, 
 				&hints, portbuf, &list)) {
 				listening_ports_free(list);
 				return NULL;