Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kresd: Unified listen declarations #75803

Merged
merged 1 commit into from Dec 27, 2019
Merged

kresd: Unified listen declarations #75803

merged 1 commit into from Dec 27, 2019

Conversation

fooker
Copy link
Contributor

@fooker fooker commented Dec 16, 2019

Deperecates the interfaces option which was used to generate a host:port
list whereas the port was always hardcoded to 53. This unifies the
listen configuration for plain and TLS sockets and allows to specify a
port without an address for wildcard binds.

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @vcunat

@vcunat
Copy link
Member

vcunat commented Dec 17, 2019

🤔 BTW, motivation for this... is just the unification, or do you have some use case for a different port than 53?

@fooker
Copy link
Contributor Author

fooker commented Dec 17, 2019

@vcunat my motivation was to listen to all interfaces on port 53. systemd sockets allow to specify a port without an address which makes the bind to wildcard address. On another setup, I'm currently using unbound (on a high port) behind dnsmasq (on port 53). I will replace this with kresd soon. Therefore an alternative port is needed, too.

@fooker
kresd: Unified listen declarations
f886a14 
Deperecates the interfaces option which was used to generate a host:port
list whereas the port was always hardcoded to 53. This unifies the
listen configuration for plain and TLS sockets and allows to specify a
port without an address for wildcard binds.
@fooker fooker requested a review from andir December 17, 2019 11:45
@vcunat
Copy link
Member

vcunat commented Dec 17, 2019
edited

You can use :: and 0.0.0.0 for wildcards.

Related caveats:

  • Using one socket for both IPv4 and IPv6 (which is what 53 does IIRC) can confuse some modules that take action according to client's address if it's IPv4.
  • Using wildcards can cause issues in case there are multiple source addresses usable back towards the client. (That normally doesn't happen, unless you e.g. use 127.0.0.2.)

@vcunat vcunat self-assigned this Dec 27, 2019
vcunat
vcunat approved these changes Dec 27, 2019
View reviewed changes
Copy link
Member

@vcunat vcunat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks; I looked properly now and I like it. listenPlain naming: I couldn't immediately find a precedent for this; on the other hand interfaces is used for some other servers. Maybe we shouldn't make interfaces deprecated, as it seems more standard currently. Anyway, no other feedback has gathered here, so let me accept this as-is for now.

vcunat added a commit that referenced this pull request Dec 27, 2019
@vcunat
Merge #75803: kresd service: unify listen declarations
c3d4998
@vcunat vcunat merged commit f886a14 into NixOS:master Dec 27, 2019
@fooker fooker deleted the pr-4 branch January 30, 2021 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcunat vcunat vcunat approved these changes

@andir andir Awaiting requested review from andir

Assignees

@vcunat vcunat

Labels
6.topic: nixos 8.has: changelog 8.has: documentation 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fooker @vcunat @andir