[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: unbound(8): disable explicit port randomisation
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2020-08-24 17:15:21
Message-ID: 88509.1598289321 () cvs ! openbsd ! org
[Download RAW message or body]

i've discusssed this offline with florian (many times, over the years)

It is quite possible there will be subtle behaviour changes, but in a
system configuration where "other programs on the machine are using also
ports quickly", we both expect unbound will behave *better* using kernel
support rather than doing the port probing itself.  Port probing to
detect what is available is simply a crazy workaround for systems which
don't have a way to perform the magic we do.

Florian Obser <florian@openbsd.org> wrote:

> With the update sthen@ just put in we can enable this:
> 
>   --disable-explicit-port-randomisation
>                           disable explicit source port randomisation and rely
>                           on the kernel to provide random source ports
> 
> OK?
> 
> diff --git Makefile.bsd-wrapper Makefile.bsd-wrapper
> index ff9bc927592..c4abf8dbb97 100644
> --- Makefile.bsd-wrapper
> +++ Makefile.bsd-wrapper
> @@ -17,7 +17,8 @@ CONFIGURE_OPTS_UNBOUND=	--enable-allsymbols \
>  			--with-rootkey-file=/var/unbound/db/root.key \
>  			--with-conf-file=${CHROOTDIR}/etc/unbound.conf \
>  			--with-username=_unbound \
> -			--disable-shared
> +			--disable-shared \
> +			--disable-explicit-port-randomisation
>  
>  # do not remove, breaks unwind(8)
>  CONFIGURE_OPTS_UNBOUND+= --without-pthreads
> 
> 
> 
> -- 
> I'm not entirely sure you are real.
> 

[prev in list] [next in list] [prev in thread] [next in thread]