Next: Enabling zone semantic checks, Previous: Using DNS UPDATE, Up: Knot DNS Configuration [Contents][Index]
As of v1.3.0, it is possible to control running daemon using UNIX sockets,
which is also preferred over internet sockets. You don’t need any specific configuration,
since it is enabled by default and the UNIX socket is placed in the rundir.
To disable remote control completely, add an empty control
section to the
configuration like:
control { }
However you can still use IPv4/IPv6 address, although with several shortcomings.
You then can use allow
for an ACL list similar to xfr-in
or xfr-out
,
see that for syntax reference. The listen-on
has syntax equal to an interface specification,
but the default port for remote control protocol is 5533
.
However keep in mind, that the transferred data isn’t encrypted and could be
susceptible to replay attack in a short timeframe.
Example configuration:
control { listen-on { address 127.0.0.1@5533; } }