Unbound port 953

  • I get that when running the DNS resolver (unbound) on pfsense its configured to use port 953 as a "control port", which I am guessing is what basically allows the GUI to send commands to it. However when I look at my states table, specifically for my loopback interface, I can not help but continually notice like 30+ connections all in a FIN_WAIT_2:FIN_WAIT_2 state. Is this normal, just seems weird that it needs to talk to itself so frequently?

  • Did a packet capture to try and get a better idea of what traffic exactly was being sent over the "Control Port". Which granted I can only assume is inline with the commands listed in the unbound-control man page. However all the traffic was encrypted, in all fairness something that I should of seen coming. But even when I tried to apply the control key to decrypt the captured packets I still could not see their contents. Regardless though of what they specifically contain my curiosity is still centered around as to why their are about 30+ all in a FIN_WAIT_2:FIN_WAIT_2 state at any given time.

  • Galactic Empire

    It's all traffic on the loopback address nowt to be worried about.

  • @NogBadTheBad I know that its on the loopback address and I technically don't have to worry about it. But I am simply more personally curious about it then anything else. Like I get its there to send things like the start command or to collect stats etc (thus entirely benign traffic) though it doesn't really exactly explain why it has to open 30+ connections to do that not to mention leave them open for give or take a minute at a time if they are already in a state of being finished.

