diff --git a/doc/configuration.texi b/doc/configuration.texi
index 688c36622587c58ed99388d330dcc145792a817f..1f1a5cab3680c03254b61333fac1c4db09d00545 100644
--- a/doc/configuration.texi
+++ b/doc/configuration.texi
@@ -223,12 +223,13 @@ Deleting a last RR also removes its RRSIG.
 @section Remote control interface
 
 As of v1.3.0, it is possible to control running daemon using UNIX sockets,
-which is also preferred over internet sockets.
+which is also preferred over internet sockets. You don't need any specific configuration,
+since it is enabled by default and the UNIX socket is placed in the rundir.
+To disable remote control completely, add an empty @code{control} section to the
+configuration like:
 
 @example
-control @{
-	listen-on "knot.sock";
-@}
+control @{ @}
 @end example
 
 However you can still use IPv4/IPv6 address, although with several shortcomings.
@@ -238,6 +239,13 @@ but the default port for remote control protocol is @code{5533}.
 However keep in mind, that the transferred data isn't encrypted and could be
 susceptible to replay attack in a short timeframe.
 
+Example configuration:
+@example
+control @{
+	listen-on @{ address 127.0.0.1@@5533; @}
+@}
+@end example
+
 @node Enabling zone semantic checks
 @section Enabling zone semantic checks
 You can turn on more detailed semantic
diff --git a/doc/reference.texi b/doc/reference.texi
index 5487a517bd995f074e1200a0b07c1a68e4cf8203..57324b75e21f8fc9624d7d9ed5a0f4a3ddefb2a1 100644
--- a/doc/reference.texi
+++ b/doc/reference.texi
@@ -623,8 +623,7 @@ control @{
 The @code{control} statement specifies on which interface to listen for remote control commands.
 Caution: The control protocol is not encrypted,
 and susceptible to replay attack in a short timeframe until message digest expires,
-for that reason, it is recommended to enable remote control only on private networks
-or loopback.
+for that reason, it is recommended to use default UNIX sockets.
 
 @menu
 * control Syntax::
@@ -652,8 +651,8 @@ Control interface @code{listen-on} either defines a UNIX socket or an
 IPv4/IPv6 @code{interface} definition as in @ref{interfaces}.
 Default port for IPv4/v6 control interface is @code{5533},
 however UNIX socket is preferred.
-UNIX socke address is relative to @code{rundir} if not specified as an absolute
-path.
+UNIX socket address is relative to @code{rundir} if not specified as an absolute
+path. Without any configuration, the socket will be created in @code{rundir/knot.sock}.
 
 @node control Examples
 @subsection Examples
@@ -661,7 +660,7 @@ path.
 UNIX socket example:
 @example
 control @{
-        listen-on "knot.sock";
+        listen-on "/var/run/knot/knot.sock";
 @}
 @end example
 
diff --git a/samples/knot.full.conf b/samples/knot.full.conf
index a06be69344bc4d73fac11c8feb6a94dd66771bae..36289789f4f4b26d2484dc7431373a23e24d7823 100644
--- a/samples/knot.full.conf
+++ b/samples/knot.full.conf
@@ -184,7 +184,7 @@ groups {
 control {
 
   # Specifies interface, syntax is exactly the same as in 'interfaces' section
-  # Default: OFF
+  # Default: $(run_dir)/knot.sock
   listen-on "knot.sock";
 
   # As an alternative, you can use an IPv4/v6 address and port
diff --git a/src/knot/conf/cf-parse.y b/src/knot/conf/cf-parse.y
index 6d856ed1866bb9e4ea1a89ca1c89c89760d45024..663adad2e59c87515b8c9c566ad999ce8968cee2 100644
--- a/src/knot/conf/cf-parse.y
+++ b/src/knot/conf/cf-parse.y
@@ -1002,7 +1002,7 @@ ctl_allow_start:
   ;
 
 control:
-   CONTROL '{'
+   CONTROL '{' { new_config->ctl.have = true; }
  | control ctl_listen_start '{' interface '}' {
      if (this_iface->address == 0) {
        cf_error(scanner, "control interface has no defined address");
diff --git a/src/knot/conf/conf.c b/src/knot/conf/conf.c
index 067a90b5130f509591d1fd43d4853ade95c8d91f..bfe19761c3fe0a1545cb37a1417950c1d9230ca8 100644
--- a/src/knot/conf/conf.c
+++ b/src/knot/conf/conf.c
@@ -215,8 +215,17 @@ static int conf_process(conf_t *conf)
 		}
 	}
 
-	/* Control interface. */
+	/* Default interface. */
 	conf_iface_t *ctl_if = conf->ctl.iface;
+	if (!conf->ctl.have && ctl_if == NULL) {
+		ctl_if = malloc(sizeof(conf_iface_t));
+		memset(ctl_if, 0, sizeof(conf_iface_t));
+		ctl_if->family = AF_UNIX;
+		ctl_if->address = strdup("knot.sock");
+		conf->ctl.iface = ctl_if;
+	}
+
+	/* Control interface. */
 	if (ctl_if) {
 		if (ctl_if->family == AF_UNIX) {
 			ctl_if->address = conf_abs_path(conf->rundir,
diff --git a/src/knot/conf/conf.h b/src/knot/conf/conf.h
index 83a8ff2b53a20312b68df629aa3f7e569864f13c..73e24dc3648bd4cfbbece5df3a96f8f89ef0d260 100644
--- a/src/knot/conf/conf.h
+++ b/src/knot/conf/conf.h
@@ -178,6 +178,7 @@ typedef struct conf_control_t {
 	conf_iface_t *iface; /*!< Remote control interface. */
 	list allow;          /*!< List of allowed remotes. */
 	acl_t* acl;          /*!< ACL. */
+	bool have;           /*!< Set if configured. */
 } conf_control_t;
 
 /*!
diff --git a/src/knot/main.c b/src/knot/main.c
index e739a9e5e84fd607573882aa3f555596c1b055cc..c5e693c791d6f112c2a93fc73d8e293afddc21fa 100644
--- a/src/knot/main.c
+++ b/src/knot/main.c
@@ -304,9 +304,9 @@ int main(int argc, char **argv)
 		/* Bind to control interface. */
 		uint8_t buf[65535]; /*! \todo #2035 should be on heap */
 		size_t buflen = sizeof(buf);
-		conf_iface_t *ctl_if = conf()->ctl.iface;
 		int remote = -1;
-		if (ctl_if != NULL) {
+		if (conf()->ctl.iface != NULL) {
+			conf_iface_t *ctl_if = conf()->ctl.iface;
 			memset(buf, 0, buflen);
 			if (ctl_if->port)
 				snprintf((char*)buf, buflen, "@%d", ctl_if->port);
@@ -328,7 +328,8 @@ int main(int argc, char **argv)
 
 			/* Events. */
 			if (ret > 0) {
-				ret = remote_process(server, ctl_if, remote, buf, buflen);
+				ret = remote_process(server, conf()->ctl.iface,
+				                     remote, buf, buflen);
 				switch(ret) {
 				case KNOT_CTL_RESTART:
 					sig_req_rst = 1; /* Fall through */