[nsd-users] logs

José Luis Artuch zenbakaitz at speedy.com.ar
Thu Oct 24 13:38:43 UTC 2019 

Thanks Simon,

Exactly, there was the problem !!
I just discovered it at the same time you wrote with the data provided
by Andreas and Jeroen :)

Thank you very much to all three for guiding me !!!

Here what I did:

mkdir -p /var/log/nsd
chown nsd:nsd /var/log/nsd

nano /etc/nsd/nsd.conf
...
logfile: "/var/log/nsd/nsd.log"
...

cp /lib/systemd/system/nsd.service{,_original}
nano /lib/systemd/system/nsd.service
...
ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log/nsd
...

systemctl daemon-reload		<---	!!!!
systemctl restart nsd

Thank you very much again, best regards !!
José Luis

El jue, 24-10-2019 a las 08:58 -0400, Simon Deziel escribió:
> On 2019-10-24 8:46 a.m., José Luis Artuch wrote:
> > Thanks Jeroen,
> > 
> > About permissions and owners:
> > For /var/log/nsd.log, the directory /var/log/ has 755 root:root
> > For /var/log/nsd/nsd.log, I created alternatively a directory
> > /var/log/nsd/ with permissions 664, 666 and 777, for both nsd and
> > root
> > owners.
> > As for NSD user, in /etc/nsd/nsd.conf I have configured username:
> > nsd.
> > 
> > cat /lib/systemd/system/nsd.service
> > [Unit]
> > Description=Name Server Daemon
> > Documentation=man:nsd(8)
> > After=network.target
> > 
> > [Service]
> > Type=notify
> > Restart=always
> > ExecStart=/usr/sbin/nsd -d
> > ExecReload=+/bin/kill -HUP $MAINPID
> > CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE
> > CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
> > MemoryDenyWriteExecute=true
> > NoNewPrivileges=true
> > PrivateDevices=true
> > PrivateTmp=true
> > ProtectHome=true
> > ProtectControlGroups=true
> > ProtectKernelModules=true
> > ProtectKernelTunables=true
> > ProtectSystem=strict
> > ReadWritePaths=/var/lib/nsd /etc/nsd /run
> 
> ProtectSystem=strict turns most of the hierarchy into read only
> mounts
> so you need to add /var/log and/or /var/log/nsd as ReadWritePaths=
> for
> them to be writable by nsd itself. This is normally not needed as
> logging goes through syslog by default but you are likely using
> "logfile" in nsd.conf.
> 
> To add that ReadWritePaths directive:
> 
>   sudo systemctl edit nsd
> 
> Then type and save the following:
> 
> [Service]
> ReadWritePaths=/var/log/nsd
> 
> 
> This will create an override file supplementing the package provided
> unit with your local config.
> 
> HTH,
> Simon
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users

More information about the nsd-users mailing list