[nsd-users] NSD still shows permission errors on Debian 10 Buster
Anand Buddhdev
anandb at ripe.net
Thu May 28 10:26:57 UTC 2020
On 27/05/2020 17:52, Wouter Wijngaards via nsd-users wrote:
Hi Wouter,
> I tried to fix the contrib nsd.service by adding Simon's suggestion to
> it, if that is wrong let me know:
> https://github.com/NLnetLabs/nsd/commit/922d5a27f8b291b1157530cfde49707c134cf486
I have a suggestion. Maybe just delete this nsd.service file. To be
honest, it's not very useful because it has a random mix of directives
that don't help, or actually interfere with running NSD properly. As an
example, it has this directive:
RestrictAddressFamilies=AF_INET AF_UNIX
But what about AF_INET6 then? The above will prevent NSD from being able
to bind to an IPv6 socket.
I don't know where this file came from, but it's not good. If it's in
there, people will use it. If you really want to provide a systemd unit
file, then provide a minimal one that will work on most systems. A
packager for a particular distro can add things to it if he likes.
Additionally, if a user wants to tighten things up, they can always
create an overlay for this unit file on their systems. Adding to a
systemd unit is easier than removing existing directives in the base
unit file.
Regards,
Anand
More information about the nsd-users
mailing list