[nsd-users] NSD still shows permission errors on Debian 10 Buster

Anand Buddhdev anandb at ripe.net
Thu May 28 10:26:57 UTC 2020

On 27/05/2020 17:52, Wouter Wijngaards via nsd-users wrote:

Hi Wouter,

> I tried to fix the contrib nsd.service by adding Simon's suggestion to
> it, if that is wrong let me know:
> https://github.com/NLnetLabs/nsd/commit/922d5a27f8b291b1157530cfde49707c134cf486

I have a suggestion. Maybe just delete this nsd.service file. To be 
honest, it's not very useful because it has a random mix of directives 
that don't help, or actually interfere with running NSD properly. As an 
example, it has this directive:

RestrictAddressFamilies=AF_INET AF_UNIX

But what about AF_INET6 then? The above will prevent NSD from being able 
to bind to an IPv6 socket.

I don't know where this file came from, but it's not good. If it's in 
there, people will use it. If you really want to provide a systemd unit 
file, then provide a minimal one that will work on most systems. A 
packager for a particular distro can add things to it if he likes. 
Additionally, if a user wants to tighten things up, they can always 
create an overlay for this unit file on their systems. Adding to a 
systemd unit is easier than removing existing directives in the base 
unit file.


More information about the nsd-users mailing list