[nsd-users] NSD still shows permission errors on Debian 10 Buster

Wouter Wijngaards wouter at nlnetlabs.nl
Thu May 28 11:06:21 UTC 2020


Hi Anand,

On 28/05/2020 12:26, Anand Buddhdev via nsd-users wrote:
> On 27/05/2020 17:52, Wouter Wijngaards via nsd-users wrote:
> 
> Hi Wouter,
> 
>> I tried to fix the contrib nsd.service by adding Simon's suggestion to
>> it, if that is wrong let me know:
>> https://github.com/NLnetLabs/nsd/commit/922d5a27f8b291b1157530cfde49707c134cf486
>>
> 
> I have a suggestion. Maybe just delete this nsd.service file. To be
> honest, it's not very useful because it has a random mix of directives
> that don't help, or actually interfere with running NSD properly. As an

Thank you for the suggestion.  Removed it.  Complicated and not useful
is not what I want for a contrib file, instead I would want files in
contrib to be helpful and add to make use of NSD in different
environments easier.

Yes the removal of IPv6 also seems counterproductive to me.

Best regards, Wouter

> example, it has this directive:
> 
> RestrictAddressFamilies=AF_INET AF_UNIX
> 
> But what about AF_INET6 then? The above will prevent NSD from being able
> to bind to an IPv6 socket.
> 
> I don't know where this file came from, but it's not good. If it's in
> there, people will use it. If you really want to provide a systemd unit
> file, then provide a minimal one that will work on most systems. A
> packager for a particular distro can add things to it if he likes.
> Additionally, if a user wants to tighten things up, they can always
> create an overlay for this unit file on their systems. Adding to a
> systemd unit is easier than removing existing directives in the base
> unit file.
> 
> Regards,
> Anand
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users


More information about the nsd-users mailing list