getting Unbound started, keeping it going
michael at stroeder.com
Tue May 22 10:36:52 UTC 2018
Anand Buddhdev via Unbound-users wrote:
> On 20/05/2018 23:16, Adam Gold via Unbound-users wrote:
>> Here's my systemd:
>> Description=Unbound DNS server
>> LimitNOFILE = 65536
>> ExecStart = /usr/local/sbin/unbound -c /etc/unbound/unbound.conf
>> ExecReload = /bin/kill -HUP $MAINPID
>> User = unbound
> This makes systemd switch to user "unbound" (non-privileged user)
> *before* starting unbound, and so it cannot bind to port 53. Remove this
> line so that systemd can start unbound can start as root and bind to
> port 53. After that, unbound drops privileges by itself (as directed by
> the "username" option in unbound.conf).
One could also start unbound service with User=unbound but let systemd
assign capability CAP_NET_BIND_SERVICE to the unbound process.
See CapabilityBoundingSet= and AmbientCapabilities= in systemd.exec(5).
More information about the Unbound-users