about unbound and systemd units
Rubén Torrero Marijnissen
rtorreromarijnissen at suse.de
Fri Nov 16 16:02:28 UTC 2018
Hi,
I'm doing some package maintenance for Unbound in SLES. We are
migrating from cron to systemd-timers and I've come up, based on what
I've seen being done in other distros, with the following solution
regarding unbound-anchor and unbound relation and I'd like some
feedback on this, specially if you'd done it in a different way. I was
getting suggestions to have unbound-anchor.timer enabled by default
(even if unbound.service is not) but I'd say this way is better because
it only runs unbound-anchor.servce if unbound.servce is running, but I
might be completely wrong:
unbound-anchor.service
----------------------
[Unit]
Description=update of the root trust anchor for DNSSEC validation in
unbound
Documentation=man:unbound-anchor(8)
[Service]
Type=oneshot
User=unbound
ExecStart=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c
/etc/unbound/icannbundle.pem
SuccessExitStatus=1
unbound-anchor.timer
--------------------
[Unit]
Description=daily update of the root trust anchor for DNSSEC
Documentation=man:unbound-anchor(8)
BindsTo=unbound.service
[Timer]
# Current DNSKEY TTL in root zone is 172800 seconds, i.e.
172800/60/60/24 = 2 days.
# It means that unboud-anchor should be run at least once a day.
OnCalendar=daily
Persistent=true
AccuracySec=24h
[Install]
WantedBy=unbound.service
unbound.service
---------------
[Unit]
Description=Unbound recursive Domain Name Server
After=syslog.target network.target
After=unbound-keygen.service
Wants=unbound-keygen.service
After=unbound-anchor.timer
Wants=unbound-anchor.timer
Before=nss-lookup.target
Wants=nss-lookup.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/unbound
#ExecStartPre=/sbin/runuser --shell /bin/sh -c "/usr/sbin/unbound-
anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem"
unbound
ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor -a
/var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
ExecStartPre=/usr/sbin/unbound-checkconf
ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
[Install]
WantedBy=multi-user.target
Thanks,
Rubén Torrero Marijnissen
More information about the Unbound-users
mailing list