PowerDNS: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
Line 50: Line 50:
<source lang=ini>
<source lang=ini>
# /lib/systemd/system/var-chroot-run-systemd-notify.mount
# /lib/systemd/system/var-chroot-run-systemd-notify.mount
[Unit]
After=zfs-mount.service
Requires=var-chroot.mount
[Mount]
[Mount]
What=/run/systemd/notify
What=/run/systemd/notify

Revision as of 17:12, 13 October 2017

Kategorie: DNS

PowerDNS Server (pdns_server)

Logging with systemd and syslog-ng

1. Tell the journald of systemd to forward messages to syslog: In /etc/systemd/journald.conf set it from 

#ForwardToSyslog=yes

to 

ForwardToSyslog=yes

Then restart the journald 

# systemctl restart systemd-journald.service

2. Tell syslog-ng to take the dev-log-socket from journald as input:

Change the part in /etc/syslog-ng/syslog-ng.conf from 

source s_src {
       system();
       internal();
};

to 

source s_src {
       system();
       internal();
       unix-dgram ("/run/systemd/journal/dev-log"); 
};

chroot with systemd

# mkdir -p /var/chroot/run/systemd
# touch /var/chroot/run/systemd/notify



# /lib/systemd/system/var-chroot-run-systemd-notify.mount
[Unit]
After=zfs-mount.service
Requires=var-chroot.mount

[Mount]
What=/run/systemd/notify
Where=/var/chroot/run/systemd/notify
Type=none
Options=bind

# /lib/systemd/system/pdns.service
[Unit]
Description=PowerDNS Authoritative Server
Documentation=man:pdns_server(1) man:pdns_control(1)
Documentation=https://doc.powerdns.com
Wants=network-online.target
After=network-online.target mysqld.service postgresql.service slapd.service mariadb.service
After=var-chroot-run-systemd-notify.mount

[Service]
Type=notify
ExecStart=/usr/sbin/pdns_server --guardian=no --daemon=no --write-pid=no
Restart=on-failure
RestartSec=1
StartLimitInterval=0
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
NoNewPrivileges=true
# ProtectSystem=full will disallow write access to /etc and /usr, possibly
# not being able to write slaved-zones into sqlite3 or zonefiles.
ProtectSystem=full
ProtectHome=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

[Install]
WantedBy=multi-user.target

# /lib/systemd/system/pdns-recursor.service
[Unit]
Description=PowerDNS Recursor
Documentation=man:pdns_recursor(1) man:rec_control(1)
Documentation=https://doc.powerdns.com
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target
After=network-online.target
After=var-chroot-run-systemd-notify.mount

[Service]
Type=notify
ExecStart=/usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog
Restart=on-failure
StartLimitInterval=0
PrivateTmp=true
PrivateDevices=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
NoNewPrivileges=true
ProtectSystem=full
ProtectHome=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
LimitNOFILE=4200

[Install]
WantedBy=multi-user.target
Retrieved from "https://lars.timmann.de/wiki/index.php?title=PowerDNS&oldid=1818"