Hi, Subscribed specially to reply to the subject thread.
I am also trying to run nsd on debian buster, and it's not working so nicely. :-)
error: Cannot open /var/log/nsd.log for appending (Read-only file system), logging to stderr warning: failed to unlink pidfile /run/nsd/nsd.pid: Permission denied
I added "/var/log" and "/run/nsd" ReadWritePaths to the nsd.service file, but the error remains:
[Unit] Description=Name Server Daemon Documentation=man:nsd(8) After=network.target [Service] Type=notify Restart=always ExecStart=/usr/sbin/nsd -d ExecReload=+/bin/kill -HUP $MAINPID CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateDevices=true PrivateTmp=true ProtectHome=true ProtectControlGroups=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd RuntimeDirectory=nsd RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources [Install] WantedBy=multi-user.target
I read in Paul Wouters reply to add nsd User/Group to the service file, but then nsd no longer starts, as the nsd user has no permission to bind to port 53:
error: can't bind udp socket: Permission denied
I wanted to migrate from bind to nsd, but it seems the debian package could use some love. :-)
Does anyone have a suggestion how to proceed..? (a working systemd file perhaps?)
Thanks, MJ _______________________________________________ nsd-users mailing list [email protected] https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
