nsd.service

This unit is provided by:

• https://archlinux.org/packages/community/x86_64/nsd/

• https://packages.debian.org/unstable/nsd

• https://packages.fedoraproject.org/pkgs/nsd/

• https://software.opensuse.org/package/nsd

Options

• [Install]
  • WantedBy=multi-user.target
• [Service]
  • AmbientCapabilities=CAP_NET_BIND_SERVICE
  • AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
  • CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
  • CapabilityBoundingSet=CAP_NET_BIND_SERVICE
  • CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
  • DevicePolicy=closed
  • ExecReload=+/bin/kill -HUP $MAINPID
  • ExecReload=/bin/kill -HUP $MAINPID
  • ExecStart=/usr/bin/nsd -d -c /etc/nsd/nsd.conf
  • ExecStart=/usr/sbin/nsd -d -P ""
  • ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf
  • ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf $NSD_EXTRA_OPTS
  • ExecStop=+/bin/kill -TERM $MAINPID
  • ExecStopPost=/bin/rm -f /var/lib/nsd/xfrd.state
  • Group=_nsd
  • Group=nsd
  • KeyringMode=private
  • KillMode=mixed
  • LockPersonality
    Introduced in systemd 235
    =yes
  • MemoryDenyWriteExecute
    Introduced in systemd 231
    =yes
  • MountFlags=private
  • NoNewPrivileges
    Introduced in systemd 239
    =yes
  • PIDFile=/run/nsd/nsd.pid
  • PrivateDevices
    Introduced in systemd 209
    =yes
  • PrivateTmp=yes
  • ProtectClock
    Introduced in systemd 245
    =yes
  • ProtectControlGroups
    Introduced in systemd 232
    =yes
  • ProtectHome
    Introduced in systemd 214
    =yes
  • ProtectHostname
    Introduced in systemd 242
    =yes
  • ProtectKernelLogs
    Introduced in systemd 244
    =yes
  • ProtectKernelModules
    Introduced in systemd 232
    =yes
  • ProtectKernelTunables
    Introduced in systemd 232
    =yes
  • ProtectSystem
    Introduced in systemd 214
    =full
  • ProtectSystem
    Introduced in systemd 214
    =strict
  • ReadWritePaths=/var/db/nsd
  • ReadWritePaths=/var/lib/nsd /etc/nsd /run
  • Restart=always
  • RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
  • RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
  • RestrictNamespaces
    Introduced in systemd 233
    =yes
  • RestrictRealtime
    Introduced in systemd 231
    =yes
  • RestrictSUIDSGID
    Introduced in systemd 242
    =yes
  • RuntimeDirectory=nsd
  • SecureBits=noroot-locked
  • SystemCallArchitectures=native
  • SystemCallErrorNumber=EPERM
  • SystemCallFilter=@system-service
  • SystemCallFilter=~ @clock @cpu-emulation @debug @keyring @module @mount @raw-io @reboot @swap @obsolete @resources @pkey
  • SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @resources
  • Type=notify
  • Type=simple
  • User=_nsd
  • User=nsd
• [Unit]
  • After=network.target
  • After=syslog.target network-online.target
  • After=syslog.target network.target
  • Description=NSD DNS Server
  • Description=Name Server Daemon
  • Documentation=man:nsd(8)

Additionnal notes

Nothing here.