This unit is provided by:
Options
-
[Install]-
WantedBy=multi-user.target
-
-
[Service]-
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN -
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN -
ExecStart=/usr/bin/pdns_recursor --config-name=%i --daemon=no --write-pid=no --disable-syslog --log-timestamp=no -
ExecStart=/usr/sbin/pdns_recursor --config-name=%i --daemon=no --write-pid=no --disable-syslog --log-timestamp=no -
Group=pdns -
Group=pdns-recursor -
LimitNOFILE=16384 -
LockPersonalityIntroduced in systemd 235=yes -
NoNewPrivilegesIntroduced in systemd 239=yes -
PrivateDevicesIntroduced in systemd 209=yes -
PrivateTmp=yes -
ProtectClockIntroduced in systemd 245=yes -
ProtectControlGroupsIntroduced in systemd 232=yes -
ProtectHomeIntroduced in systemd 214=yes -
ProtectHostnameIntroduced in systemd 242=yes -
ProtectKernelLogsIntroduced in systemd 244=yes -
ProtectKernelModulesIntroduced in systemd 232=yes -
ProtectKernelTunablesIntroduced in systemd 232=yes -
ProtectSystemIntroduced in systemd 214=full -
Restart=on-failure -
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -
RestrictNamespacesIntroduced in systemd 233=yes -
RestrictRealtimeIntroduced in systemd 231=yes -
RestrictSUIDSGIDIntroduced in systemd 242=yes -
RuntimeDirectory=pdns-recursor-%i -
StartLimitInterval=0 -
SyslogIdentifier=pdns-recursor-%i -
SystemCallArchitectures=native -
SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete -
Type=notify -
User=pdns -
User=pdns-recursor
-
-
[Unit]-
After=network-online.target -
Before=nss-lookup.target -
Description=PowerDNS Recursor %i -
Documentation=man:pdns_recursor(1) man:rec_control(1) https://doc.powerdns.com -
Wants=network-online.target nss-lookup.target
-
Additionnal notes
Nothing here.