unbound.service

This unit is provided by:

• https://archlinux.org/packages/community/x86_64/unbound/

• https://packages.debian.org/unstable/unbound

• https://packages.fedoraproject.org/pkgs/unbound/

• https://software.opensuse.org/package/unbound

Options

• [Install]
  • WantedBy=multi-user.target
• [Service]
  • BindPaths=-/dev/log:/etc/unbound/dev/log
  • BindReadOnlyPaths=-/run/systemd/notify:/etc/unbound/run/systemd/notify -/dev/urandom:/etc/unbound/dev/urandom
  • CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW
  • ConfigurationDirectory=unbound
  • EnvironmentFile=-/etc/default/unbound
  • EnvironmentFile=-/etc/sysconfig/unbound
  • ExecReload=+/bin/kill -HUP $MAINPID
  • ExecReload=/usr/sbin/unbound-control reload
  • ExecStart=/usr/bin/unbound -d -p
  • ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
  • ExecStart=/usr/sbin/unbound -d -p $DAEMON_OPTS
  • ExecStartPre=-/usr/libexec/unbound-helper chroot_setup -/usr/libexec/unbound-helper root_trust_anchor_update
  • ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem /usr/sbin/unbound-checkconf
  • ExecStartPre=/usr/sbin/unbound-checkconf
  • ExecStopPost=-/usr/libexec/unbound-helper chroot_teardown
  • LockPersonality
    Introduced in systemd 235
    =yes
  • MemoryDenyWriteExecute
    Introduced in systemd 231
    =yes
  • NoNewPrivileges
    Introduced in systemd 239
    =yes
  • NotifyAccess=main
  • PrivateDevices
    Introduced in systemd 209
    =yes
  • PrivateTmp=yes
  • ProtectClock
    Introduced in systemd 245
    =yes
  • ProtectControlGroups
    Introduced in systemd 232
    =yes
  • ProtectHome
    Introduced in systemd 214
    =yes
  • ProtectKernelLogs
    Introduced in systemd 244
    =yes
  • ProtectKernelModules
    Introduced in systemd 232
    =yes
  • ProtectKernelTunables
    Introduced in systemd 232
    =no
  • ProtectProc
    Introduced in systemd 247
    =invisible
  • ProtectSystem
    Introduced in systemd 214
    =strict
  • ReadWritePaths=/etc/unbound /etc/unbound
  • Restart=on-failure
  • RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
  • RestrictNamespaces
    Introduced in systemd 233
    =yes
  • RestrictRealtime
    Introduced in systemd 231
    =yes
  • RestrictSUIDSGID
    Introduced in systemd 242
    =yes
  • RuntimeDirectory=unbound
  • StateDirectory=unbound
  • SystemCallArchitectures=native
  • SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources
  • TemporaryFileSystem=/etc/unbound/dev:ro /etc/unbound/run:ro
  • Type=notify
  • Type=simple
• [Unit]
  • After=network-online.target
  • After=network-online.target unbound-keygen.service unbound-anchor.service
  • After=network.target
  • After=syslog.target network.target unbound-keygen.service
  • Before=nss-lookup.target
  • Description=Unbound DNS server
  • Description=Unbound recursive Domain Name Server
  • Description=Validating, recursive, and caching DNS resolver
  • Documentation=man:unbound(8)
  • Wants=network-online.target nss-lookup.target
  • Wants=nss-lookup.target
  • Wants=unbound-keygen.service unbound-anchor.service nss-lookup.target
  • Wants=unbound-keygen.service unbound-anchor.timer nss-lookup.target

Additionnal notes

Nothing here.