Overview

File dnsdist.service of Package dnsdist-hardened

[Unit]
Description=A highly DNS-, DoS- and abuse-aware loadbalancer
Documentation=man:dnsdist(1)
Documentation=https://dnsdist.org
AssertFileNotEmpty=/etc/credstore/dnsdist/config.yml
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
User=dnsdist
Group=dnsdist
DynamicUser=true
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
PrivateDevices=true
ProtectClock=true
ProtectKernelLogs=true
ProtectControlGroups=true
ProtectKernelModules=true
SystemCallArchitectures=native
RestrictNamespaces=true
ProtectHostname=true
LockPersonality=true
ProtectKernelTunables=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictRealtime=true
ProtectHome=true
ProtectProc=invisible
ProcSubset=pid
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
SystemCallFilter=bpf capset
UMask=0066
LimitNOFILE=16384
ConfigurationDirectory=dnsdist
StateDirectory=dnsdist
LoadCredential=config.yml:/etc/credstore/dnsdist/config.yml
ExecStartPre=/usr/bin/dnsdist --config ${CREDENTIALS_DIRECTORY}/config.yml --check-config
ExecStart=/usr/bin/dnsdist --config ${CREDENTIALS_DIRECTORY}/config.yml --supervised --disable-syslog
ExecReload=!/usr/bin/dnsdist --config /etc/credstore/dnsdist/config.yml --client --execute 'reloadAllCertificates()'
Restart=on-failure

[Install]
WantedBy=multi-user.target
openSUSE Build Service is sponsored by
Places