Robert Edmonds <edmo...@mycre.ws> wrote: > > I would guess that retaining CAP_NET_BIND_SERVICE and CAP_SYS_RESOURCE > during the process runtime permits open-ended reloading of the config at > runtime (e.g., binding to a new IP address on port 53 without needing to > restart the daemon).
BIND since 9.10 listens on the routing socket so it can spot network interfaces coming and going automatically, without needing an explicit `rndc reconfig` or `rndc scan`. This works very nicely with `keepalived` - I use it for failover in my production resolver cluster. (I avoid systemd: journald makes it so difficult to get logs out that I get angry every time I encounter it, and systemd has a habit of believing that a service is working when it isn't. I've had enough pain in test environments that I don't want to use it in production.) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Portland: West 7 to severe gale 9. Rough or very rough, becoming high in southwest. Squally showers. Good, occasionally moderate. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
