Am 16.01.2018 um 11:46 schrieb Tony Finch:
Robert Edmonds <edmo...@mycre.ws> wrote:
I would guess that retaining CAP_NET_BIND_SERVICE and CAP_SYS_RESOURCE
during the process runtime permits open-ended reloading of the config at
runtime (e.g., binding to a new IP address on port 53 without needing to
restart the daemon).
BIND since 9.10 listens on the routing socket so it can spot network
interfaces coming and going automatically, without needing an explicit
`rndc reconfig` or `rndc scan`. This works very nicely with `keepalived` -
I use it for failover in my production resolver cluster.
(I avoid systemd: journald makes it so difficult to get logs out that I
get angry every time I encounter it, and systemd has a habit of believing
that a service is working when it isn't. I've had enough pain in test
environments that I don't want to use it in production.)
well, complete infrastructure running from 2011 until now with systemd
especially the journald problem is nonsense - just configure rsyslog as
all the years before but with less hidden messages because you have
eraly boot from second one and stdout/stderr of services also relieable
collected
[root@srv-rhsoft:~]$ cat /etc/systemd/journald.conf
[Journal]
Storage=volatile
[root@srv-rhsoft:~]$ cat rsyslog.conf
#### MODULES ####
$ModLoad imjournal
$MainMsgQueueSize 100000
$WorkDirectory /var/lib/rsyslog
$IMJournalStateFile imjournal.state
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
