You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

41 lines
1.0 KiB

  1. [Unit]
  2. Description=PowerDNS Recursor
  3. Documentation=man:pdns_recursor(1) man:rec_control(1)
  4. Documentation=https://doc.powerdns.com
  5. Wants=network-online.target nss-lookup.target
  6. Before=nss-lookup.target
  7. After=network-online.target
  8. [Service]
  9. ExecStart=@sbindir@/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no
  10. User=@service_user@
  11. Group=@service_group@
  12. Type=notify
  13. Restart=on-failure
  14. StartLimitInterval=0
  15. RuntimeDirectory=pdns-recursor
  16. # Tuning
  17. LimitNOFILE=16384
  18. # Sandboxing
  19. CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
  20. AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
  21. LockPersonality=true
  22. NoNewPrivileges=true
  23. PrivateDevices=true
  24. PrivateTmp=true
  25. ProtectControlGroups=true
  26. ProtectHome=true
  27. ProtectKernelModules=true
  28. ProtectKernelTunables=true
  29. ProtectSystem=full
  30. RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  31. RestrictNamespaces=true
  32. RestrictRealtime=true
  33. SystemCallArchitectures=native
  34. SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete
  35. [Install]
  36. WantedBy=multi-user.target