KRESD.SYSTEMD(7) - Linux man page online | Overview, conventions, and miscellany

Managing Knot DNS Resolver through systemd.

kresd.systemd(7) Knot DNS Resolver Systemd Units kresd.systemd(7)


kresd.systemd - managing Knot DNS Resolver through systemd.


kresd@.service kresd.socket kresd-tls.socket kresd-control@.socket system-kresd.slice


This manual page describes how to manage kresd using systemd units. Depending on your dis‐ tribution, this can be either be done with socket-based activation or without it. The fol‐ lowing assumes socket-based activation. For differences see NOTES below. kresd daemon can be executed in multiple independent processes, which can be managed with systemd via systemd templates (see systemd.unit(5)). Each systemd service instance of kresd (kresd@.service) represents a single, independent kresd process. The systemd-managed kresd service set is grouped in the system-kresd.slice slice. The slice includes one or more running daemons (instances of kresd@.service), public listening sockets (the same listening sockets are shared by all daemons) and a dedicated control socket for each running daemon. Each instance of kresd@.service has three systemd sockets (see systemd.socket(5)) associ‐ ated with it: kresd.socket - UDP/TCP network socket (default: localhost:53), shared with other insta ↲ nces kresd-tls.socket - network socket for DNS-over-TLS (default: localhost:853), shared wi ↲ th other instances kresd-control@.socket - UNIX socket with control terminal, dedicated Configuring network interfaces When using socket-based activation, the daemon requires neither root privileges nor any special capabilities, because the sockets are created by systemd and passed to kresd. This means kresd can't bind to ports below 1024 when configured in /etc/knot- resolver/kresd.conf. To configure kresd to listen on public interfaces, drop-in files (see systemd.unit(5)) should be used. These can be created with: systemctl edit kresd.socket systemctl edit kresd-tls.socket For example, to configure kresd to listen on on ports 53 and 853, the drop-in files would look like: # /etc/systemd/system/kresd.socket.d/override.conf [Socket] ListenDatagram= ListenStream= # /etc/systemd/system/kresd-tls.socket.d/override.conf [Socket] ListenStream= Concurrent daemons If you have more than one CPU core available, a single running kresd daemon will only be able to make use of one core at a time, leaving the other cores idle. If you want kresd to take advantage of all available cores, while sharing both cache and public listening ports, you should enable and start as many instances of the kresd@.service as you have cores. Typically, each instance is just named @N.service, where N is a decimal num‐ ber. To enable 3 concurrent daemons: systemctl enable --now @1.service @2.service @3.service Using system-kresd.slice The easiest way to view the status of systemd-supervised kresd instances is to use the system-kresd.slice: systemctl status system-kresd.slice You can also use the slice to restart all sockets as well as daemons: systemctl restart system-kresd.slice Or you can use it to stop kresd altogether (e.g. during package removal): systemctl stop system-kresd.slice Note that systemctl start system-kresd.slice does not automatically start the sockets or the daemons, though. To ensure that all enabled daemons are started and running, do: systemctl start 'kresd@*.service'


* When an instance of kresd@.service is started, stopped or restarted, its associated con‐ trol socket is also automatically started, stopped or restarted, but the public listen‐ ing sockets remain open. As long as either of the public sockets are listening, at least @1.service will be automatically activated when a request arrives. * If your distribution doesn't use socket-based activation, you can configure the network interfaces for kresd in /etc/knot-resolver/kresd.conf. The service can be started or enabled in the same way as in the examples below, but it doesn't have any sockets asso‐ ciated with it.


Single instance To start the service: systemctl start @1.service To start the service at boot: systemctl enable @1.service To delay the service startup until some traffic arrives, start (or enable) just the sockets: systemctl start kresd.socket systemctl start kresd-tls.socket To disable the TLS socket, you can mask it: systemctl mask kresd-tls.socket Multiple instances Multiple instances can be handled with the use of Brace Expansion (see bash(1)). To enable multiple concurrent daemons, for example 16: systemctl enable kresd@{1..16}.service To start all enabled daemons: systemctl start 'kresd@*.service'


kresd(8), systemd.unit(5), systemd.socket(5),


kresd developers are mentioned in the AUTHORS file in the distribution.
CZ.NIC 2018-01-30 kresd.systemd(7)
This manual Reference Other manuals
kresd.systemd(7) referred by kresd(8)
refer to bash(1) | kresd(8) | systemd.socket(5) | systemd.unit(5)
Download raw manual
Index Knot DNS Resolver Systemd Units (+1) CZ.NIC (+2) № 7 (+1560)
Go top