1kresd.systemd(7) Knot Resolver Systemd Units kresd.systemd(7)
2
6 kresd.systemd - managing Knot Resolver through systemd.
7
10 kresd@.service
11 kresd.socket
12 kresd-tls.socket
13 kresd-control@.socket
14 kresd.target
15 system-kresd.slice
16
19 This manual page describes how to manage kresd using systemd units.
20 Depending on your distribution, this can be either be done with socket-
21 based activation or without it. The following assumes socket-based
22 activation. For differences see NOTES below.
23 kresd daemon can be executed in multiple independent processes, which
25 can be managed with systemd via systemd templates (see sys‐
26 temd.unit(5)). Each systemd service instance of kresd (kresd@.service)
27 represents a single, independent kresd process.
28 The systemd-managed kresd service set is grouped in the system-
30 kresd.slice slice. The slice includes one or more running daemons
31 (instances of kresd@.service), public listening sockets (the same lis‐
32 tening sockets are shared by all daemons) and a dedicated control
33 socket for each running daemon.
34 Each instance of kresd@.service has three systemd sockets (see sys‐
36 temd.socket(5)) associated with it:
37 kresd.socket - UDP/TCP network socket (default: localhost:53), shared with other instances
39 kresd-tls.socket - network socket for DNS-over-TLS (default: localhost:853), shared with other instances
40 kresd-control@.socket - UNIX socket with control terminal, dedicated
41 Configuring network interfaces
43 When using socket-based activation, the daemon requires neither root
45 privileges nor any special capabilities, because the sockets are cre‐
46 ated by systemd and passed to kresd. This means kresd can't bind to
47 ports below 1024 when configured in /etc/knot-resolver/kresd.conf.
48 To configure kresd to listen on public interfaces, drop-in files (see
50 systemd.unit(5)) should be used. These can be created with:
51 systemctl edit kresd.socket
53 systemctl edit kresd-tls.socket
54 For example, to configure kresd to listen on 192.0.2.115 on ports 53
56 and 853, the drop-in files would look like:
57 # /etc/systemd/system/kresd.socket.d/override.conf
59 [Socket]
60 ListenDatagram=192.0.2.115:53
61 ListenStream=192.0.2.115:53
62 # /etc/systemd/system/kresd-tls.socket.d/override.conf
64 [Socket]
65 ListenStream=192.0.2.115:853
66 For more detailed socket configuration, see systemd.socket(5).
68 Concurrent daemons
70 If you have more than one CPU core available, a single running kresd
72 daemon will only be able to make use of one core at a time, leaving the
73 other cores idle. If you want kresd to take advantage of all available
74 cores, while sharing both cache and public listening ports, you should
75 enable and start as many instances of the kresd@.service as you have
76 cores. Typically, each instance is just named kresd@N.service, where N
77 is a decimal number. To enable 3 concurrent daemons:
78 systemctl enable --now kresd@1.service kresd@2.service kresd@3.service
80 Using system-kresd.slice and kresd.target
82 The following commands may not work with older systemd (e.g. on CentOS
84 7). See notes for more info.
85 The easiest way to view the status of systemd-supervised kresd
87 instances is to use the system-kresd.slice:
88 systemctl status system-kresd.slice
90 You can also use the slice to restart all sockets as well as daemons:
92 systemctl restart system-kresd.slice
94 Or you can use it to stop kresd altogether (e.g. during package
96 removal):
97 systemctl stop system-kresd.slice
99 To start all enabled kresd daemons, use the provided kresd.target:
101 systemctl start kresd.target
103
106 * When an instance of kresd@.service is started, stopped or restarted,
107 its associated control socket is also automatically started, stopped
108 or restarted, but the public listening sockets remain open. As long
109 as either of the public sockets are listening, at least kresd@1.ser‐
110 vice will be automatically activated when a request arrives.
111 * If your distribution doesn't use socket-based activation, you can
114 configure the network interfaces for kresd in /etc/knot-
115 resolver/kresd.conf. The service can be started or enabled in the
116 same way as in the examples below, but it doesn't have any sockets
117 associated with it.
118 * Controlling the service with system-kresd.slice requires newer sys‐
121 temd. It may not work in some distributions, notably CentOS 7. To
122 control multiple kresd instances, use kresd@*.service or Brace Expan‐
123 sion mentioned below.
124
127 Single instance
128 To start the service:
130 systemctl start kresd@1.service
131 To start the service at boot:
133 systemctl enable kresd@1.service
134 To delay the service startup until some traffic arrives, start (or
136 enable) just the sockets:
137 systemctl start kresd.socket
138 systemctl start kresd-tls.socket
139 To disable the TLS socket, you can mask it:
141 systemctl mask kresd-tls.socket
143 Multiple instances
146 Multiple instances can be handled with the use of Brace Expansion
148 (see bash(1)).
149 To enable multiple concurrent daemons, for example 16:
151 systemctl enable kresd@{1..16}.service
152 To start all enabled daemons:
154 systemctl start kresd.target
155
159 kresd(8), systemd.unit(5), systemd.socket(5), https://knot-
160 resolver.readthedocs.io
161
164 kresd developers are mentioned in the AUTHORS file in the distribution.
165CZ.NIC 2018-06-04 kresd.systemd(7)