1kresd.systemd(7)       Knot Resolver 4.3.0 Systemd Units      kresd.systemd(7)
2
3
4

NAME

6       kresd.systemd - managing Knot Resolver 4.3.0 through systemd.
7
8

SYNOPSIS

10       kresd@.service
11       kresd.socket
12       kresd-tls.socket
13       kresd-control@.socket
14       kresd-doh.socket
15       kresd-webmgmt.socket
16       kresd.target
17       system-kresd.slice
18
19

DESCRIPTION

21       This manual page describes how to manage kresd using systemd units.
22
23       QUICKSTART
24
25           systemctl start kresd@1 - single instance of kresd, responding on localhost
26
27       SOCKET ACTIVATION
28
29       kresd  integration  with  systemd takes advantage of socket activation,
30       which enables the daemon to run without super user priviledges  or  any
31       additional  capabilities.  The network interface sockets are created by
32       systemd and then passed to the daemon.
33
34       Network configuration has to take place in systemd.socket(5), which can
35       be  done using drop-in files.  Each instance of kresd@.service may have
36       these systemd sockets associated with it:
37
38              kresd.socket - UDP/TCP network socket (default: localhost:53)
39              kresd-tls.socket - network socket for DNS-over-TLS (default: localhost:853)
40              kresd-control@.socket - UNIX socket with control terminal
41              kresd-doh.socket - DNS-over-HTTPS (with http module: localhost:44353)
42              kresd-webmgmt.socket - web management and APIs (with http module: localhost:8453)
43
44       CONFIGURING NETWORK INTERFACES
45
46       By default, kresd is configured  to  listen  on  localhost  (see  ports
47       above).   You  MUST  NOT repeat these defaults in the following drop-in
48       overrides, otherwise the socket will fail to  start  with  "Address  in
49       use"  error.  To  view  the  entire socket configuration, including any
50       drop-ins, use systemctl cat.
51
52       To configure kresd to listen on public interfaces, drop-in  files  (see
53       systemd.unit(5)) should be used. These can be created with:
54
55           systemctl edit kresd.socket
56           systemctl edit kresd-tls.socket
57           systemctl edit kresd-doh.socket
58
59       If you change network interfaces of systemd sockets for already running
60       kresd instance, make sure to call systemctl restart  system-kresd.slice
61       for these changes to take effect.
62
63       For  example,  to  configure kresd to listen on 192.0.2.115 on ports 53
64       and 853, the drop-in files would look like:
65
66           # /etc/systemd/system/kresd.socket.d/override.conf
67           [Socket]
68           ListenDatagram=192.0.2.115:53
69           ListenStream=192.0.2.115:53
70
71           # /etc/systemd/system/kresd-tls.socket.d/override.conf
72           [Socket]
73           ListenStream=192.0.2.115:853
74
75       To configure kresd to listen on all IPv4 and IPv6 interfaces, use empty
76       ListenDatagram=  and  ListenStream=  directives  to  remove the default
77       localhost address and then specify port to bind to. If you've  disabled
78       IPv6 support in kernel, use the 0.0.0.0:port syntax instead.
79
80           # /etc/systemd/system/kresd.socket.d/override.conf
81           [Socket]
82           ListenDatagram=
83           ListenStream=
84           ListenDatagram=53
85           ListenStream=53
86
87           # /etc/systemd/system/kresd-tls.socket.d/override.conf
88           [Socket]
89           ListenStream=
90           ListenStream=853
91
92       Please note that using IPv6 to bind to IPv4 interfaces is currently not
93       compatible with IPv4 syntax in view:addr() when using the view  module.
94       For  possible  workarounds,  see  https://gitlab.labs.nic.cz/knot/knot-
95       resolver/issues/445
96
97       To configure socket for  DNS-over-HTTPS,  make  sure  you  have  kresd-
98       doh.socket installed (it might be part of a separate knot-resolver-mod‐
99       ule-http package).  Then, you can configure its network  interfaces  as
100       above.  Also,  don't  forget to load http module in configuration file,
101       otherwise the socket won't have any function.
102
103       For example, to remove the default localhost:44353 and  listen  on  all
104       interfaces  on  port  443, create the following drop-in file for kresd-
105       doh.socket:
106
107           # /etc/systemd/system/kresd-doh.socket.d/override.conf
108           [Socket]
109           ListenStream=
110           ListenStream=443
111
112       Make sure no other service is using port 443, as that  will  result  in
113       unpredictable  behaviour.  Alternately,  you can use port 44353 where a
114       collision is unlikely.
115
116       For more detailed socket configuration, see systemd.socket(5).
117
118       CONCURRENT DAEMONS
119
120       kresd daemon can be executed in multiple independent  processes,  which
121       are  managed  with systemd via systemd templates (see systemd.unit(5)).
122       Each systemd service instance of kresd  (kresd@.service)  represents  a
123       single, independent kresd process.
124
125       The  systemd-managed  kresd  service  set  is  grouped  in  the system-
126       kresd.slice slice.  The slice includes  one  or  more  running  daemons
127       (instances  of kresd@.service), network sockets kresd.socket and kresd-
128       tls.socket (shared by all instances) and a dedicated control kresd-con‐
129       trol@.socket for each running daemon.
130
131       If  you  have  more than one CPU core available, a single running kresd
132       daemon will only be able to make use of one core at a time, leaving the
133       other cores idle.  If you want kresd to take advantage of all available
134       cores, while sharing both cache and public listening ports, you  should
135       enable  and  start  as many instances of the kresd@.service as you have
136       cores.  Typically, each instance is just named kresd@N.service, where N
137       is a decimal number.  To enable 3 concurrent daemons:
138
139           systemctl enable --now kresd@1.service kresd@2.service kresd@3.service
140
141

NOTES

143       * When  an instance of kresd@.service is started, stopped or restarted,
144         its associated control socket is also automatically started,  stopped
145         or  restarted, but the public listening sockets remain open.  As long
146         as either of the public sockets are listening, at least  kresd@1.ser‐
147         vice will be automatically activated when a request arrives.
148
149

EXAMPLES

151       To start the service:
152           systemctl start kresd@1.service
153
154       To start the service at boot:
155           systemctl enable kresd@1.service
156
157       To  delay  the  service  startup  until some traffic arrives, start (or
158       enable) just the sockets:
159           systemctl start kresd.socket
160           systemctl start kresd-tls.socket
161
162       To disable optional sockets, you can mask them. For example, to disable
163       DNS-over-TLS socket:
164
165           systemctl mask kresd-tls.socket
166
167       Using system-kresd.slice and kresd.target
168
169       The  easiest  way  to view the status of multiple kresd instances is to
170       use the system-kresd.slice:
171
172           systemctl status system-kresd.slice
173
174       You can also use the slice to restart all sockets as well as daemons:
175
176           systemctl restart system-kresd.slice
177
178       Alternatively, to restart just kresd daemons, you can use Brace  Expan‐
179       sion:
180
181           systemctl enable kresd@{1..4}.service
182
183       Or  you  can  use  it  to  stop  kresd  altogether (e.g. during package
184       removal):
185
186           systemctl stop system-kresd.slice
187
188       To start all enabled kresd daemons, use the provided kresd.target:
189
190           systemctl start kresd.target
191
192
193

SEE ALSO

195       kresd(8),     systemd.unit(5),     systemd.socket(5),     https://knot-
196       resolver.readthedocs.io/en/v4.3.0/
197
198

AUTHORS

200       kresd developers are mentioned in the AUTHORS file in the distribution.
201
202
203
204CZ.NIC                            2019-12-04                  kresd.systemd(7)
Impressum