Bug 245114

Summary:

dns/unbound: use daemon(8) to recover from crashes

Product:

Ports & Packages

Reporter:

C <cm>

Component:

Individual Port(s)

Assignee:

freebsd-ports-bugs (Nobody) <ports-bugs>

Status:

Open ---

Severity:

Affects Only Me

CC:

freebsd, jaap, lwhsu, pi

Priority:

---

Flags:

bugzilla: maintainer-feedback? (jaap)

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
daemon doing unbound	none
daemon doing unbound better	none

Description C 2020-03-27 20:00:11 UTC

Hi,

other rc scripts for services use daemon(8) with "-r" to recover from daemon crashes automatically without requiring admin intervention.

Today our unbound resolver (v1.10) crashed but since unbound does not make use of daemon it stayed down until we started it manually - which is worse than it could be.

Please add daemon to unbound's rc script to recover from crashes automatically.

for an example on how to use daemon:
https://svnweb.freebsd.org/ports/head/dns/dnsdist/files/dnsdist.in?view=markup

Comment 1 Li-Wen Hsu freebsd_committer

2020-07-03 17:28:14 UTC

ping for maintainer feedback.

Comment 2 Jaap Akkerhuis 2020-07-06 13:41:35 UTC

(In reply to Li-Wen Hsu from comment #1)
Ah, forgot abut this feature request.

It would actually be more beneficial to find out why unbound-s crashing. I'm not sure whether it is a good idea to blindly restart a crashing process. Let me thonk about this.

Comment 3 C 2020-11-16 11:05:21 UTC

I agree that it is important to find and solve the root cause of the crash but in the moment of the crash the most important thing is to get the service back up again. Using log monitoring we are not "blind" and notice nonetheless that the crash happened and can have a manual look at the crash logs.

Comment 4 C 2021-02-20 13:06:25 UTC

Hi Jaap,

due to recent unbound crashes I was wondering whether you have any update on this?

thanks!

Comment 5 Jaap Akkerhuis 2021-02-20 14:55:10 UTC

(In reply to C from comment #4)

Nope, I haven't any update nor I had time time to implement this.

However, if you make make an option to the existing version of the rc
script to use daemon(8), I'm happy to add it to the port.

Comment 6 Leo Vandewoestijne 2023-04-19 14:35:12 UTC

Created attachment 241587 [details]
daemon doing unbound

Attached is what I tried.
I also use similar at dns/knot-resolver

However here at unbound the pidfile cannot be found.
Regardless wether I use -p or -P

But maybe it's enough clue for someone else to fix it correctly.
(in other words: this attached patch is incorrect).

Comment 7 Jaap Akkerhuis 2023-08-02 12:28:13 UTC

(In reply to Leo Vandewoestijne from comment #6
Apologies for the late reaction, but I wonder whether the implicit chroot prevents your patch from working.

Comment 8 Leo Vandewoestijne 2023-08-28 10:06:08 UTC

Created attachment 244416 [details]
daemon doing unbound better

Removing the '-u ${name}' solved it: it now let daemon run as root, and then unbound as unbound.

When -u was present it does not allow to bind to an IP/port.

It's now running for me.

Comment 9 Jaap Akkerhuis 2023-08-29 12:48:25 UTC

Looks good, thanks.

I expect a new release for unbound very soon and plan to include this modification