Hi, other rc scripts for services use daemon(8) with "-r" to recover from daemon crashes automatically without requiring admin intervention. Today our unbound resolver (v1.10) crashed but since unbound does not make use of daemon it stayed down until we started it manually - which is worse than it could be. Please add daemon to unbound's rc script to recover from crashes automatically. for an example on how to use daemon: https://svnweb.freebsd.org/ports/head/dns/dnsdist/files/dnsdist.in?view=markup
ping for maintainer feedback.
(In reply to Li-Wen Hsu from comment #1) Ah, forgot abut this feature request. It would actually be more beneficial to find out why unbound-s crashing. I'm not sure whether it is a good idea to blindly restart a crashing process. Let me thonk about this.
I agree that it is important to find and solve the root cause of the crash but in the moment of the crash the most important thing is to get the service back up again. Using log monitoring we are not "blind" and notice nonetheless that the crash happened and can have a manual look at the crash logs.
Hi Jaap, due to recent unbound crashes I was wondering whether you have any update on this? thanks!
(In reply to C from comment #4) Nope, I haven't any update nor I had time time to implement this. However, if you make make an option to the existing version of the rc script to use daemon(8), I'm happy to add it to the port.
Created attachment 241587 [details] daemon doing unbound Attached is what I tried. I also use similar at dns/knot-resolver However here at unbound the pidfile cannot be found. Regardless wether I use -p or -P But maybe it's enough clue for someone else to fix it correctly. (in other words: this attached patch is incorrect).
(In reply to Leo Vandewoestijne from comment #6 Apologies for the late reaction, but I wonder whether the implicit chroot prevents your patch from working.
Created attachment 244416 [details] daemon doing unbound better Removing the '-u ${name}' solved it: it now let daemon run as root, and then unbound as unbound. When -u was present it does not allow to bind to an IP/port. It's now running for me.
Looks good, thanks. I expect a new release for unbound very soon and plan to include this modification