[dnsdist] LogAction() is ignored?

Remi Gacogne remi.gacogne at powerdns.com
Tue Sep 24 13:36:24 UTC 2019


On 9/24/19 3:20 PM, Stephane Bortzmeyer wrote:
> On Mon, Sep 23, 2019 at 11:20:29AM +0200,
>  Remi Gacogne <remi.gacogne at powerdns.com> wrote 
>  a message of 98 lines which said:
> 
>> If you are using our systemd unit file, note that we do set
>> PrivateTmp=true for security reasons, meaning that you'll need to look
>> for the actual log file in
>> /tmp/systemd-private-*-dnsdist.service-*/dnsdist.log instead of
>> /tmp/dnsdist.log.
> 
> OK, systemd killed me again. I forgot that (and indeed, the log is
> there). Thanks and sorry for the false alarm.

Thanks for confirming!

> I'm puzzled by the fact that /tmp/dnsdist.log is still created?

I initially suspected that the ExecStartPre command could be run with
some of the sandboxing options disabled, but the documentation states
otherwise and I observed the expected behavior.
In fact the file is not created by starting dnsdist with systemd. It is
created, however, if I run dnsdist in client mode (dnsdist -c) because
we do still parse the rules and actions in that mode, outside of
systemd's sandboxing. I think we will need to do a serious review of all
the rules and actions and their potential side effects.
Perhaps that might be the explanation of what you are seeing?

Thanks again for bringing this to our attention anyway!


Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190924/f07939c8/attachment.sig>


More information about the dnsdist mailing list