mirror of
https://github.com/TechnitiumSoftware/DnsServer.git
synced 2026-03-18 10:30:38 +00:00
49 lines
1.1 KiB
Desktop File
49 lines
1.1 KiB
Desktop File
[Unit]
|
|
Description=Technitium DNS Server
|
|
After=network.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=dns-server
|
|
Group=dns-server
|
|
|
|
WorkingDirectory=/opt/technitium/dns
|
|
ReadWritePaths=/etc/dns /var/log/technitium/dns
|
|
|
|
# If certificate (pfx) file is outside of /etc/dns directory, make sure
|
|
# that the file has permissions set for 'dns-server' user. Also ensure
|
|
# that the path is configured below to be accessible in read-only mode.
|
|
# ReadOnlyPaths=/opt/dns-cert.pfx
|
|
|
|
ExecStart=/usr/bin/dotnet /opt/technitium/dns/DnsServerApp.dll /etc/dns
|
|
|
|
# Restart service after 10 seconds if the dns service crashes:
|
|
Restart=always
|
|
RestartSec=10
|
|
SyslogIdentifier=dns-server
|
|
|
|
LockPersonality=true
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
RemoveIPC=true
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
|
|
UMask=0077
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|