Maintained by: NLnet Labs

unbound doesn't remove pidfile

W.C.A. Wijngaards
Wed Mar 7 07:36:13 CET 2018


Hi Shawn,

Unbound tries to remove the pidfile on exit.  It also tries to chown it,
if the username is set in unbound.conf.

Also if the pidfile is not located inside the chroot, then unbound
cannot remove the pidfile itself.

Best regards, Wouter

On 07/03/18 03:03, Shawn Zhou via Unbound-users wrote:
> Hi,
> 
> I am running unbound 1.5.8 on ubuntu xenial. unbound doesn't run remove
> the pid file after it's stopped. I was expecting the pid file should be
> owned by unbound user as otherwise unbound probably wouldn't be able to
> remove it; however, I didn't see any permission errors from unbound
> logs. I even tried to changed the permission of the pid file after it's
> created before stopping unbound that didn't help.
> 
> root at DFW01-CPS02:~# service unbound start
>  * Starting DNS server unbound
> [1520387664] unbound[60481:0] debug: increased limit(open files) from
> 1024 to 4140
> [1520387664] unbound[60481:0] debug: creating udp4 socket 127.0.0.1 53
> [1520387664] unbound[60481:0] debug: creating tcp4 socket 127.0.0.1 53
> [1520387664] unbound[60481:0] debug: creating tcp6 socket ::1 8953
> [1520387664] unbound[60481:0] debug: creating tcp4 socket 127.0.0.1 8953
> [1520387664] unbound[60481:0] debug: switching log to syslog
>    ...done.
> root at DFW01-CPS02:~# ls -l /run/unbound.pid
> -rw-r--r-- 1 root root 6 Mar  7 01:54 /run/unbound.pid
> root at DFW01-CPS02:~# cat /run/unbound.pid
> 60482
> root at DFW01-CPS02:~# ps -ef |grep unbound
> root      60455  58318  0 01:54 pts/4    00:00:00 grep --color=auto -i
> unbound
> unbound   60482      1  0 01:54 ?        00:00:00 /usr/sbin/unbound
> root      60599  57970  0 01:55 pts/3    00:00:00 grep --color=auto unbound
> root at DFW01-CPS02:~#
> root at DFW01-CPS02:~# service unbound stop
>  * Stopping DNS server unbound
>    ...done.
> root at DFW01-CPS02:~# cat /run/unbound.pid
> 60482
> root at DFW01-CPS02:~# ps -ef |grep unbound
> root      60455  58318  0 01:54 pts/4    00:00:00 grep --color=auto -i
> unbound
> root      60627  57970  0 01:55 pts/3    00:00:00 grep --color=auto unbound
> root at DFW01-CPS02:~#
> root at DFW01-CPS02:~# dpkg -l unbound
> Desired=Unknown/Install/Remove/Purge/Hold
> |
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name                        Version            Architecture      
> Description
> +++-===========================-==================-==================-============================================================
> ii  unbound                     1.5.8-1ubuntu1     amd64             
> validating, recursive, caching DNS resolver
> 
> 
> 
> Here are the log messages from unbound:
> root at DFW01-CPS02:~# tail -n 0 -f /var/log/messages | grep -i unbound
> Mar  7 01:54:24 DFW01-CPS02 unbound-anchor: /var/lib/unbound/root.key
> has content
> Mar  7 01:54:24 DFW01-CPS02 unbound-anchor: success: the anchor is ok
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60481:0] debug: setup SSL certificates
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: chdir to
> /var/lib/unbound
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: chroot to
> /var/lib/unbound
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: chdir to /etc/unbound
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: drop user
> privileges, run as unbound
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: module config:
> "validator iterator"
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] notice: init module 0:
> validator
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: reading autotrust
> anchor file /root.key
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: trust point . : 1
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: assembled 0 DS and
> 2 DNSKEYs
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: DNSKEY::
> .#011172800#011IN#011DNSKEY#011257 3 8
> AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
> ;{id = 19036 (ksk), size = 2048b}
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: DNSKEY::
> .#011172800#011IN#011DNSKEY#011257 3 8
> AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
> ;{id = 20326 (ksk), size = 2048b}
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: file /root.key
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: last_queried:
> 1520387664 Wed Mar  7 01:54:24 2018
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: last_success:
> 1520387664 Wed Mar  7 01:54:24 2018
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: next_probe_time:
> 1520427614 Wed Mar  7 13:00:14 2018
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: query_interval: 43200
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: retry_time: 8640
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: query_failed: 0
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: [  VALID  ]
> .#011172800#011IN#011DNSKEY#011257 3 8
> AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
> ;{id = 19036 (ksk), size = 2048b} ;;state:2 ;;pending_count:0 last:Mon
> Jun 30 08:53:51 2014
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: [  VALID  ]
> .#011172800#011IN#011DNSKEY#011257 3 8
> AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
> ;{id = 20326 (ksk), size = 2048b} ;;state:2 ;;pending_count:0 last:Tue
> Mar  6 18:45:49 2018
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: validator nsec3cfg
> keysz 1024 mxiter 150
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: validator nsec3cfg
> keysz 2048 mxiter 500
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: validator nsec3cfg
> keysz 4096 mxiter 2500
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] notice: init module 1:
> iterator
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: target fetch
> policy for level 0 is 3
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: target fetch
> policy for level 1 is 2
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: target fetch
> policy for level 2 is 1
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: target fetch
> policy for level 3 is 0
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: target fetch
> policy for level 4 is 0
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: total of 59509
> outgoing ports available
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: start threads
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: libevent
> 2.0.21-stable uses epoll method.
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: no config, using
> builtin root hints.
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: cache memory
> msg=66072 rrset=66072 infra=2632 val=66344
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] info: start of service
> (unbound 1.5.8).
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: autotrust probe
> timer callback
> Mar  7 01:54:24 DFW01-CPS02 unbound: [60482:0] debug: autotrust probe
> timer 0 callbacks done
> 
> 
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] info: service stopped
> (unbound 1.5.8).
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] debug: stop threads
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] debug: cleanup.
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] info: server stats for
> thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] info: server stats for
> thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] info: mesh has 0
> recursion states (0 with reply, 0 detached), 0 waiting replies, 0
> recursion replies sent, 0 replies dropped, 0 states jostled out
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] debug: cache memory
> msg=66072 rrset=66072 infra=2632 val=66344
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] debug: Exit cleanup.
> Mar  7 01:55:36 DFW01-CPS02 unbound: [60482:0] debug: switching log to
> stderr
> ^C
> root at DFW01-CPS02:~#


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20180307/b8df8e30/attachment.sig>