Hello Chris,
On 11/11/23 01:20, Chris Hofstaedtler wrote:
* Uwe Kleine-König <uklei...@debian.org> [231107 22:06]:
on installation of pdns-server the pdns.service is automatically
started. However in my case port 53 is already bound and so it fails to
start. (That might also happen if port 53 isn't blocked because the
default config isn't suitable to successfully run pdns? I didn't check.)
[..]
to the journal. If you don't notice this immediately and stop the
service this effectively spams your journal in a very short time.
IMHO the above mentioned settings are not suitable as a default for a
distribution's package even if the default configuration worked. It
should be an administrator's choice to configure such a behaviour.
I respectfully disagree. If users have pdns-server installed and
running, they want it restarted ASAP. This is the correct behaviour.
That's a subjective assumption. At least I don't want that pdns (or any
other service) is restarted once per second without rate limit and
spamming my machine's journal.
I personally prefer a problematic service to die (which I notice by
proper monitoring).
I assume the systemd developers on my side as the default for Restart is
"no", and the default for StartLimitInterval is 10s.
In my experience high-frequency automatic restart has very little
benefits. If there is a problem that makes a certain service fail to
start, you have only problems with such a rogue service (journal
spamming; maybe high load; if the problem is too little system memory,
you might make it hard for an admin to login; ...) If the problem is
that a remote user can trigger a crash, it might be annoying to not have
the service running, but maybe the next remote user can trigger a RCE if
you automatically give unlimited tries for such remote users? So not
restarting might be safer. And if it's only an occasional problem, at
least some rate limiting doesn't hurt.
Having said that, I still think that the restart behaviour should be the
administrator's choice with the package defaulting to no special
configuration.
Looking at pdns's fellow contenders and how they configure automatic
restart:
- knot:
Restart=on-abort
no burst settings
- bind9:
Restart=on-failure
no burst settings
- unbound:
Restart=on-failure
no burst settings
So while these consider themself important enough, too, to Restart on
problems, at least they don't disable systemd's ratelimiting.
Now, I believe Debian's default of "start various daemons on
install" is just wrong nowadays.
For a long time there was nothing we could do in pdns-server (and
pdns-recursor) to change this without breaking existing installs,
but I'll think about passing --no-enable to dh_installsystemd.
I think this should be safe for upgrades, and new installs then need
to systemctl enable pdns-server.service explicitly.
This at least makes the situation better directly after package
installation, so that's very welcome. (But IMHO that's only third best
compared to dropping Restart=on-failure and at least not modifying
StartLimitInterval. I'm sure you still disagree.)
Best regards
Uwe
