unbound doesn't remove pidfile

Unbound
1

Hi,

I am running unbound 1.5.8 on ubuntu xenial. unbound doesn’t run remove the pid file after it’s stopped. I was expecting the pid file should be owned by unbound user as otherwise unbound probably wouldn’t be able to remove it; however, I didn’t see any permission errors from unbound logs. I even tried to changed the permission of the pid file after it’s created before stopping unbound that didn’t help.

root@DFW01-CPS02:~# service unbound start

  • Starting DNS server unbound
    [1520387664] unbound[60481:0] debug: increased limit(open files) from 1024 to 4140
    [1520387664] unbound[60481:0] debug: creating udp4 socket 127.0.0.1 53
    [1520387664] unbound[60481:0] debug: creating tcp4 socket 127.0.0.1 53
    [1520387664] unbound[60481:0] debug: creating tcp6 socket ::1 8953
    [1520387664] unbound[60481:0] debug: creating tcp4 socket 127.0.0.1 8953
    [1520387664] unbound[60481:0] debug: switching log to syslog
    …done.
    root@DFW01-CPS02:~# ls -l /run/unbound.pid
    -rw-r–r-- 1 root root 6 Mar 7 01:54 /run/unbound.pid
    root@DFW01-CPS02:~# cat /run/unbound.pid
    60482
    root@DFW01-CPS02:~# ps -ef |grep unbound
    root 60455 58318 0 01:54 pts/4 00:00:00 grep --color=auto -i unbound
    unbound 60482 1 0 01:54 ? 00:00:00 /usr/sbin/unbound
    root 60599 57970 0 01:55 pts/3 00:00:00 grep --color=auto unbound
    root@DFW01-CPS02:~#
    root@DFW01-CPS02:~# service unbound stop
  • Stopping DNS server unbound
    …done.
    root@DFW01-CPS02:~# cat /run/unbound.pid
    60482
    root@DFW01-CPS02:~# ps -ef |grep unbound
    root 60455 58318 0 01:54 pts/4 00:00:00 grep --color=auto -i unbound
    root 60627 57970 0 01:55 pts/3 00:00:00 grep --color=auto unbound

root@DFW01-CPS02:~#
root@DFW01-CPS02:~# dpkg -l unbound
Desired=Unknown/Install/Remove/Purge/Hold

2

Hi Shawn,

Unbound tries to remove the pidfile on exit. It also tries to chown it,
if the username is set in unbound.conf.

Also if the pidfile is not located inside the chroot, then unbound
cannot remove the pidfile itself.

Best regards, Wouter

3

I believe the unbound packaging on Ubuntu xenial is old enough that it
still uses the sysv generator to create the service unit. You will
probably want to add this fix to your unbound init script, which I don't
think was ever backported to xenial (it was originally added in 1.5.9-1):

https://salsa.debian.org/dns-team/unbound/commit/1c139abaa0fe58f8d97b64c96da6c3332b1b9e49

4

From what I can see unbound init script is up-to-date. Do I need to add override for the pidfile in unbound config? Even if I do that and it works, I will still need to update the unbound init script as well so the easiest file to me to update the init script to explicitly remove the pid file after unbound is stopped. I wonder how other people running unbound in a chroot setup on ubuntu/debian is dealing with the issue.

root@DFW01-CPS02:/etc/unbound/unbound.conf.d# cat test.conf

server:

chroot: “/var/lib/unbound”

verbosity: 9

do-not-query-localhost: no

statistics-cumulative: yes

extended-statistics: yes

interface: 127.0.0.1

python:

remote-control:

control-enable: yes

root@DFW01-CPS02:/etc/unbound/unbound.conf.d#

root@DFW01-CPS02:/etc/unbound/unbound.conf.d# cat /etc/init.d/unbound

#!/bin/sh

BEGIN INIT INFO

Provides: unbound

Required-Start: $network $remote_fs $syslog

Required-Stop: $network $remote_fs $syslog

Default-Start: 2 3 4 5

Default-Stop: 0 1 6

END INIT INFO

NAME=“unbound”

DESC=“DNS server”

DAEMON=“/usr/sbin/unbound”

PIDFILE=“/run/unbound.pid”

HELPER=“/usr/lib/unbound/package-helper”

test -x $DAEMON || exit 0

. /lib/lsb/init-functions

Override this variable by editing or creating /etc/default/unbound.

DAEMON_OPTS=“”

if [ -f /etc/default/unbound ]; then

. /etc/default/unbound

fi

case “$1” in

start)

log_daemon_msg “Starting $DESC” “$NAME”

$HELPER chroot_setup

$HELPER root_trust_anchor_update 2>&1 | logger -p daemon.info -t unbound-anchor

if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON – $DAEMON_OPTS; then

$HELPER resolvconf_start

log_end_msg 0

else

log_end_msg 1

fi

;;

stop)

log_daemon_msg “Stopping $DESC” “$NAME”

if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME; then

$HELPER resolvconf_stop

log_end_msg 0

else

log_end_msg 1

fi

;;

restart>force-reload)

log_daemon_msg “Restarting $DESC” “$NAME”

start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --retry 5

$HELPER resolvconf_stop

if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON – $DAEMON_OPTS; then

$HELPER chroot_setup

$HELPER resolvconf_start

log_end_msg 0

else

log_end_msg 1

fi

;;

reload)

log_daemon_msg “Reloading $DESC” “$NAME”

if start-stop-daemon --stop --pidfile $PIDFILE --signal 1; then

$HELPER chroot_setup

log_end_msg 0

else

log_end_msg 1

fi

;;

status)

status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?

;;

*)

N=/etc/init.d/$NAME

echo “Usage: $N {start|stop|restart|status|reload|force-reload}” >&2

exit 1

;;

esac

exit 0