[conspire] Unbound and DHCP on home computer

Rick Moen rick at linuxmafia.com
Thu Dec 17 17:11:37 PST 2009

Quoting Roger Chrisman (roger at rogerchrisman.com):

> It seems that Unbound did not permit the trace dig without the conf
> adjustment, presumably for security reasons.

Aha.  Thank you for letting the other shoe dropped, because I was
stumped by the prior description.  Hadn't seen that sort of restriction
behaviour imposed by a nameserver, before.  So, I believed what you
said, but had no idea why you were getting that outcome.

> 1. Into the "server:" section of /etc/unbound/unbound.conf I added this:
> access-control: allow_snoop
> 2. Then killed unbound:
> pidof unbound
> sudo kill <above pid>
> 3. Then restarted it:
> sudo unbound -c /etc/unbound/unbound.conf

Just a couple of minor suggestions from the Land of System
Administration:  You should really preferentially use the system's
service shutdown/startup scripts, because they take care of
housekeeping, e.g., properly closing open file handles and releasing
semaphors, that gets omitted if you merely, e.g., send the process a
SIGTERM signal (default action of the 'kill' command), as you did above.

If you find you cannot shut down a process in the proper, orderly way,
_then_ that's when you reach for bigger, less subtle hammers, including
ye olde 'kill -9' (sending the SIGKILL signal).

On a regular Unix with the traditional System V Init (Debian, Red Hat,
etc.), the conventional change conffile, then stop-and-start command
sequence would be:

1.  Add the ACL to unbound.conf
2.  sudo /etc/init.d/unbound restart

This makes the local System V Init script for Unbound (/etc/init.d/unbound)
execute its "stop" function and then its "start" function.

However, Xubuntu 9.10 doesn't use System V Init, Ubuntu having migrated
a couple of versions ago to a newer, event-driven init called Upstart.
I vaguely recall that Upstart puts control programs called "stop" and
"start" into /sbin, which you can use in a similar way -- something like:

sudo stop unbound
sudo start unbound

Docs at http://upstart.ubuntu.com/getting-started.html

In this one case, you really didn't necessarily even need for the Unbound 
process to die ("stop") and get relaunced ("start"); you fundamentally 
would have been happiest of you could just get the running daemon
process to re-read its configuration file from disk.  _Most_ daemons
can be prodded into doing so by sending them a different signal called
'HUP' aka SIGHUP, which is short for 'hang up', and is the kill
command's signal #1 (see 'man kill' for more).  So, you could have

1.  Add the ACL to unbound.conf
2.  sudo kill -1 unbound

Not all daemons Do the Right Thing when given the HUP signal, but most
do, so it's worth trying, if only because it means the service keeps
going without interruption.

Thanks for the posting!

More information about the conspire mailing list