Init systems => S6 => Topic started by: ni0nrtvc on 02 March 2025, 15:14:12
Title: dnsmasq run script improvement
Post by: ni0nrtvc on 02 March 2025, 15:14:12
Good day, I have 2 small suggestions for the dnsmasq-s6 package:
In the run script, currently the -d option is used to make dnsmasq not fork in the background: https://gitea.artixlinux.org/artix/s6-services/src/branch/master/srv/dnsmasq/dnsmasq-srv/run However, from the dnsmasq man page:
Quote
-d, --no-daemon Debug mode: don't fork to the background, don't write a pid file, don't change user id, generate a complete cache dump on receipt on SIGUSR1, log to stderr as well as syslog, don't fork new processes to handle TCP queries. Note that this option is for use in debugging only, to stop dnsmasq daemonising in production, use --keep-in-foreground.
So it is probably better to use the -k option (or its alias --keep-in-foreground) instead, as it would enable dropping privileges for increased security.
Then, to make dnsmasq log to stderr instead of syslog, the --log-facility=- option can be used:
Quote
-8, --log-facility=<facility> Set the facility to which dnsmasq will send syslog entries, this defaults to DAEMON, and to LOCAL0 when debug mode is in operation. If the facility given contains at least one '/' character, it is taken to be a filename, and dnsmasq logs to the given file, instead of syslog. If the facility is '-' then dnsmasq logs to stderr. (Errors whilst reading configuration will still go to syslog, but all output from a successful startup, and all output whilst running, will go exclusively to the file.) When logging to a file, dns‐ masq will close and reopen the file when it receives SIGUSR2. This allows the log file to be rotated without stopping dnsmasq.