From 83bb3cb9e08fb09ef2b101302b9803d8e5e708cb Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Sat, 3 Mar 2018 00:14:54 +0800
Subject: dns/unbound: disable chroot for easier syslog settings

---
 roles/dns/files/unbound.conf | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'roles/dns/files/unbound.conf')

diff --git a/roles/dns/files/unbound.conf b/roles/dns/files/unbound.conf
index bd82e40..30c423d 100644
--- a/roles/dns/files/unbound.conf
+++ b/roles/dns/files/unbound.conf
@@ -46,9 +46,9 @@ server:
     access-control: 127.0.0.0/8 allow_snoop
     access-control: ::1         allow_snoop
 
-    # Print statistics to the log (for every thread) every N seconds.
-    # Default: 0 (i.e., disabled)
-    statistics-interval: 7200
+    # Chroot to the given directory.  Set to "" to disable chroot.
+    #chroot: "/usr/local/etc/unbound"
+    chroot: ""
 
     # Enable or disable whether IPv4 queries are answered or issued.
     do-ip4: yes
@@ -112,7 +112,12 @@ server:
     # Default: 1 (operational info).
     verbosity: 1
 
+    # Print statistics to the log (for every thread) every N seconds.
+    # Default: 0 (i.e., disabled)
+    statistics-interval: 7200
+
     # Log messages to syslog(3) with the LOG_DAEMON facility.
+    # NOTE: need to also configure syslog when chroot'ed!
     use-syslog: yes
     #
     # Log messages to the specified file.
-- 
cgit v1.2.2