2 Description=Validating, recursive, and caching DNS resolver
3 Documentation=man:unbound(8)
6 WantedBy=multi-user.target
9 ExecReload=/bin/kill -HUP $MAINPID
10 ExecStart=/home/vagrant/unbound_systemd/unbound
13 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
14 MemoryDenyWriteExecute=true
19 ProtectControlGroups=true
20 ProtectKernelModules=true
21 ProtectKernelTunables=true
23 ReadWritePaths=/etc/unbound /run
24 RestrictAddressFamilies=AF_INET AF_UNIX
26 SystemCallArchitectures=native
27 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources