Have nsd log to rsyslog only and not both rsyslog and nsd.log.

Have rsyslog populate nsd.log instead.

setup/dns.sh

@@ -22,7 +22,7 @@ cat > /etc/nsd/nsd.conf << EOF;
 # Do not edit. Overwritten by Mail-in-a-Box setup.
 server:
   hide-version: yes
-  logfile: "/var/log/nsd.log"
+  log-only-syslog: yes
 
   # identify the server (CH TXT ID.SERVER entry).
   identity: ""
@@ -92,19 +92,6 @@ EOF
 echo "Installing nsd (DNS server)..."
 apt_install nsd ldnsutils openssh-client
 
-# ensure nsd can write to its log file
-
-rwpaths=$(awk -F= '/^ReadWritePaths=/ { print $2 }' /lib/systemd/system/nsd.service)
-mkdir -p /etc/systemd/system/nsd.service.d
-cat >/etc/systemd/system/nsd.service.d/miab.conf <<EOF
-# Do not edit. Overwritten by Mail-in-a-Box setup.
-[Service]
-ReadWritePaths=
-ReadWritePaths=${rwpaths} /var/log
-EOF
-systemctl daemon-reload
-systemctl restart nsd
-
 # Create DNSSEC signing keys.
 
 mkdir -p "$STORAGE_ROOT/dns/dnssec";

setup/system.sh

@@ -375,8 +375,18 @@ restart_service fail2ban
 # ### duplicate logging to syslog
 
 cat >/etc/rsyslog.d/20-mailinabox.conf <<EOF
+# Do not edit. Overwritten by Mail-in-a-Box setup.
+
+# Output mail-related messages to mail.log, then prevent rsyslog's
+# default configuration from duplicating the messages to syslog.
+
 mail.*				-/var/log/mail.log
 mail.err			/var/log/mail.err
-mail.* stop
+mail.*              stop
+
+# Output messages from nsd to nsd.log. nsd messages, which have
+# facility "daemon" are also written to syslog by the default rsyslog
+# configuration.
+:app-name, isequal, "nsd"    -/var/log/nsd.log
 EOF
 restart_service rsyslog