From 13cb4353a2e28d303a1ebe4f619a6c59a080051d Mon Sep 17 00:00:00 2001
From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com>
Date: Fri, 17 Dec 2021 09:30:58 +0000
Subject: [PATCH] post(log4shell): service unit needs to be unmasked

before starting it
---
 source/_posts/log4shell-log4j-unbound-dns.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source/_posts/log4shell-log4j-unbound-dns.md b/source/_posts/log4shell-log4j-unbound-dns.md
index ed85bf3..a6d4c7c 100644
--- a/source/_posts/log4shell-log4j-unbound-dns.md
+++ b/source/_posts/log4shell-log4j-unbound-dns.md
@@ -108,9 +108,10 @@ sudo -e /etc/hosts
 
 The last step before we start the service is to configure the firewall to allow inbound DNS traffic. I recommend not to allow all IP (0.0.0.0, ::0), otherwise you'll get unwanted traffic. In EC2, that means the attached security group.
 
-After we configure the firewall, we can proceed to start Unbound.
+After we configure the firewall, we can proceed to unmask and start the DNS server.
 
 ```
+systemctl unmask unbound
 systemctl enable --now unbound
 ```