Knot DNS depends on zlib to calculate Adler-32 checksums. A comment in
crc.h states that it “should be removed”. I want to use knsupdate on
OpenWRT and would also like to remove the dependency.
Unfortunately, there is no single library that provides only Adler-32
checksums and every examined software either relies on zlib or its
bundled implementation of varying quality and speed. Other projects seem
to use CRC32C because there is an instruction to calculate it in the
SSE4.2 instruction set. But again there is no library that only
implements only CRC32C checksums. Switching to CRC32C would also make
the journal format incompatible.
I'm inclined to just copy the reference implementation from RFC 1950 for
my purposes but wanted to check with the upstream maintainers whether
there are any plans or ideas.
It would also be nice if the configure script would have an option to
not include and compile unused functionality from libknot and
libzscanner to minimize binaries sizes.
- Matthias-Christian
Hi -
I was reading on the faq about zone events serialization.
Has this feature been implemented?
I am experimenting with a processing that would require this feature,
and if I could simply add a query processor and specify serialization, a
majority of my problem (I think) would be solved. I have yet to explore
the full feature set of the query_processor to know if this is a correct
statement, but I am hopefull.
Thanks,
Lynch
Hello everyone!
CZ.NIC Labs proudly presents the final release of Knot DNS 1.6.0. This version
also becomes an LTS (Long-term support) version of the Knot DNS software.
We added two more bugfixes on top of the features covered by the previous
e-mails announcing the release candidates. And as this is the final release,
let's highlight the most important changes:
The only new feature in Knot 1.6.0 is 'persistent zone timers'. The refresh,
expire, and flush zone timers are now stored in file-backed database. Thus,
the state of the timers survives a complete restart of the server. (Please
note that the feature is optional and requires the LMDB library.)
The processing of letter case in RDATA domain names was modified: In most
cases, the names are converted to lower-case letters. The exception are RR
types, which are treated case-sensitively in DNSSEC. With this change, some
Knot DNS internals were simplified and also problems with invalid signatures
issued by Knot DNS for mixed-case RR sets should be gone.
A few minor bugs in EDNS processing were resolved.
And since the -rc2, we fixed forced zone retransfer (knotc refresh -f <zone>),
which got broken at some point during 1.5 development. And we also corrected
slave zone expiration, when the master is responding to SOA queries but
refusing the transfer.
We would like to thank Anand Buddhdev for helping us in testing the release
candidates and also for reporting the last two bugs.
Sources:
https://secure.nic.cz/files/knot-dns/knot-1.6.0.tar.gzhttps://secure.nic.cz/files/knot-dns/knot-1.6.0.tar.xz
GPG signatures:
https://secure.nic.cz/files/knot-dns/knot-1.6.0.tar.gz.aschttps://secure.nic.cz/files/knot-dns/knot-1.6.0.tar.xz.asc
Best regards,
Jan
--
Jan Včelák, Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
WWW: http://labs.nic.czhttp://www.nic.cz
Hi,
is it possible to allow certain IPs to AXFR all zones?
I need this for our helpdesk, so they can send zonefiles to customers etc.
I don’t want knot to send ixfrs etc. to these IPs.
Hi all,
I'm new on KNOT, and has been running BIND for many years now and would
like to set up another master server to serve the domain
metropolitanbuntu.co.za on a different network based on Debian and Knot.
The Knot-DNS server its running fine:
root@ns1:/etc/knot# knotc status
OK
The metropolitanbuntu.co.za zone was defined in the knot.conf file,
just simple definition:
zones {
# This is a default directory to place slave zone files, journals etc.
# default: ${localstatedir}/lib/knot, configured with --with-storage
storage "/var/lib/knot";
#
# Example master zone
# example.com {
# file "/etc/knot/example.com.zone";
# xfr-out slave0;
# notify-out slave0;
# }
#
# Example slave zone
# example.net {
# file "/var/lib/knot/example.net.zone
# xfr-in master0;
# notify-in master0;
# }
metropolitanbuntu.co.za {
file "/var/lib/knot/metropolitanbuntu.co.za.zone";
}
}
After ran:
root@ns1:/etc/knot# knotc -c knot.conf reload
OK
And checked the Syslog:
root@ns1:/etc/knot# grep knot /var/log/syslog
Oct 18 09:33:23 ns1 knotd[414]: info: remote control, received command
'refresh'
Oct 18 09:33:47 ns1 knotd[414]: info: remote control, received command
'reload'
Oct 18 09:33:47 ns1 knotd[414]: info: reloading configuration
Oct 18 09:33:47 ns1 knotd[414]: info: [metropolitanbuntu.co.za] zone is
up-to-date, serial 0
Oct 18 09:33:47 ns1 knotd[414]: info: configuration reloaded
Oct 18 09:42:24 ns1 knotd[414]: info: remote control, received command
'status'
Oct 18 09:45:03 ns1 knotd[414]: info: remote control, received command
'reload'
Oct 18 09:45:03 ns1 knotd[414]: info: reloading configuration
Oct 18 09:45:03 ns1 knotd[414]: info: [metropolitanbuntu.co.za] zone is
up-to-date, serial 0
Oct 18 09:45:03 ns1 knotd[414]: info: configuration reloaded
The metropolitanbuntu.co.za zone look up to date.
My question is:
its the zone file looks like the BIND one?
do I have to create it, may be I missed the zone declaration in the Knot
manual?
It is possible to do the master to master replication from BIND to KNOT?
Thanks for your support.
--
--
Kind Regards
Eric Kom
Senior IT Manager - Metropolitan Schools
_________________________________________
/ You are scrupulously honest, frank, and \
| straightforward. Therefore you have few |
\ friends. /
-----------------------------------------
\
\
.--.
|o_o |
|:_/ |
// \ \
(| Kom | )
/'\_ _/`\
\___)=(___/
2 Hennie Van Till, White River, 1240
Tel: 013 750 2255 | Fax: 013 750 0105 | Cell: 078 879 1334
erickom(a)kom.za.net | erickom(a)metropolitancollege.co.za www.kom.za.net |
www.kom.za.org | www.erickom.co.za
Key fingerprint: 513E E91A C243 3020 8735 09BB 2DBC 5AD7 A9DA 1EF5
Hi!
I have a question to configure knot dns for split-dns server. (only
master , no slaves)
If my router have two interfaces, eth0 (connected with ISP) and eth1
(internal private).
About same zone (ex. example.com), i want to responses different ways
for eth0, eth1.
(ex. eth0, www.example.com -> read /etc/knot/external.example.zone,
eth1, www.example.com -> /etc/knot/internal.example.zone)
How can i configure it?
I have DNSSEC in knot-dns activated. It always signs my file and it is very difficult to change my zone file with the dnssec stuff inside. Is it possible, to keep the zone file clean and it creates a .signed file for dnssec?
Hello list!
The second release candidate of Knot DNS 1.6.0 by CZ.NIC Labs is here!
The update contains just a few changes, which improve the new persistent slave
zones timers feature.
The database for the zone timers was being opened before the privileges were
dropped and UID/GID changed. As a result, the database could not be reopened
after invoking the "knotc reload" command and updated timers could not be
written into the database. This problem is resolved now. If you are updating
from -rc1, you will need to fix the database ownership to match your knotd
user.
We also increased the maximal size of the database from 10 MB to 100 MB. This
should be enough for thousands of slave zones.
And finally, we improved a logging of errors related to database operations.
If you have a time to try the new release candidate, please, do so. The final
release will probably slip a few days, but it is still scheduled for the next
week.
Sources:
https://secure.nic.cz/files/knot-dns/knot-1.6.0-rc2.tar.gzhttps://secure.nic.cz/files/knot-dns/knot-1.6.0-rc2.tar.xz
Have a nice weekend!
Best regards,
Jan, CZ.NIC Labs
Hello everyone!
Today, CZ.NIC Labs presents the first release candidate of Knot DNS 1.6.0.
This comes quite soon after the release of the 1.5.3, which took place about a
month ago. For this time, we were really conservative about inclusion of new
features. We want to maintain Knot DNS 1.6.0 as a stable version and we intend
to provide bug fixes for this release for a longer period of time.
The 1.6.0 brings just one new feature - persistent timers for slave zones:
The server stores zone expire, refresh, and flush timers in the file-backed
database. The timers are written whenever they change and are recovered when
the server is started. As a result, the timers will survive a full server
restart.
The persistent timers feature is an optional feature and depends on the LMDB
library. Please, make sure the library is available at the build time and
check the output of the 'configure' script, if you want to use this feature.
We also modified domain names letter-case handling in RDATA. Previously, we
preserved letter case of domain names in RDATA fields. With the 1.6.0, the
domain names are converted to lower-case letters, unless the RR type is "new"
and should be handled case-sensitively for compatibility with old servers. We
believe that this approach is RFC-compliant.
The letter case handling modification allowed us to simplify the DNSSEC
signing code a little bit and also resolved problems with invalid signatures
issued by Knot DNS for some mixed-case RR sets.
All the other changes are various small bug fixes.
Please, give Knot DNS 1.6.0-rc1 a try and report any troubles you encounter.
We are looking forward to your feedback. If everything goes well, we plan to
release the final version at the beginning of the next week.
Sources:
https://secure.nic.cz/files/knot-dns/knot-1.6.0-rc1.tar.gzhttps://secure.nic.cz/files/knot-dns/knot-1.6.0-rc1.tar.xz
Best regards,
Jan, CZ.NIC Labs
Hey everyone,
I have a production Knot DNS setup; there are two features that I believe would make it even better than what it is now.
* Under the zones section a way to just "push" all master zones to slaves; the slaves should just accept any zone from a verified master in the slaves knot.conf.
* The ability to just load zones from disk without explicitly stating the zone in knot.conf. For example in /var/lib/knot/example.com.zone; Knot DNS automatically loads the example.com.zone without it being identified in the knot.conf under the zone section. Of course it should do checks (like it does now) before loading the zone, and then gracefully fail and log to the logging mechanism.
Other than that; awesome DNS server!
