Hi there,
do you plan to enable/run Knot as a recursive server too ? We used our
master dns server as a recursive server too (only for our servers), but
after migrating from Bind to Knot it is not possible. For now I had to
change asking secondary dns server with bind, but ... :)
Thanks and best regards
J.Karliak.
Hi,
I've some problems with my domains, I was unreacheable because of knot
wasn't responding. I want to run debug, I've this in my knot.conf:
...
...
log {
syslog { any all; zone all; }
file "/var/log/knotd.debug" {
server debug;
zone debug;
}
...
...
but the "/var/log/knotd.debug" file is empty. Did I missed something ? :)
About knot : he was running, SOA querried to master server that my knot
makes slave, but didn't answered for my domains that he manage. After
restart knot all's fine... Anyway I made a few minutes ago update of the
knot, maybe some "old" bug fixed in the new version, now running
"knot-1.4.4-49.1.x86_64".
Thanks and best regards
J.Karliak.
Hi!
I use knot 1.4.4 and sign my zones with NSEC3.
Is NSEC3 with opt-out supported?
If yes, how can I activate opt-out?
I tried setting the flag in the NSEC3PARAM record but apparently this
does not activate opt-out.
Thanks
Klaus
Hi Everyone,
we're getting closer to the 1.5 release and because we're mostly
feature complete now, I think today might be a good opportunity to
share some of the new stuff we've created and hear out your opinions.
There's a ton of improvements that I can't cover in a few paragraphs,
but I've picked 3 of those that I think are the pillars for the bigger
plan for this year.
Just so you know, there is no tarball this time, but if you're brave
enough, you can actually try everything covered here. You can find the
code in our git repository under a tag "v1.5.0-alpha":
$ git clone -b v1.5.0-alpha https://gitlab.labs.nic.cz/labs/knot.git
1. Query processing and code base
We've known for a while that there were parts of the code that we
weren't happy with. It's not just that it was getting hard to patch
and read, but with we had a ton of ideas that we couldn't get
implemented because of the limitations (in fact, this effort bears
fruits as soon as of this release, but more on that later). One of
those places was query processing and dealing with queries in general.
Naturally, we've sat down and reworked this from scratch. Now, from
the user perspective it's not so exciting - yes we made it RFC
compliant in several cases and it's faster than ever (I'm running
benchmarks as we speak, so you might want to check out our webpage
later). It's still a preview and we're ironing things out, so don't
take the numbers as final.
For those who are interested in the details (thank you!), it's much
much more important because the code lays a solid foundation for the
cool stuff to come while being lightweight. How much? Around 10+k LOC
which is roughly 10-15% of our code base gone and we offset that by
adding almost 5k LOC worth of test cases. To put it in another words,
it means it does more with less and we're not done here.
2. Separating Knot DNS library
We also improved the Knot DNS build process overall. The code
providing basic building blocks for the server and utilities is now
held in the libknot library, which is by default linked dynamically to
these components. You will also notice the libzscanner library, our
high-performance zone scanner written in Ragel (with no dependencies
on Knot DNS). We plan to build some other projects on top of that and
provide public headers in the future (which is more likely to happen
for the libzscanner - if someone is interested). But currently, you
may benefit from a smaller size of the binaries.
3. Pluggable query processing modules + auto forward/reverse records
New features are always a compromise - usually between ease of use,
complexity and resource usage.
But what if we could make the core as lightweight as possible and let
the user choose? The new processing API is built like a Lego (don't
step on it though), it breaks down the processing into independent
parts that together form a plan for query processing. So what we did
was, we've created an interface for loadable modules and let it
add/remove or change the query processing plan as the module sees fit.
This allows to keep complexity at bay (for those who don't want extra
stuff) and provide a playground for new ideas. We actually have a
first module - it can synthesize per-answer forward/reverse records
for IPv4/IPv6 addresses from a template in configuration file (see
4.11 in the documentation on further information). For the impatient,
an example speaks the best:
We have an IPv6 reverse zone we need to take care of, but the problem
is the address space is too big to generate a zone file. So we create
an empty zone, put in static records we want and let the module to
synthesize other records per-answer (if they fit in the template and
aren't present in the zone):
# Configuration:
1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa {
query_module {
synth_record "reverse dynamic- example. 400 2620:0:b61::/52";
}
Now if we load Knot DNS, and kdig for a reverse record, we get a
following reply:
$ kdig PTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa.
;; QUESTION SECTION:
;; 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa.
0 IN PTR
;; ANSWER SECTION:
..snip.. 400 IN PTR dynamic-2620-0000-0b61-0000-0000-0000-0000-0001.example.
Forward records can be dealt with in a similar fashion, see the manual
4.11 for more examples and information.
To sum it up, modules could be a way to accommodate for the "should
this be a in a nameserver?" sort of things. If you don't like it, just
don't put it in the configuration and you're good. As of now the
module API is open (no "how to" though), and so are we for ideas.
Phew, this was longer than I expected and I barely scratched the surface.
As you see, this version is going to be a lot about tidying up and
opening up the possibilities.
So what's your take on this?
Best,
Marek
--
Marek Vavrusa, Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
WWW: http://labs.nic.czhttp://www.nic.cz