knot-dns-users Říjen 2016

knot-dns-users@lists.nic.cz

13 participants
10 discussions

forcing minimal fragment size for IPv6 datagrams

by Jan Včelák

Hello guys, there has been a request in our issue tracker [1], to enable IPV6_USE_MIN_MTU socket option [2] for IPv6 UDP sockets in Knot DNS. This option makes the operating system to send the responses with a maximal fragment size of 1280 bytes (minimal MTU size required by IPv6 specification). The reasoning is based on the draft by Mark Andrews from 2012 [3]. I wonder if the reasoning is still valid in 2016. And I'm afraid that enabling this option could enlarge the window for possible DNS cache poisoning attacks. We would appreciate any feedback on your operational experience with DNS on IPv6 related to packet fragmentation. [1] https://gitlab.labs.nic.cz/labs/knot/issues/467 [2] https://tools.ietf.org/html/rfc3542#section-11.1 [3] https://tools.ietf.org/html/draft-andrews-dnsext-udp-fragmentation-01 Thanks and regards, Jan

6 let, 11 měsíců

Enable Multi Core CPU in KnotDNS

by shidiq＠pandi.id

Hi All, i'm using knot dns in centos 7 and cpu usage average is 70-90%. i have multi core cpu in this server, but just 1 cpu use by knot DNS. How to enable more than 1 core cpu in knot dns? Thanks, .shidiq

8 let

xip.io functionality with Knot?

by Tobias Brunner

Hi Knot people, As xip.io is very unreliable, I was wondering if it is possible to achieve a similar service with Knot? Examples what xip.io is doing: 10.0.0.1.xip.io resolves to 10.0.0.1 www.10.0.0.2.xip.io resolves to 10.0.0.2 foo.10.0.0.3.xip.io resolves to 10.0.0.3 bar.baz.10.0.0.4.xip.io resolves to 10.0.0.4 Cheers, Tobias

8 let

snapshot 186526

by Bastien Durel

Hello, I see there's an "unreleased" snapshot in http://deb.knot-dns.cz/knot/ repository, is it intentionnal ? The following packages are currently pending an upgrade: knot 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 knot-dnsutils 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 libdnssec2 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 libknot4 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 libzscanner1 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 ======================================================================== Package Details: Reading changelogs... --- Changes for knot (knot knot-dnsutils libdnssec2 libzscanner1) --- knot (2.3.1-1+0~20161025234932.8+jessie~1.gbp186526) unstable; urgency=medium ** SNAPSHOT build @18652664b6e8eeb47ba878c1ff6790f5b6ce3451 ** * UNRELEASED -- Ondřej Surý <ondrej(a)sury.org> Wed, 26 Oct 2016 01:49:34 +0200 Regards, -- Bastien

8 let

knot 2.3.0-3: Automatic DNSSEC signing: Current limitations and creating trusted-keys { ... }

by georg＠riseup.net

Hi all, I'm running {knot,knot-dnsutils} 2.3.0-3~bpo8+1 out of Debian jessie-backports, and enabled automatic DNSSEC signing, which works great! I've got two question, as per the subject: - According to [1], "KSK rollover is not implemented.". Does this mean, if the key was created and exists, then currently knot doesn't change / rollover the KSK? Is it safe to assume, that as long one is using this version, the key stays the same? - I'm running Unbound to do resolving and forwarding some forward and corresponding reverse zones to knot. To make DNSSEC work, I've created a trusted-keys { ... } file with all the KSK created and used by / with knot. Right now, I've created this file manually, using $ keymgr zone key show ... and $ cat $name_of_zone.json and putting it all together. Right now, is there a tool / utility / command which does this already? TIA and all the best, Georg [1] https://www.knot-dns.cz/docs/2.x/html/configuration.html#limitations

8 let

What is stored in Knot's zone timer database?

by Anand Buddhdev

Dear Knot devs, When Knot writes out the zone timer database, what pieces of information about a zone are stored? Regards, Anand

8 let, 1 měsíc

is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

by Toralf Förster

As a lazy slacker I do wonder about such a knot-in-a-nutshell-for-tor-exit-relay-operator-dummies doc ? ;) -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7

8 let, 1 měsíc

Multi-value options in "template" and "zone" sections

by Anand Buddhdev

Hi, This is mainly a question for the Knot developers. Suppose I have: template: - id: default acl: acl1 zone: - domain: zone acl: acl2 Does "zone" get "acl2" or "acl1, acl2" applied to it? Regards, Anand

8 let, 1 měsíc

Knot DNS 2.3.1 release

by Ondřej Surý

Hi fellow Knot DNS users and other mailing list lurkers, CZ.NIC just released a new version of Knot DNS. There are some bug fixes and improvements as usual. We fixed missing glue records in some responses, and there were some other minor nits. The most notable improvement was a speed-up of conf-commit and conf-diff operations when using zonedb. Users with hundred thousands zones and more will be amazed (we hope). There's also new EDNS Client Subnet API in libknot soon to be used in our sibling project Knot Resolver. On the new features front, kdig now can print TLS hierarchy for DNS over TLS, the knotc now contains zone-purge command and we have new mod-whoami module and new dnstap logging options contributed by Robert Edmonds. We would also like to invite everyone to migrate from Knot DNS 1.6.x to the current stable Knot DNS 2.x.x release. And that's it! Thank you for using Knot DNS. And we are really looking forward to your feedback. Full changelog: https://gitlab.labs.nic.cz/labs/knot/raw/v2.3.1/NEWS Sources: https://secure.nic.cz/files/knot-dns/knot-2.3.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-dns/knot-2.3.1.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.x/html/ Regards, -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ --------------------------------------------

8 let, 1 měsíc

Where can I found the module of Geoip

by hou guanghua

Dear<https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users> sir, In the discussion issue, the feature "view" as bind will be supported next version. Where can I found the source code of module Geoip? Regards, Guanghua

8 let, 1 měsíc

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users Říjen 2016