- knot-dns-users - lists.nic.cz

by Jan-Piet Mens

Hello, I'm pretty sure I have tomatoes (or other vegetables) on my eyes, but Knot won't answer UDP queries here, running on Centos 6.3 in an OpenVZ container. This is the minimal configuration and the results I'm seeing: $ knotc -V Knot DNS, version 1.2.0-rc3 $ cat knot.sample.conf system { identity "knot 1.2-rc2"; storage "/etc/knot"; } interfaces { my-iface { address 127.0.0.1@53; } } zones { example.com { file "example.com.zone"; } } log { syslog { any info, debug, notice, warning, error; } } $ knotc -c knot.sample.conf start 2013-03-11T18:07:44.244202+01:00 Starting server... 2013-03-11T18:07:44.244337+01:00 Zone 'example.com.' is up-to-date. $ netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 11408/knotd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 486/sshd tcp 0 0 172.16.153.104:22 172.16.153.1:64881 ESTABLISHED 554/sshd tcp 0 0 :::22 :::* LISTEN 486/sshd udp 0 0 127.0.0.1:53 0.0.0.0:* 11408/knotd unix 2 [ ] DGRAM 8840414 11408/knotd $ dig @127.0.0.1 example.com any ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> @127.0.0.1 example.com a ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached $ dig +tcp @127.0.0.1 example.com a ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> +tcp @127.0.0.1 example.com a ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20248 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;example.com. IN A ;; AUTHORITY SECTION: example.com. 60 IN SOA localhost. root.localhost. 1997022700 28800 14400 3600000 86400 ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Mar 11 18:08:32 2013 ;; MSG SIZE rcvd: 79 Mar 11 18:07:44 knot knot[11408]: Binding to interface 127.0.0.1 port 53. Mar 11 18:07:44 knot knot[11408]: Configured 1 interfaces and 1 zones. Mar 11 18:07:44 knot knot[11408]: Mar 11 18:07:44 knot knot[11408]: Loading 1 compiled zones... Mar 11 18:07:44 knot knot[11408]: Loaded zone 'example.com.' serial 1997022700 Mar 11 18:07:44 knot knot[11408]: Loaded 1 out of 1 zones. Mar 11 18:07:44 knot knot[11408]: Starting server... Mar 11 18:07:44 knot knot[11408]: Server started as a daemon, PID = 11408 Mar 11 18:07:44 knot knot[11408]: PID stored in /etc/knot/knot.pid Can you please help me open my eyes? Thanks, -JP

13 let, 2 měsíce

2
6
0 0

debug code compile failure

by Anand Buddhdev

I thought I'd enable debugging code to try and figure out why the server goes into a loop. So I added the following to configure: --enable-debug=server,zones,xfr,packet,dname,rr,ns,hash,compiler,stash However, Knot doesn't compile now. The compile fails with: ... ... libknot/packet/packet.c: In function 'knot_packet_parse_question': libknot/packet/packet.c:311: error: 'bp' undeclared (first use in this function) libknot/packet/packet.c:311: error: (Each undeclared identifier is reported only once libknot/packet/packet.c:311: error: for each function it appears in.) If I remove the packet debug option, I can compile Knot again. Regards, Anand

13 let, 2 měsíce

4
9
0 0

Bootstrapping lots of slave zones

by Anand Buddhdev

Hello Knot developers, I configured an instance of Knot 1.2.0rc3 with 5174 slave zones, and started it. I wanted to see how long it would take to transfer all the zones in. It has been running for about an hour, and it still hasn't managed to load all the zones from its master. I'll pick just one zone as an example to show how long it took: # grep apnic.net /var/log/knot/knot.log 2013-03-09T00:50:19.361489-00:00 Will attempt to bootstrap zone apnic.net. from AXFR master in 37s. 2013-03-09T01:06:31.330875-00:00 Will attempt to bootstrap zone apnic.net. from AXFR master in 35s. 2013-03-09T01:16:19.741644-00:00 Incoming AXFR transfer of 'apnic.net.' with '193.0.0.198@53' key 'ripencc-20110222.': Started. 2013-03-09T01:16:35.282203-00:00 Will attempt to bootstrap zone apnic.net. from AXFR master in 52s. 2013-03-09T01:52:16.477212-00:00 Will attempt to bootstrap zone apnic.net. from AXFR master in 37s. 2013-03-09T01:56:02.806828-00:00 Will attempt to bootstrap zone apnic.net. from AXFR master in 13s. 2013-03-09T01:57:00.901518-00:00 Incoming AXFR transfer of 'apnic.net.' with '193.0.0.198@53' key 'ripencc-20110222.': Started. 2013-03-09T01:57:01.096493-00:00 Incoming AXFR transfer of 'apnic.net.' with '193.0.0.198@53' key 'ripencc-20110222.': Finished. >From the time Knot decided it needed to bootstrap apnic.net, to the time it actually transferred the zone in, it took 67 minutes! All that while, it was responsing with SERVFAIL for the zone. While the zone "apnic.net" has now been loaded, Knot is still busy loading many of the other zones. I can't tell how far it is. Perhaps there could be a command for knotc, called "zonestatus" which would print out a list of all configured zone, and their statuses. I understand that transferring in lots of zones takes time. However, if I start an instance of BIND with the same slave zones, it can transfer them all in within about 15-20 minutes. Knot appears to be much slower in comparison. Do you have any suggestions for speeding things up? Regards, Anand

13 let, 2 měsíce

3
4
0 0

knotc not reading control options from config file

by Anand Buddhdev

Hello Knot developers, I'm testing the use of multiple instances of Knot on the same server. For this simple test, I have two configurations, A.conf and B.conf, as follows. Note that I'm bind the control interface to two different ports. A.conf: ... ... interfaces { a { address A; } } remotes { ctl { address 127.0.0.1; } } control { listen-on { address 127.0.0.1@5553; } allow ctl; } B.conf: ... ... interfaces { b { address B; } } remotes { ctl { address 127.0.0.1; } } control { listen-on { address 127.0.0.1@5554; } allow ctl; } I then start both instances: knotd -c A.conf knotd -c B.conf Now, if I run "knotc -c A.conf reload" then the A instance reloads, as I expect. However, if I run "knotc -c B.conf reload", then it is still the A instance that reloads. The only way I can get the B instance to reload is to run "knotc -p 5554 reload". This is not what I expected. I expected that if I give knotc a configuration file, then it will use the address and port numbers in there, so that it can signal the correct instance of Knot. In comparison, the upcoming NSD4 *does* do this. It has an "nsd-control" command, and if I give it a configuration file as a parameter, then it uses the control port settings from that file to signal the appropriate instance of NSD, and not just the default one. Would you consider getting knotc to also behave the way nsd-control does? After all, knotc *does* read some configuration from the file, so ideally it should also read the control section and use the appropriate address and port numbers from there. Regards, Anand Buddhdev RIPE NCC

13 let, 2 měsíce

2
1
0 0

Log file ownership

by Anand Buddhdev

Dear Knot developers, I've been playing with Knot version 1.2.0-rc3, and run into a small issue. Apologies if it has already been reported. I'm using a configuration like this: system { ... ... user knot.knot; } log { file "/var/log/knot/knot.log" { ... } } When I start Knot, it starts running as root, and creates the file /var/log/knot/knot.log, as root. It then switches to the non-privileged user "knot". Now it can no longer continue writing to the log file. Could you please add some code (to go before it changes the UID) to change the ownership of the log file to the user it is about to switch to? Regards, Anand

13 let, 2 měsíce

3
3
0 0

syslog server?

by jh＠netriplex.com

Hello, Is there any plan to add the ability to allow logging to a syslog server vs. a log file? Regards, Jonathan

13 let, 2 měsíce

2
4
0 0

Log messages leaking to syslog

by Anand Buddhdev

I've configured Knot 1.2.0-rc3 to log to a file with this: log { file "/var/log/knot/knot.log" { any debug, info, notice, warning, error; } } However, some log messages are appearing in /var/log/messages via syslog, for example: Mar 9 11:51:37 ams3 knot[30177]: [error] Incoming AXFR transfer of '0.0.0.0.a.2.ip6.arpa.' with '193.0.0.198@53' key 'ripencc-20110222.': Zone transfer refused by the server. Looks like some parts of Knot are not honouring the file log option. Regards, Anand

13 let, 2 měsíce

1
0
0 0

Plain text copy of zone files

by Anand Buddhdev

Hello Knot developers, I've added some zones to my Knot configuration like this: zones { example.com { file example.com; xfr-in master; notify-in master; } } After Knot has started up, I see the following files in the storage directory: example.com example.com.db example.com.db.crc example.com.diff.db I see that Knot keeps a copy of the zone in a compiled form. Why does it also dump the plain text zone? This would be okay for a small number of zones, but if I want to load a few thousand zones, then all those plain text copies of the zone files will take up unnecessary space on the disk. I tried to turn off the plain text copy by removing the "file example.com" config line, but then Knot created a file called "example.com..zone" (yes, with two dots) to keep a plain text copy of the zone anyway. Is it possible to turn off this plain text dump of the zone? Regards, Anand

13 let, 2 měsíce

1
0
0 0

Knot DNS 1.2.0-rc3 release

by Marek Vavruša

Hi everyone, I'm happy to announce that the 3rd and hopefully final release candidate of Knot DNS 1.2.0 is out! This one not only brings a few bugfixes, but also a new feature. The hot topic of the day - Response Rate Limiting, based on the work of Vernon Schryver and Paul Vixie (http://www.redbarn.org/dns/ratelimits). If you're not familiar with the topic, it is a way to combat DNS amplification and reflection attacks. General idea is to identify flows in outgoing responses and block responses exceeding the rate limit. To get at least some degree of service for victims a mechanism called SLIP is used, causing each Nth blocked response to be sent as truncated, thus enabling legitimate requests to reconnect over TCP. You can enable rate limiting by setting option "rate-limit" to a value greater than 0, for example: system { rate-limit 100; } For more about rate limiting knobs, refer to the documentation or a sample configuration. Any feedback is more than welcome before it lands in the final version! As usual, you can find a full list of changes at https://redmine.labs.nic.cz/projects/knot-dns/repository/revisions/v1.2.0-r… Sources: https://secure.nic.cz/files/knot-dns/knot-1.2.0-rc3.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.2.0-rc3.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Have a nice weekend, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

13 let, 2 měsíce

1
0
0 0

Knot DNS v1.2-rc2

by Marek Vavruša

Hi everyone, it's been a while since the first release candidate was released. For the last few days, we've been busy testing, ironing out encountered bugs and polishing. We fixed a few issues related mainly to DDNS parsing code and processing of some non-standard domain names. As for every release candidate, all users of 1.2rc1 are recommended to update. If everything goes smooth, we'll have a final release shortly. Thanks everyone for a feedback related to last release! You can find a full list of changes at https://redmine.labs.nic.cz/projects/knot-dns/repository/revisions/v1.2-rc2… Sources: https://secure.nic.cz/files/knot-dns/knot-1.2-rc2.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.2-rc2.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

13 let, 2 měsíce

1
0
0 0

Single address limitation per interface and remote server

by Matthias-Christian Ott

I just successfully migrated a several zones from NSD to Knot DNS. The migration was straightforward and quick, but I limiting the number of addresses per interface and remote server to one doesn't make sense to me especially with dual stack hosts. This is more intuitive to me in NSD. What is the rationale behind the current syntax? Regards, Matthias-Christian

13 let, 3 měsíce

2
1
0 0

Knot DNS 1.2-rc1 finally out!

by Marek Vavruša

Hi Everyone, we're proud to announce, that release candidate for the next major release 1.2 is out! Apart from a couple bugfixes, it features full DDNS support (including update forwarding). There are a few limitations related to DNSSEC-signed zones, please refer to user manual for more information. Access control for dynamic updates could be configured in a similar fashion to transfers, using the 'update-in' keyword. Next major thing is an updated remote control tool. Basic commands for start/stop/restart/compile and checks are the same as they were, but the command for refresh/flush/status could be executed remotely given the right configuration. You can enable remote control interface with a new config section 'control', f.e.: control { listen-on { address 127.0.0.1@5553; } allow remote0; } You can also specify a remote with associated TSIG key for security reasons. Knot control tool then accepts host, port and TSIG key as a parameter, f.e.: $ knotc -s 127.0.0.1 -p 5553 status Key could be also specified in a file instead of a command line parameter. But that is just a tip of the iceberg. For more smaller features, like configurable TCP timeouts or LOC support, refer to RELNOTES and a user documentation. RELNOTES: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.2-rc1/… Sources: https://secure.nic.cz/files/knot-dns/knot-1.2-rc1.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.2-rc1.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

13 let, 4 měsíce

4
6
0 0

knot performace?

by AndyChen

Hi, does the knot have performance test, if have, wuold you give the report? Best wishes!

13 let, 4 měsíce

2
2
0 0

Knot DNS 1.1.3 just released!

by Marek Vavruša

Hi everyone, it's been two weeks since the rc1 was released, and I'm happy to announce, that the Knot DNS 1.1.3 is finally out! The release candidate fixed a couple issues related to answering DS queries, parsing of improper zone files and a wrong ARCOUNT in some error responses when EDNS0 was enabled. As for every bugfix release, we recommend all 1.1.2 users to update, even if no new features were added. Enjoy and have a merry Christmas. Full list of changes is at https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.3/en… Sources: https://secure.nic.cz/files/knot-dns/knot-1.1.3.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.1.3.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

13 let, 4 měsíce

1
0
0 0

Knot DNS 1.1.3-rc1 released

by Lubos Slovak

Hi, we've recently fixed some issues in Knot DNS, mainly answering to DS queries (thanks to reports by Phil Regnauld, Casey Deccio and Erwin Lansing!). Other fixes are listed here: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.3-rc… After the usual one week, the final 1.1.3 will be released. Sources: https://secure.nic.cz/files/knot-dns/knot-1.1.3-rc1.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.1.3-rc1.tar.gz.asc Packages at www.knot-dns.cz will be updated ASAP. Meanwhile, we're still working on 1.2 which is a bit delayed - dynamic updates are giving us a hard time. But we're doing our best to release it before Christmas. Regards, Lubos

13 let, 5 měsíců

1
0
0 0

Knot DNS 1.1.2 final is out!

by Marek Vavruša

Hi, we are announcing that Knot DNS 1.1.2 is finally out! The release candidate from last week fixed a crash with duplicate zone names and slave zones not refreshing properly. Since then, we fixed debug build. As this is a bugfix release, we strongly recommend all 1.1.1 users to update, even if no new features were added. Enjoy! Full list of changes is at https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.2/en… Sources: https://secure.nic.cz/files/knot-dns/knot-1.1.2.tar.gz GPG signature: https://secure.nic.cz/files/knot-dns/knot-1.1.2.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Cheers, Marek -- Marek Vavruša Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic WWW: http://labs.nic.cz http://www.nic.cz

13 let, 5 měsíců

1
0
0 0

Bugfix release Knot DNS v1.1.2-rc1

by Lubos Slovak

Hi, we've recently corrected two issues: the server crashed when trying to reload configuration with duplicate zones and zone transfers scheduling was broken, causing sometimes (but very rarely) some zones not to be synced with master properly, so we are releasing the fixed version right away. Sources of this version are here: http://public.nic.cz/files/knot-dns/knot-1.1.2-rc1.tar.gz GPG signature: http://public.nic.cz/files/knot-dns/knot-1.1.2-rc1.tar.gz.asc Final v1.1.2 will be released in a week. Kind regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 6 měsíců

1
0
0 0

Knot DNS 1.1.1 is out

by Lubos Slovak

Hello, final release 1.1.1 of Knot DNS was just released. We just fixed one small bug since last week's release candidate. Now should be stable. Enjoy and stay tuned for version 1.2, which should be out in late November and will bring the long desired support for Dynamic Updates and some other improvements! Kind regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 6 měsíců

1
0
0 0

Knot DNS v1.1.1-rc1

by Lubos Slovak

Hello, a bugfix release of Knot DNS is out (v1.1.1-rc1). We're releasing it as a release candidate in order to get the fixes to you as soon as possible. Proper release will follow in a week. We've fixed some crashes, TSIG algorithm name comparison and improved compression. For full list of changes see RELNOTES in the source directory or here: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.1-rc… The sources are available in the usual place: http://public.nic.cz/files/knot-dns/knot-1.1.1-rc1.tar.gz GPG signature: http://public.nic.cz/files/knot-dns/knot-1.1.1-rc1.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. Regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 6 měsíců

1
0
0 0

Problem with UDP queries

by Eduardo Duarte

Hello, I have setup a KNOT dns server but I'm having troubles with the UDP queries. The server is not answering to the UDP queries but it is answering to queries in TCP. The server is running on a CentOS release 6.3 (Final) and the configuration file is the following. *************knot.conf*********** system { identity "Yet.another.server"; nsid "Yet.another.server"; storage "/opt/knot_run/knot-minimal"; pidfile "/opt/knot_run/knot.pid"; user root; } interfaces { ipv4 { address 127.0.0.1@53; } ipv4 { address 193.137.197.25@53; } } remotes { ns-test01 { address 193.136.192.86@53; } ns-test02 { address 193.136.192.87@53; } ns-test03 { address 193.137.196.30@53; } ns-test04 { address 193.137.196.31@53; } } zones { zonetest-01.dns.pt { file "/opt/knot_run/zones/zonetest01"; xfr-in ns-test01; notify-in ns-test01; } zonetest-06.dns.pt { file "/opt/knot_run/zones/zonetest06"; } } log { file "/opt/knot_run/log/knot.log" { any all; } } ********************************** The output of the log file is ********knot.log****************** 2012-09-17T10:25:40.208574+01:00 Stopping server... 2012-09-17T10:25:40.210677+01:00 Server finished. 2012-09-17T10:25:40.211260+01:00 Shut down. 2012-09-17T10:25:40.230967+01:00 Binding to interface 127.0.0.1 port 53. 2012-09-17T10:25:40.231283+01:00 Binding to interface 193.137.197.25 port 53. 2012-09-17T10:25:40.232162+01:00 Loading 2 compiled zones... 2012-09-17T10:25:40.233783+01:00 Loaded zone 'zonetest-01.dns.pt.' 2012-09-17T10:25:40.237553+01:00 Loaded zone 'zonetest-06.dns.pt.' 2012-09-17T10:25:40.238983+01:00 Loaded 2 out of 2 zones. 2012-09-17T10:25:40.239044+01:00 Configured 2 interfaces and 2 zones. 2012-09-17T10:25:40.239078+01:00 2012-09-17T10:25:40.239111+01:00 Starting server... 2012-09-17T10:25:40.240688+01:00 Server started as a daemon, PID = 8599 2012-09-17T10:25:40.240772+01:00 PID stored in /opt/knot_run/knot.pid ********************************* And an example of the query's ********************************* [root@ns-test06 ~]# dig @127.0.0.1 zonetest-06.dns.pt +tcp ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> @127.0.0.1 zonetest-06.dns.pt +tcp ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30969 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;zonetest-06.dns.pt. IN A ;; ANSWER SECTION: zonetest-06.dns.pt. 3600 IN A 193.137.196.42 ;; AUTHORITY SECTION: zonetest-06.dns.pt. 3600 IN NS ns-test01.dns.pt. zonetest-06.dns.pt. 3600 IN NS ns-test02.dns.pt. zonetest-06.dns.pt. 3600 IN NS ns-test03.dns.pt. zonetest-06.dns.pt. 3600 IN NS ns-test04.dns.pt. zonetest-06.dns.pt. 3600 IN NS ns-test06.dns.pt. ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Sep 17 10:25:49 2012 ;; MSG SIZE rcvd: 202 [root@ns-test06 ~]# dig @127.0.0.1 zonetest-06.dns.pt ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> @127.0.0.1 zonetest-06.dns.pt ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached ********************************* Can anyone help me with this problem? Best regards, -- Eduardo Duarte SIT-DNS DNS.PT - https://www.dns.pt/ FCCN - http://www.fccn.pt/

13 let, 8 měsíců

3
3
0 0

Cannot use unknown RRtypes in Knot?

by Paul Hoffman

Greetings. This seems a bit odd. I have a zone file with: ===== $TTL 6 test79.example.com. IN SOA foo.example.com. dns.test79.example.com. ( 201209150 5m 1m 2w 5m ) test79.example.com. IN NS foo.example.com. test79.example.com. IN TYPE79 \# 4 deadface ===== Trying to compile it gives: ===== Parsing file '/home/dns/Files/foo.conf', origin 'test79.example.com.' ... /home/dns/Files/foo.conf:4: error: bad unknown RDATA Parser finished with error, not dumping the zone! error: Compilation of 'test79.example.com.' failed, knot-zcompile return code was '1' ===== This zone file works fine in BIND, NSD, and PowerDNS. It seems that either Knot cannot use the standard mechanism for defining unknown RRtypes (RFC 3597), or it maybe has a different syntax. Clues are appreciated. --Paul Hoffman

13 let, 8 měsíců

2
1
0 0

Knot controlled by multiple users

by Peter Andreev

Hi! I run Knot with option apn@knot-test:/home/apn>grep user /usr/local/etc/knot/knot.conf user bind.dns; apn@knot-test:/home/apn>ps uaxww | grep knot bind 9925 0.0 0.8 33760 8736 ?? Ss 4:03PM 0:00.07 /usr/local/sbin/knotd -d -c /usr/local/etc/knot/knot.conf apn@knot-test:/home/apn>knotc -V Knot DNS, version 1.1.0-rc2 apn@knot-test:/home/apn>uname -a FreeBSD knot-test.local 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Everything is fine except for one: I can't control Knot via knotc under my account and have to raise my privileges. apn@knot-test:/home/apn>knotc running 2012-09-03T17:33:20.801730+04:00 Using '/usr/local/etc/knot/knot.conf' as default configuration. 2012-09-03T17:33:20.802876+04:00 Server PID not found, probably not running. 2012-09-03T17:33:20.803099+04:00 [warning] PID file is stale. apn@knot-test:/home/apn>knotc reload 2012-09-03T17:57:01.706820+04:00 Using '/usr/local/etc/knot/knot.conf' as default configuration. 2012-09-03T17:57:01.707934+04:00 [warning] Server PID not found, probably not running. apn@knot-test:/home/apn>knotc refresh 2012-09-03T17:57:11.314605+04:00 Using '/usr/local/etc/knot/knot.conf' as default configuration. 2012-09-03T17:57:11.315736+04:00 [warning] Server PID not found, probably not running. I believe that is because of using of kill(2) in pid_running(). So I'm wondering how unprivileged user can send commands to Knot? Thanks in advance. -- AP

13 let, 8 měsíců

2
1
0 0

Knot DNS v1.1.0 released!

by Lubos Slovak

Dear users, we proudly announce the release of Knot DNS 1.1. During last months we perfected many Knot DNS' features, did lots of testing, fixed all revealed bugs and improved the performace in many ways. Since RC2 we just fixed syncing of journal to zone, which didn't update the compiled database, just the text zone file. For the list of all important changes, please see RELNOTES either in the source directory, or online: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0/en… Here are the source files: http://public.nic.cz/files/knot-dns/knot-1.1.0.tar.gz and GPG signature of the tarball: http://public.nic.cz/files/knot-dns/knot-1.1.0.tar.gz.asc Packages will be available soon on http://www.knot-dns.cz. Regards, Lubos

13 let, 8 měsíců

1
0
0 0

Knot DNS v1.1.0-rc2

by Lubos Slovak

Hi, second Release Candidate of Knot DNS 1.1 is out now. We slightly improved and fixed the user manual, fixed two minor bugs: - generating journal for IXFR when the zone contains IPSECKEY and APL records in binary format, - possible leak on server shutdown with a pending transfer and fixed the behaviour of slave server using TSIG. It did not sign SOA queries to master, causing it to fail the zone version check when talking to Bind with allow-query configured to use TSIG key. Source files are available here: http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz GPG signature: http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz.asc Packages will be updated soon at the usual place on http://www.knot-dns.cz. Please provide us with any feedback before the final 1.1 release next week. Regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 8 měsíců

1
0
0 0

Knot DNS v1.1.0-rc1

by Lubos Slovak

Dear Knot DNS users, we've just released a Release Candidate of Knot DNS 1.1. The new version brings a lot of enhancements and bugfixes which improve stability and interoperability of Knot DNS. It also contains a complete User manual for easier deployment. The manual can be either built from the sources ('make pdf' or 'make html'), or accessed online via Knot DNS website (http://www.knot-dns.cz). Here are some highlights of changes in the new version: - Improved speed of incoming IXFR even more. - Optimized loading of many zones. - Option to disable authoritative ANY answers as a mitigation to recent DDoS reflection attacks. - Fixed some problems and leaks cased if an IXFR transfer failed (e.g. because of malformed data). - Improved malformed packet parsing and handling. - Fixed answering in some special cases. We also implemented an option to generate zone differences from zone reload and using them for IXFR journal. Thus Knot DNS may serve as IXFR primary master (until now, it needed to obtain the differences by a transfer from some other master). However, this feature is only experimental, so use it with care. We do not guarantee that the results will be always good or that it won't compromise the stability of the server. For full list of changes see RELNOTES in the source directory or here: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0-rc… Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.1.0-rc1.tar.gz GPG signature: Packages will be available soon on http://www.knot-dns.cz. Kind regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 9 měsíců

2
2
0 0

DNS test suite - list of non-standard DNS queries

by Petr Spacek

Hello list, I found an article http://blog.nic.cz/2012/07/19/zavazna-vzdalena-zranitelnost-v-dns-serveru-n… which mentions "list of non-standard DNS queries" for test purposes. Is it possible to obtain this list and related tools? I looked into latest Knot sources tarball and I found nothing :-) I'm developer of BIND 9 plugin and I want to explore and re-use mentioned tests for configurations with this plugin (https://fedorahosted.org/bind-dyndb-ldap/). I'm not a member of knot-dns-users list, please add me to Cc in reply. Thanks for your time. -- Petr Spacek Red Hat Czech

13 let, 9 měsíců

1
0
0 0

Using Knot in dual stack environment

by Ondřej Caletka

Hi, I am having difficulties running knot on an dualstack host. I want Knot to listen on all IPv4 and all IPv6 interfaces. I am using this interfaces section in config file: interfaces { allv4 { address 0.0.0.0; } allv6 { address [::]; } } Using this config, Knot listens only on v4 address and gives an error binding the v6 address: 2012-07-27T13:21:44.646094+02:00 Binding to interface 0.0.0.0 port 53. 2012-07-27T13:21:44.646197+02:00 [error] Cannot bind to socket (98). 2012-07-27T13:21:44.646233+02:00 [error] Could not bind to TCP interface :: port 53. 2012-07-27T13:21:44.646240+02:00 Binding to interface :: port 53. Changing interface order the other way around results in listening on v6 only with same error, yet also v4 connections are accepted, probably due to IPV6_V6ONLY socket option not being turned on by Knot. When I tried changing listening port on either line, problem disappeared. I am using Debian package, version 1.0.6-1~bpo60+1. Cheers, Ondřej Caletka

13 let, 9 měsíců

2
2
0 0

Problem instaling KNOT

by Eduardo Duarte

Hello, I'm new to KNOT and I'm trying to install it on a CentOS 6.3 (Final) minimal install, I already updated openssl to the newest version and install all the pre-requirements but when I run make command I get the following error: ************************* BINDIR=\"/usr/local/sbin\" -g -O2 -fpredictive-commoning -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT journal.lo -MD -MP -MF .deps/journal.Tpo -c knot/server/journal.c -fPIC -DPIC -o .libs/journal.o In file included from knot/server/journal.c:26: ./common/crc.h:30:18: error: zlib.h: No such file or directory In file included from knot/server/journal.c:26: ./common/crc.h: In function 'crc_init': ./common/crc.h:49: warning: implicit declaration of function 'adler32' make[2]: *** [journal.lo] Error 1 make[2]: Leaving directory `/root/knot-1.0.6/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/root/knot-1.0.6/src' make: *** [all-recursive] Error 1 ************************* Can any of you guys help me? Best regards, -- Eduardo Duarte SIT-DNS DNS.PT - https://www.dns.pt/ FCCN - http://www.fccn.pt/

13 let, 9 měsíců

3
4
0 0

Fwd: Re: Fail to serve RFC 2317-ish zone

by Lubos Slovak

Sorry, didn't send it to the list before.. L. -------- Original Message -------- Subject: Re: [knot-dns-users] Fail to serve RFC 2317-ish zone Date: Wed, 04 Jul 2012 15:12:59 +0200 From: Lubos Slovak <lubos.slovak(a)nic.cz> To: Koh-ichi Ito <kohi(a)kkdlabs.jp> Hi there, thanks for the report! It's true that Knot DNS actually imposes quite rigid rules to domain names. We will probably change that in future. But we forgot about the RFC 2317 case, so thanks once more for the notice. Will add support for / in domain names in the next release - that should suffice. Regards, Lubos On 07/04/2012 12:48 PM, Koh-ichi Ito wrote: > Dear team, > > I found that Knot DNS v1.0.6(from tarball) fails to serve > RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case. > > -----[ knot.conf ]------------------------------------------ > system { > storage "/proj/knot-dns/var"; > } > zones { > 32/27.2.0.192.in-addr.arpa { > file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa"; > } > } > > -----[ zone data ]------------------------------------------ > $TTL 1d > $ORIGIN 32/27.2.0.192.in-addr.arpa > @ IN SOA ns.example1.jp. hostmaster.example1.jp. ( > 2012070401 > 20m > 15m > 4w > 15m ) > NS ns.example1.jp. > > -----[ The result ]----------------------------------------- > kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa > [sudo] password for kohi: > 2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32'). > 2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'. > kohi@lars[2]% > ------------------------------------------------------------ > > Thanks in advance. > > Koh-ichi Ito > _______________________________________________ > knot-dns-users mailing list > knot-dns-users(a)lists.nic.cz > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 10 měsíců

1
0
0 0

Web frontend?

by Alvaro Pinel

Hi, Is there any frontend for knotdns? We have different kind of users and for non technicians is more difficult to manage from command line. ¡Thanks!

13 let, 10 měsíců

2
1
0 0

cpu_set_t causes compile error on FreeBSD 8.3

by Koh-ichi Ito

Hello team, I experienced the following compile error while installing knot-1.0.6(tarball from WWW site) on FreeBSD 8.3. % make Making all in src make all-am /bin/sh ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Ilibknot -DLIBEXECDIR='"/pub/knot-1.0.6/libexec"' -DSYSCONFDIR='"/pub/knot-1.0.6/etc"' -DSBINDIR='"/pub/knot-1.0.6/sbin"' -I/pub/include -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT utils.lo -MD -MP -MF .deps/utils.Tpo -c -o utils.lo `test -f 'libknot/util/utils.c' || echo './'`libknot/util/utils.c : : libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Ilibknot -DLIBEXECDIR=\"/pub/knot-1.0.6/libexec\" -DSYSCONFDIR=\"/pub/knot-1.0.6/etc\" -DSBINDIR=\"/pub/knot-1.0.6/sbin\" -I/pub/include -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT dthreads.lo -MD -MP -MF .deps/dthreads.Tpo -c knot/server/dthreads.c -fPIC -DPIC -o .libs/dthreads.o knot/server/dthreads.c: In function 'dt_setaffinity': knot/server/dthreads.c:864: error: 'cpu_set_t' undeclared (first use in this function) knot/server/dthreads.c:864: error: (Each undeclared identifier is reported only once knot/server/dthreads.c:864: error: for each function it appears in.) knot/server/dthreads.c:868: warning: implicit declaration of function 'pthread_setaffinity_np' knot/server/dthreads.c:868: error: expected expression before ')' token *** Error code 1 Stop in /u1/share/pub/src/knot-dns/knot-1.0.6/src. *** Error code 1 Stop in /u1/share/pub/src/knot-dns/knot-1.0.6/src. *** Error code 1 Stop in /u1/share/pub/src/knot-dns/knot-1.0.6. As an ad-hoc workaround, the following trial works fine. % cd src % mv config.h config.h.ORG % cp config.h.ORG config.h % ed config.h 10154 /HAVE_PTHREAD_SETAFFINITY_NP #define HAVE_PTHREAD_SETAFFINITY_NP 1 s/^#define/#undef/ s/ 1$// p #undef HAVE_PTHREAD_SETAFFINITY_NP s/^#define/#undef/ s/ 1$// p #undef HAVE_PTHREAD_SETAFFINITY_NP w 10151 q % diff -u config.h.ORG config.h --- config.h.ORG 2012-06-30 14:56:16.000000000 +0900 +++ config.h 2012-06-30 15:08:09.000000000 +0900 @@ -107,7 +107,7 @@ #define HAVE_PSELECT 1 /* Define to 1 if you have the `pthread_setaffinity_np' function. */ -#define HAVE_PTHREAD_SETAFFINITY_NP 1 +#undef HAVE_PTHREAD_SETAFFINITY_NP /* Define to 1 if you have the `regcomp' function. */ #define HAVE_REGCOMP 1 % cd .. As long as invoke via knotc and easy query via dig, the result binary seems to work fine. Thanks in advance -- kkdlabs.jp, featuring Koh-ichi Ito as just another DNS freak in town.

13 let, 10 měsíců

2
2
0 0

origin doesn't taken from knot.conf

by Koh-ichi Ito

Hello again. Here's another one. I noticed that zone data contains relative notation such as '@' but no $ORIGIN causes error. knotc checkzone says: ----- kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc checkzone example1.jp [sudo] password for kohi: 2012-07-04T19:52:19.603883+09:00 Using '/proj/knot-dns/etc/knot.conf' as default configuration. 2012-07-04T19:52:19.615871+09:00 [error] /proj/dns/namedb/example1.jp:3: @ used, but no $ORIGIN specified. 2012-07-04T19:52:19.631618+09:00 [error] /proj/dns/namedb/example1.jp:11: Zone file does not contain SOA record! ----- And knotc compile says: ----- kohi@lars[2]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc compile 2012-07-04T19:54:02.023025+09:00 Using '/proj/knot-dns/etc/knot.conf' as default configuration. 2012-07-04T19:54:02.039299+09:00 Parsing file '/proj/dns/namedb/example1.jp', origin 'example1.jp.' ... 2012-07-04T19:54:02.051637+09:00 [error] /proj/dns/namedb/example1.jp:3: @ used, but no $ORIGIN specified. 2012-07-04T19:54:02.052790+09:00 [error] /proj/dns/namedb/example1.jp:11: Zone file does not contain SOA record! 2012-07-04T19:54:02.053653+09:00 [error] Compilation of 'example1.jp.' failed, knot-zcompile return code was '1' ----- It complains even though it knows that "origin 'example1.jp.' ...". Is this behavior by design policy? Or I wish it to be enhanced. Best regards, Koh-ichi Ito

13 let, 10 měsíců

4
6
0 0

pidfile empty when running as unpriviliged user

by Tom Hendrikx

Hello, Yesterday I replaced one of my authoritative servers with knot 1.0.5 (previously powerdns). I am already delighted by the simplicity of knot, so thank you for a nice piece of software. I tried some configurations and noticed that I was unable to correctly run as an unprivileged user. It seems that the problem is: - start knotd as root.root - create empty pidfile (owned by root.root) - drop privileges to user 'knot.knot' - write pid to pidfile (and fail doing so) - log error: 2012-06-11T22:23:06+02:00 julie knot[31184]: [warning] Failed to create PID file '/var/lib/knot/knot.pid'. 2012-06-11T22:23:06+02:00 julie knot[31184]: Server started as a daemon, PID = 31184 2012-06-11T22:23:06+02:00 julie knot[31184]: [warning] Server running without PID file. When stopping knotd later on, the following is logged, and knotd does not stop running. 2012-06-11T22:23:38+02:00 julie knot[31210]: [warning] Server PID not found, probably not running. I guess that either the pid file need to be chowned to the unprivileged user before privileges are dropped, or the pid needs to be written to the file earlier. Note that the file *is* created (despite the error messages saying something else), but it is empty. Kind regards, Tom

13 let, 10 měsíců

2
6
0 0

Fail to serve RFC 2317-ish zone

by Koh-ichi Ito

Dear team, I found that Knot DNS v1.0.6(from tarball) fails to serve RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case. -----[ knot.conf ]------------------------------------------ system { storage "/proj/knot-dns/var"; } zones { 32/27.2.0.192.in-addr.arpa { file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa"; } } -----[ zone data ]------------------------------------------ $TTL 1d $ORIGIN 32/27.2.0.192.in-addr.arpa @ IN SOA ns.example1.jp. hostmaster.example1.jp. ( 2012070401 20m 15m 4w 15m ) NS ns.example1.jp. -----[ The result ]----------------------------------------- kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa [sudo] password for kohi: 2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32'). 2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'. kohi@lars[2]% ------------------------------------------------------------ Thanks in advance. Koh-ichi Ito

13 let, 10 měsíců

1
0
0 0

Knot DNS on Google+

by Ondřej Surý

Hi all, we have created page for Knot DNS on Google+ [1]. We will try to use that channel for communicating short interesting stuff from the development. You will not be bored, we promise :) 1. https://plus.google.com/u/0/111568815130451558383/posts Feel free to join the channel and/or spread the word around. Ondrej -- Ondřej Surý -- Chief Science Officer ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------

13 let, 11 měsíců

1
0
0 0

Knot DNS v1.0.6

by Lubos Slovak

Hi, another bugfix release of Knot DNS is out. This one corrects behaviour with wildcard CNAMEs, when DNSSEC is requested (some NSECs/NSEC3s were missing) and fixes some potential problems from incorrect use of RCU synchronisation. The sources are available here: http://public.nic.cz/files/knot-dns/knot-1.0.6.tar.gz GPG signature: http://public.nic.cz/files/knot-dns/knot-1.0.6.tar.gz.asc Packages available at www.knot-dns.cz will be updated soon as well. We are planning another release soon, with a lot of improvements and small fixes in answers. Also we found out that the IXFR is still quite slow with too many changes (more than 50 000 RRs changed) and are working on that as well. Regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

13 let, 11 měsíců

1
0
0 0

Knot DNS hotfix

by Lubos Slovak

Dear Knot DNS users, yesterday's release contained an ugly bug that caused Knot not to create journal files, which lead to IXFR being non-functional at all. We are very sorry for this and immediately released a hotfix marked as 1.0.5. Please, download the fixed version here: http://public.nic.cz/files/knot-dns/knot-1.0.5.tar.gz GPG signature: http://public.nic.cz/files/knot-dns/knot-1.0.5.tar.gz.asc Packages will be updated soon as well. With regards and apologies, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

14 let

1
0
0 0

Documentation?

by Johan Ihrén

Hi, While knot seems to work fine for me given my testing sofar I would like to see the full documentation. In the man pages there is this reference: The full documentation for Knot is maintained as a Texinfo manual. If the info and Knot programs are properly installed at your site, the command info Knot should give you access to the complete manual. I know what info is, but where is the actual texinfo file? I cannot find it in the distribution. Regards, Johan

14 let

2
2
0 0

KnotDNS 1.0.4

by Lubos Slovak

Hello, after some time, we are finally releasing version 1.0.4 of Knot DNS. However, we hope the improvements we made are worth the waiting. First of all, we sped up incoming IXFR processing A LOT. Also memory consumption of the processing is slightly improved. Besides, we addressed some bugs reported by our users and made some other improvements. To name a few: - Parallel loading of zones to the server. - Support for TLSA (RR type 52). - knotc checkzone (as a dry-run of zone compile). - knotc refresh for forcing Knot to update all zones from master servers. - Copying OPCODE and RD bit from query to NOTIMPL responses. - Fixed crash when NS or MX points to an alias. For full list of changes see RELNOTES in the source directory or here: https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.0.4/en… Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.0.4.tar.gz Packages will be available soon on http://www.knot-dns.cz Regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labshttp://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email:lubos.slovak@nic.cz WWW:http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign athttp://thinkBeforePrinting.org

14 let

1
0
0 0

thoughts

by Mathieu Arnold

Hi, After moving one of my authoritative nameservers from bind to nsd, I thought why not migrate another one to knot, it seems nice... :-) So, I started writing a small script to output the knot conf bits I needed only to find out that I can't find a way to do includes, like I do with bind or nsd. What's the usual way to do that kind of things ? Is it possible to have more than one keys, remotes and zones sections ? Regards, -- Mathieu Arnold

14 let

3
4
0 0

Knot DNS v1.0.3

by Lubos Slovak

Dear users, we have just released a hotfixed version of Knot DNS. These last changes address several issues: - The last release slowed down the compilation a lot, due to some changes in underlying code. This has been improved, so that the compilation should be as fast as before. - It turned out that Knot DNS was applying ENDS0 UDP payload limit also to TCP queries - we are sorry for such a bug, it should be OK now. - Besides, a missing include for FreeBSD was added and a potential crash with many concurrent transfers was fixed too. Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.0.3.tar.gz Packages will be available soon on http://www.knot-dns.cz Next version is due to be released in a short time, featuring support for new RR type TLSA (52). Enjoy! Lubos

14 let

2
2
0 0

Knot 1.0.1 starting problem.

by Peter Andreev

Hello, list! I encountered a problem when I tried to start Knot on FreeBSD 8.0. When I tried start from rc.d script, Knotc freezed for 5 minutes until I killed it. When I tried "knotc start" nothing happened. And when I tried start directly knotd, the following was happened: dnssec-slave2# knotd -c /srvs/knot/etc/knot.conf Reading configuration '/srvs/knot/etc/knot.conf' ... Assertion failed: (knot_node_new_node(knot_dname_node(dname)) != NULL), function xfrin_switch_node_in_dname_table, file libknot/updates/xfr-in.c, line 2264. Abort -- AP

14 let, 1 měsíc

2
3
0 0

Knot DNS 1.0.2

by Lubos Slovak

Hi, another release of Knot DNS is out. Beside some small fixes we improved configuration options, log messages and slightly optimized overall performance. For all changes made, see RELNOTES in the source directory. Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.0.2.tar.gz Packages will be available soon on http://www.knot-dns.cz Kind regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labshttp://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email:lubos.slovak@nic.cz WWW:http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign athttp://thinkBeforePrinting.org

14 let, 1 měsíc

2
1
0 0

Knot DNS now in FreeBSD ports

by Leo Vandewoestijne

Hello knotty people ;) Both userspace-rcu and knot are now in the FreeBSD ports collection. http://www.freshports.org/dns/knot/ -- Met vriendelijke groet, With kind regards, Leo Vandewoestijne.

14 let, 1 měsíc

2
1
0 0

Crashing Knot 1.0.1

by Sebastian Castro

Hi: I'm trying to test Knot 1.0.1 with a basic configuration, and I managed to crash it. Compiled from source on a Ubuntu 11.04, serving one signed zone. uname -a Linux turista 2.6.38-13-generic-pae #55-Ubuntu SMP Tue Jan 24 15:54:51 UTC 2012 i686 i686 i386 GNU/Linux autoreconf -if ./configure --prefix=/opt/knot make sudo make install The configuration file looks like this system { identity "knot 1.0.1"; storage "/opt/knot/var/knot"; } interfaces { my-iface { address 192.168.22.152@53; } } zones { co.nz { file "/opt/knot/etc/co.nz"; } } log { syslog { any warning, error; } } Then root@turista:/opt/knot# sbin/knotc -c etc/knot.conf compile Parsing file '/opt/knot/etc/co.nz', origin 'co.nz.' ... Compilation successful. root@turista:/opt/knot# sbin/knotc -c etc/knot.conf -i start control: Running in interactive mode. Reading configuration '/opt/knot/etc/knot.conf' ... And when I send a query to the server dig dnskey co.nz @192.168.22.152 I get this in syslog Mar 15 17:00:44 turista kernel: [1487877.778230] knotd[6010]: segfault at 0 ip (null) sp b489e03c error 14 in knotd[8048000+50000] The error is consistent. If I restart the server, wait a little bit to load, and then send the query, it crashes. Running under gdb provides the following backtrace (gdb) bt #0 0x00000000 in ?? () #1 0x0804f2d4 in udp_master_recvmmsg (thread=0x850b5f0, thread_stat=0x0) at knot/server/udp-handler.c:427 #2 0x0804f6f6 in udp_master (thread=0x850b5f0) at knot/server/udp-handler.c:526 #3 0x08085adc in thread_ep (data=0x850b5f0) at knot/server/dthreads.c:160 #4 0xb7e56e99 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0 #5 0xb7d999ee in clone () from /lib/i386-linux-gnu/libc.so.6 If you need anything else, please let me know. Unfortunately I can't send you the zone. Cheers, -- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535

14 let, 2 měsíce

1
0
0 0

Bugfix release of Knot DNS

by Lubos Slovak

Hi, a bugfix release of Knot DNS was made today. Some minor bugs were fixed and some simple features added. Here are some of the changes: - Implemented jitter to REFRESH/RETRY timers - Problem with creating IXFR journal for bootstrapped zone - Race condition in processing NOTIFY/SOA queries - TSIG improper assignment of algorithm type For all changes made since the last release, see RELNOTES in the source directory. Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.0.1.tar.gz Packages will be available shortly on http://www.knot-dns.cz Have a nice weekend! Regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

14 let, 2 měsíce

1
0
0 0

knotc compile/reload

by Jan-Piet Mens

Hello, Congratulations to the release of Knot 1.0 which I'm looking at a bit now, starting off with a minimal configuration. system { storage "/etc/knot"; user: "root"; } interfaces { ipv4 { address 127.0.0.1@53; } } keys { my-key hmac-md5 "xxxx"; } remotes { local0 { address 127.0.0.1; } mastr { address 192.168.1.145; } m2 { address 192.168.1.53; key my-key; } } zones { example.com { file "example.com.zone"; } inline.aa { file "inline.aa"; semantic-checks off; xfr-in mastr; notify-in mastr; } jpmens.net { file "jpmens.net"; semantic-checks off; xfr-in m2; notify-in m2; xfr-out local0; } } Apologies for nitpicking on these rather cosmetic issues, but maybe they can be addressed in a future version: An invocation of `knotc -c knot.conf compile' complains that slave zone files don't (yet) exist. (True enough: they haven't yet been transferred): Zone file 'inline.aa' doesn't exist. Zone file 'jpmens.net' doesn't exist. Parsing file 'example.com.zone', origin 'example.com.' ... Compilation successful. After launching Knot with `knotc -c knot.conf start', zones are populated from the master server(s) and I see the *.db and *.db.crc files. The zones are loaded and I can query them. So far, so good. :) A small change to `example.com.zone' and a compile, again warns that the slave zone files don't exist. In effect it is true: the filenames I've configured in knot.conf do not exist, but the message is confusing because the zones have been loaded/exist. knotc -c knot.conf compile Zone file 'inline.aa' doesn't exist. Zone file 'jpmens.net' doesn't exist. Parsing file 'example.com.zone', origin 'example.com.' ... Compilation successful.' A subsequent server reload `knotc -c knot.conf reload' says in the log that the file(s) I just compiled are out of date: Loading 3 compiled zones... warning: Database for zone 'example.com' is not up-to-date. Please recompile. Loaded zone 'example.com.' Zone 'inline.aa.' is up-to-date, no need for reload. Zone 'jpmens.net.' is up-to-date, no need for reload. Loaded 3 out of 3 zones. Configuration reloaded. Regards, -JP

14 let, 2 měsíce

1
0
0 0

Knot DNS v1.0.0 released!

by Lubos Slovak

Dear Knot DNS users, special days deserve special events and this day will surely be extraordinary not only for us, but for the whole DNS community. CZ.NIC Labs released first stable version of Knot DNS! Please visit our websize http://www.knot-dns.cz for more information and all relevant links. Source files are available here: http://public.nic.cz/files/knot-dns/knot-1.0.0.tar.gz (SHA256: ab947ff09655f44bd4106da65764810ff760b646b83e9b0939ee994f943372a6) Packages will be available shortly from usual repositories. Instructions on how to setup them are available at http://www.knot-dns.cz. Lots of testing has been done in the past few weeks and we believe Knot DNS is as stable and bugfree as possible. Thank you all for support and feedback! We will continue developing Knot DNS - there is still place for a lot of optimizations, minor tweaks or new features, so stay tuned for next releases. Thank you again for using Knot DNS! Kind regards, Lubos, CZ.NIC Labs -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

14 let, 2 měsíce

1
0
0 0

Knot DNS 1.0 - RC1 released!

by Lubos Slovak

Hi, CZ.NIC Labs are proud to announce the first Release Candidate of Knot DNS! There are a lot of new features and some bug fixes that should make Knot DNS substantially more stable and secure. To pick just few interesting new features: - Support for NSID. - Support for root zone. - Dropping privileges after binding to port 53. - Automatic zone compile on server start. For all changes made since the last release, see RELNOTES in the source directory. Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.0-rc1.tar.gz (Sha256: b0e79159386555ce4086a43231fcf97b28cafc83) Packages will be available shortly from usual repositories. Instructions on how to setup them are available at http://www.knot-dns.cz. We will be grateful for any feedback from you to make the final release as stable and bugfree as possible. We will release the final 1.0 version shortly after more testing we plan to do in following weeks. Regards, Lubos, CZ.NIC Labs -- Ľuboš Slovák Knot DNS CZ.NIC Labshttp://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email:lubos.slovak@nic.cz WWW:http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign athttp://thinkBeforePrinting.org

14 let, 3 měsíce

1
0
0 0

Knot DNS - 0.9.1

by Lubos Slovak

Hi, a (mostly) bugfix release of Knot DNS was made today (v. 0.9.1). Corrected issues: - Fixed build on BSD. - Fixed parsing and dumping of some types (IPSECKEY, WKS, DLSV, APL, SPF, NSAP). Moreover, we added RRSet round-robin rotation when answering and a new pseudo-random number generator. Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-0.9.1.tar.gz Packages will follow shortly (probably tomorrow). Enjoy and be ready for the 1.0 release, which is on the way! Kind regards, Lubos -- Ľuboš Slovák Knot DNS CZ.NIC Labs http://www.knot-dns.cz ------------------------------------------- Americká 23, 120 00 Praha 2, Czech Republic Email: lubos.slovak(a)nic.cz WWW: http://labs.nic.cz http://www.nic.cz ------------------------------------------- Please consider the environment before printing this email. Join the campaign at http://thinkBeforePrinting.org

14 let, 3 měsíce

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users