Greetings. This seems a bit odd. I have a zone file with:
=====
$TTL 6
test79.example.com. IN SOA foo.example.com. dns.test79.example.com. ( 201209150 5m 1m 2w 5m )
test79.example.com. IN NS foo.example.com.
test79.example.com. IN TYPE79 \# 4 deadface
=====
Trying to compile it gives:
=====
Parsing file '/home/dns/Files/foo.conf', origin 'test79.example.com.' ...
/home/dns/Files/foo.conf:4: error: bad unknown RDATA
Parser finished with error, not dumping the zone!
error: Compilation of 'test79.example.com.' failed, knot-zcompile return code was '1'
=====
This zone file works fine in BIND, NSD, and PowerDNS. It seems that either Knot cannot use the standard mechanism for defining unknown RRtypes (RFC 3597), or it maybe has a different syntax. Clues are appreciated.
--Paul Hoffman
Hi!
I run Knot with option
apn@knot-test:/home/apn>grep user /usr/local/etc/knot/knot.conf
user bind.dns;
apn@knot-test:/home/apn>ps uaxww | grep knot
bind 9925 0.0 0.8 33760 8736 ?? Ss 4:03PM 0:00.07
/usr/local/sbin/knotd -d -c /usr/local/etc/knot/knot.conf
apn@knot-test:/home/apn>knotc -V
Knot DNS, version 1.1.0-rc2
apn@knot-test:/home/apn>uname -a
FreeBSD knot-test.local 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3
07:46:30 UTC 2012
root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Everything is fine except for one: I can't control Knot via knotc
under my account and have to raise my privileges.
apn@knot-test:/home/apn>knotc running
2012-09-03T17:33:20.801730+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:33:20.802876+04:00 Server PID not found, probably not running.
2012-09-03T17:33:20.803099+04:00 [warning] PID file is stale.
apn@knot-test:/home/apn>knotc reload
2012-09-03T17:57:01.706820+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:01.707934+04:00 [warning] Server PID not found,
probably not running.
apn@knot-test:/home/apn>knotc refresh
2012-09-03T17:57:11.314605+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:11.315736+04:00 [warning] Server PID not found,
probably not running.
I believe that is because of using of kill(2) in pid_running(). So I'm
wondering how unprivileged user can send commands to Knot?
Thanks in advance.
--
AP
Hi,
second Release Candidate of Knot DNS 1.1 is out now. We slightly
improved and fixed the user manual, fixed two minor bugs:
- generating journal for IXFR when the zone contains IPSECKEY and APL
records in binary format,
- possible leak on server shutdown with a pending transfer
and fixed the behaviour of slave server using TSIG. It did not sign SOA
queries to master, causing it to fail the zone version check when
talking to Bind with allow-query configured to use TSIG key.
Source files are available here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz
GPG signature:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz.asc
Packages will be updated soon at the usual place on http://www.knot-dns.cz.
Please provide us with any feedback before the final 1.1 release next week.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
we've just released a Release Candidate of Knot DNS 1.1. The new version
brings a lot of enhancements and bugfixes which improve stability and
interoperability of Knot DNS. It also contains a complete User manual
for easier deployment. The manual can be either built from the sources
('make pdf' or 'make html'), or accessed online via Knot DNS website
(http://www.knot-dns.cz).
Here are some highlights of changes in the new version:
- Improved speed of incoming IXFR even more.
- Optimized loading of many zones.
- Option to disable authoritative ANY answers as a mitigation to recent
DDoS reflection attacks.
- Fixed some problems and leaks cased if an IXFR transfer failed (e.g.
because of malformed data).
- Improved malformed packet parsing and handling.
- Fixed answering in some special cases.
We also implemented an option to generate zone differences from zone
reload and using them for IXFR journal. Thus Knot DNS may serve as IXFR
primary master (until now, it needed to obtain the differences by a
transfer from some other master). However, this feature is only
experimental, so use it with care. We do not guarantee that the results
will be always good or that it won't compromise the stability of the server.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0-rc…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc1.tar.gz
GPG signature:
Packages will be available soon on http://www.knot-dns.cz.
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello list,
I found an article
http://blog.nic.cz/2012/07/19/zavazna-vzdalena-zranitelnost-v-dns-serveru-n…
which mentions "list of non-standard DNS queries" for test purposes.
Is it possible to obtain this list and related tools? I looked into latest
Knot sources tarball and I found nothing :-)
I'm developer of BIND 9 plugin and I want to explore and re-use mentioned
tests for configurations with this plugin
(https://fedorahosted.org/bind-dyndb-ldap/).
I'm not a member of knot-dns-users list, please add me to Cc in reply.
Thanks for your time.
--
Petr Spacek
Red Hat Czech
Hi,
I am having difficulties running knot on an dualstack host. I want Knot
to listen on all IPv4 and all IPv6 interfaces. I am using this
interfaces section in config file:
interfaces {
allv4 { address 0.0.0.0; }
allv6 { address [::]; }
}
Using this config, Knot listens only on v4 address and gives an error
binding the v6 address:
2012-07-27T13:21:44.646094+02:00 Binding to interface 0.0.0.0 port 53.
2012-07-27T13:21:44.646197+02:00 [error] Cannot bind to socket (98).
2012-07-27T13:21:44.646233+02:00 [error] Could not bind to TCP interface
:: port 53.
2012-07-27T13:21:44.646240+02:00 Binding to interface :: port 53.
Changing interface order the other way around results in listening on v6
only with same error, yet also v4 connections are accepted, probably due
to IPV6_V6ONLY socket option not being turned on by Knot.
When I tried changing listening port on either line, problem
disappeared. I am using Debian package, version 1.0.6-1~bpo60+1.
Cheers,
Ondřej Caletka
Hello,
I'm new to KNOT and I'm trying to install it on a CentOS 6.3 (Final)
minimal install, I already updated openssl to the newest version and
install all the pre-requirements but when I run make command I get the
following error:
*************************
BINDIR=\"/usr/local/sbin\" -g -O2 -fpredictive-commoning
-I/usr/local/include -mmmx -msse -msse2 -msse3 -MT journal.lo -MD -MP
-MF .deps/journal.Tpo -c knot/server/journal.c -fPIC -DPIC -o
.libs/journal.o
In file included from knot/server/journal.c:26:
./common/crc.h:30:18: error: zlib.h: No such file or directory
In file included from knot/server/journal.c:26:
./common/crc.h: In function 'crc_init':
./common/crc.h:49: warning: implicit declaration of function 'adler32'
make[2]: *** [journal.lo] Error 1
make[2]: Leaving directory `/root/knot-1.0.6/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/knot-1.0.6/src'
make: *** [all-recursive] Error 1
*************************
Can any of you guys help me?
Best regards,
--
Eduardo Duarte
SIT-DNS
DNS.PT - https://www.dns.pt/
FCCN - http://www.fccn.pt/
Sorry, didn't send it to the list before..
L.
-------- Original Message --------
Subject: Re: [knot-dns-users] Fail to serve RFC 2317-ish zone
Date: Wed, 04 Jul 2012 15:12:59 +0200
From: Lubos Slovak <lubos.slovak(a)nic.cz>
To: Koh-ichi Ito <kohi(a)kkdlabs.jp>
Hi there,
thanks for the report! It's true that Knot DNS actually imposes quite
rigid rules to domain names. We will probably change that in future. But
we forgot about the RFC 2317 case, so thanks once more for the notice.
Will add support for / in domain names in the next release - that should
suffice.
Regards,
Lubos
On 07/04/2012 12:48 PM, Koh-ichi Ito wrote:
> Dear team,
>
> I found that Knot DNS v1.0.6(from tarball) fails to serve
> RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case.
>
> -----[ knot.conf ]------------------------------------------
> system {
> storage "/proj/knot-dns/var";
> }
> zones {
> 32/27.2.0.192.in-addr.arpa {
> file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa";
> }
> }
>
> -----[ zone data ]------------------------------------------
> $TTL 1d
> $ORIGIN 32/27.2.0.192.in-addr.arpa
> @ IN SOA ns.example1.jp. hostmaster.example1.jp. (
> 2012070401
> 20m
> 15m
> 4w
> 15m )
> NS ns.example1.jp.
>
> -----[ The result ]-----------------------------------------
> kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa
> [sudo] password for kohi:
> 2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32').
> 2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'.
> kohi@lars[2]%
> ------------------------------------------------------------
>
> Thanks in advance.
>
> Koh-ichi Ito
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hi,
Is there any frontend for knotdns? We have different kind of users and for
non technicians is more difficult to manage from command line.
¡Thanks!
Hello team,
I experienced the following compile error while installing
knot-1.0.6(tarball from WWW site) on FreeBSD 8.3.
% make
Making all in src
make all-am
/bin/sh ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Ilibknot -DLIBEXECDIR='"/pub/knot-1.0.6/libexec"' -DSYSCONFDIR='"/pub/knot-1.0.6/etc"' -DSBINDIR='"/pub/knot-1.0.6/sbin"' -I/pub/include -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT utils.lo -MD -MP -MF .deps/utils.Tpo -c -o utils.lo `test -f 'libknot/util/utils.c' || echo './'`libknot/util/utils.c
:
:
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Ilibknot -DLIBEXECDIR=\"/pub/knot-1.0.6/libexec\" -DSYSCONFDIR=\"/pub/knot-1.0.6/etc\" -DSBINDIR=\"/pub/knot-1.0.6/sbin\" -I/pub/include -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT dthreads.lo -MD -MP -MF .deps/dthreads.Tpo -c knot/server/dthreads.c -fPIC -DPIC -o .libs/dthreads.o
knot/server/dthreads.c: In function 'dt_setaffinity':
knot/server/dthreads.c:864: error: 'cpu_set_t' undeclared (first use in this function)
knot/server/dthreads.c:864: error: (Each undeclared identifier is reported only once
knot/server/dthreads.c:864: error: for each function it appears in.)
knot/server/dthreads.c:868: warning: implicit declaration of function 'pthread_setaffinity_np'
knot/server/dthreads.c:868: error: expected expression before ')' token
*** Error code 1
Stop in /u1/share/pub/src/knot-dns/knot-1.0.6/src.
*** Error code 1
Stop in /u1/share/pub/src/knot-dns/knot-1.0.6/src.
*** Error code 1
Stop in /u1/share/pub/src/knot-dns/knot-1.0.6.
As an ad-hoc workaround, the following trial works fine.
% cd src
% mv config.h config.h.ORG
% cp config.h.ORG config.h
% ed config.h
10154
/HAVE_PTHREAD_SETAFFINITY_NP
#define HAVE_PTHREAD_SETAFFINITY_NP 1
s/^#define/#undef/
s/ 1$//
p
#undef HAVE_PTHREAD_SETAFFINITY_NP
s/^#define/#undef/
s/ 1$//
p
#undef HAVE_PTHREAD_SETAFFINITY_NP
w
10151
q
% diff -u config.h.ORG config.h
--- config.h.ORG 2012-06-30 14:56:16.000000000 +0900
+++ config.h 2012-06-30 15:08:09.000000000 +0900
@@ -107,7 +107,7 @@
#define HAVE_PSELECT 1
/* Define to 1 if you have the `pthread_setaffinity_np' function. */
-#define HAVE_PTHREAD_SETAFFINITY_NP 1
+#undef HAVE_PTHREAD_SETAFFINITY_NP
/* Define to 1 if you have the `regcomp' function. */
#define HAVE_REGCOMP 1
% cd ..
As long as invoke via knotc and easy query via dig, the
result binary seems to work fine.
Thanks in advance
--
kkdlabs.jp, featuring Koh-ichi Ito as just another DNS freak in town.
Hello again. Here's another one.
I noticed that zone data contains relative notation such as
'@' but no $ORIGIN causes error.
knotc checkzone says:
-----
kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc checkzone example1.jp
[sudo] password for kohi:
2012-07-04T19:52:19.603883+09:00 Using '/proj/knot-dns/etc/knot.conf' as default configuration.
2012-07-04T19:52:19.615871+09:00 [error] /proj/dns/namedb/example1.jp:3: @ used, but no $ORIGIN specified.
2012-07-04T19:52:19.631618+09:00 [error] /proj/dns/namedb/example1.jp:11: Zone file does not contain SOA record!
-----
And knotc compile says:
-----
kohi@lars[2]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc compile
2012-07-04T19:54:02.023025+09:00 Using '/proj/knot-dns/etc/knot.conf' as default configuration.
2012-07-04T19:54:02.039299+09:00 Parsing file '/proj/dns/namedb/example1.jp', origin 'example1.jp.' ...
2012-07-04T19:54:02.051637+09:00 [error] /proj/dns/namedb/example1.jp:3: @ used, but no $ORIGIN specified.
2012-07-04T19:54:02.052790+09:00 [error] /proj/dns/namedb/example1.jp:11: Zone file does not contain SOA record!
2012-07-04T19:54:02.053653+09:00 [error] Compilation of 'example1.jp.' failed, knot-zcompile return code was '1'
-----
It complains even though it knows that "origin 'example1.jp.' ...".
Is this behavior by design policy? Or I wish it to be
enhanced.
Best regards,
Koh-ichi Ito
Hello,
Yesterday I replaced one of my authoritative servers with knot 1.0.5
(previously powerdns). I am already delighted by the simplicity of knot,
so thank you for a nice piece of software.
I tried some configurations and noticed that I was unable to correctly
run as an unprivileged user. It seems that the problem is:
- start knotd as root.root
- create empty pidfile (owned by root.root)
- drop privileges to user 'knot.knot'
- write pid to pidfile (and fail doing so)
- log error:
2012-06-11T22:23:06+02:00 julie knot[31184]: [warning] Failed to create
PID file '/var/lib/knot/knot.pid'.
2012-06-11T22:23:06+02:00 julie knot[31184]: Server started as a daemon,
PID = 31184
2012-06-11T22:23:06+02:00 julie knot[31184]: [warning] Server running
without PID file.
When stopping knotd later on, the following is logged, and knotd does
not stop running.
2012-06-11T22:23:38+02:00 julie knot[31210]: [warning] Server PID not
found, probably not running.
I guess that either the pid file need to be chowned to the unprivileged
user before privileges are dropped, or the pid needs to be written to
the file earlier. Note that the file *is* created (despite the error
messages saying something else), but it is empty.
Kind regards,
Tom
Dear team,
I found that Knot DNS v1.0.6(from tarball) fails to serve
RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case.
-----[ knot.conf ]------------------------------------------
system {
storage "/proj/knot-dns/var";
}
zones {
32/27.2.0.192.in-addr.arpa {
file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa";
}
}
-----[ zone data ]------------------------------------------
$TTL 1d
$ORIGIN 32/27.2.0.192.in-addr.arpa
@ IN SOA ns.example1.jp. hostmaster.example1.jp. (
2012070401
20m
15m
4w
15m )
NS ns.example1.jp.
-----[ The result ]-----------------------------------------
kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa
[sudo] password for kohi:
2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32').
2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'.
kohi@lars[2]%
------------------------------------------------------------
Thanks in advance.
Koh-ichi Ito
Hi all,
we have created page for Knot DNS on Google+ [1]. We will try
to use that channel for communicating short interesting stuff
from the development. You will not be bored, we promise :)
1. https://plus.google.com/u/0/111568815130451558383/posts
Feel free to join the channel and/or spread the word around.
Ondrej
--
Ondřej Surý -- Chief Science Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury@nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
Hi,
another bugfix release of Knot DNS is out. This one corrects behaviour
with wildcard CNAMEs, when DNSSEC is requested (some NSECs/NSEC3s were
missing) and fixes some potential problems from incorrect use of RCU
synchronisation.
The sources are available here:
http://public.nic.cz/files/knot-dns/knot-1.0.6.tar.gz
GPG signature: http://public.nic.cz/files/knot-dns/knot-1.0.6.tar.gz.asc
Packages available at www.knot-dns.cz will be updated soon as well.
We are planning another release soon, with a lot of improvements and
small fixes in answers. Also we found out that the IXFR is still quite
slow with too many changes (more than 50 000 RRs changed) and are
working on that as well.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
yesterday's release contained an ugly bug that caused Knot not to create
journal files, which lead to IXFR being non-functional at all. We are
very sorry for this and immediately released a hotfix marked as 1.0.5.
Please, download the fixed version here:
http://public.nic.cz/files/knot-dns/knot-1.0.5.tar.gz
GPG signature: http://public.nic.cz/files/knot-dns/knot-1.0.5.tar.gz.asc
Packages will be updated soon as well.
With regards and apologies,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hi,
While knot seems to work fine for me given my testing sofar I would like to see the full documentation. In the man pages there is this reference:
The full documentation for Knot is maintained as a Texinfo manual. If the
info and Knot programs are properly installed at your site, the command
info Knot
should give you access to the complete manual.
I know what info is, but where is the actual texinfo file? I cannot find it in the distribution.
Regards,
Johan
Hello,
after some time, we are finally releasing version 1.0.4 of Knot DNS.
However, we hope the improvements we made are worth the waiting. First
of all, we sped up incoming IXFR processing A LOT. Also memory
consumption of the processing is slightly improved.
Besides, we addressed some bugs reported by our users and made some
other improvements. To name a few:
- Parallel loading of zones to the server.
- Support for TLSA (RR type 52).
- knotc checkzone (as a dry-run of zone compile).
- knotc refresh for forcing Knot to update all zones from master servers.
- Copying OPCODE and RD bit from query to NOTIMPL responses.
- Fixed crash when NS or MX points to an alias.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.0.4/en…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.0.4.tar.gz
Packages will be available soon on http://www.knot-dns.cz
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labshttp://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email:lubos.slovak@nic.cz
WWW:http://labs.nic.cz http://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign athttp://thinkBeforePrinting.org
Hi,
After moving one of my authoritative nameservers from bind to nsd, I
thought why not migrate another one to knot, it seems nice... :-)
So, I started writing a small script to output the knot conf bits I needed
only to find out that I can't find a way to do includes, like I do with
bind or nsd.
What's the usual way to do that kind of things ?
Is it possible to have more than one keys, remotes and zones sections ?
Regards,
--
Mathieu Arnold
Dear users,
we have just released a hotfixed version of Knot DNS. These last changes
address several issues:
- The last release slowed down the compilation a lot, due to some
changes in underlying code. This has been improved, so that the
compilation should be as fast as before.
- It turned out that Knot DNS was applying ENDS0 UDP payload limit also
to TCP queries - we are sorry for such a bug, it should be OK now.
- Besides, a missing include for FreeBSD was added and a potential crash
with many concurrent transfers was fixed too.
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.0.3.tar.gz
Packages will be available soon on http://www.knot-dns.cz
Next version is due to be released in a short time, featuring support
for new RR type TLSA (52).
Enjoy!
Lubos
Hello, list!
I encountered a problem when I tried to start Knot on FreeBSD 8.0.
When I tried start from rc.d script, Knotc freezed for 5 minutes until I
killed it.
When I tried "knotc start" nothing happened.
And when I tried start directly knotd, the following was happened:
dnssec-slave2# knotd -c /srvs/knot/etc/knot.conf
Reading configuration '/srvs/knot/etc/knot.conf' ...
Assertion failed: (knot_node_new_node(knot_dname_node(dname)) != NULL),
function xfrin_switch_node_in_dname_table, file libknot/updates/xfr-in.c,
line 2264.
Abort
--
AP
Hi,
another release of Knot DNS is out. Beside some small fixes we improved
configuration options, log messages and slightly optimized overall
performance.
For all changes made, see RELNOTES in the source directory.
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.0.2.tar.gz
Packages will be available soon on http://www.knot-dns.cz
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labshttp://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email:lubos.slovak@nic.cz
WWW:http://labs.nic.cz http://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign athttp://thinkBeforePrinting.org
Hello knotty people ;)
Both userspace-rcu and knot are now in the FreeBSD ports collection.
http://www.freshports.org/dns/knot/
--
Met vriendelijke groet,
With kind regards,
Leo Vandewoestijne.
Hi:
I'm trying to test Knot 1.0.1 with a basic configuration, and I managed
to crash it.
Compiled from source on a Ubuntu 11.04, serving one signed zone.
uname -a
Linux turista 2.6.38-13-generic-pae #55-Ubuntu SMP Tue Jan 24 15:54:51
UTC 2012 i686 i686 i386 GNU/Linux
autoreconf -if
./configure --prefix=/opt/knot
make
sudo make install
The configuration file looks like this
system {
identity "knot 1.0.1";
storage "/opt/knot/var/knot";
}
interfaces {
my-iface { address 192.168.22.152@53; }
}
zones {
co.nz {
file "/opt/knot/etc/co.nz";
}
}
log {
syslog { any warning, error; }
}
Then
root@turista:/opt/knot# sbin/knotc -c etc/knot.conf compile
Parsing file '/opt/knot/etc/co.nz', origin 'co.nz.' ...
Compilation successful.
root@turista:/opt/knot# sbin/knotc -c etc/knot.conf -i start
control: Running in interactive mode.
Reading configuration '/opt/knot/etc/knot.conf' ...
And when I send a query to the server
dig dnskey co.nz @192.168.22.152
I get this in syslog
Mar 15 17:00:44 turista kernel: [1487877.778230] knotd[6010]: segfault
at 0 ip (null) sp b489e03c error 14 in knotd[8048000+50000]
The error is consistent. If I restart the server, wait a little bit to
load, and then send the query, it crashes.
Running under gdb provides the following backtrace
(gdb) bt
#0 0x00000000 in ?? ()
#1 0x0804f2d4 in udp_master_recvmmsg (thread=0x850b5f0, thread_stat=0x0)
at knot/server/udp-handler.c:427
#2 0x0804f6f6 in udp_master (thread=0x850b5f0)
at knot/server/udp-handler.c:526
#3 0x08085adc in thread_ep (data=0x850b5f0) at knot/server/dthreads.c:160
#4 0xb7e56e99 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5 0xb7d999ee in clone () from /lib/i386-linux-gnu/libc.so.6
If you need anything else, please let me know. Unfortunately I can't
send you the zone.
Cheers,
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
Hi,
a bugfix release of Knot DNS was made today. Some minor bugs were fixed
and some simple features added. Here are some of the changes:
- Implemented jitter to REFRESH/RETRY timers
- Problem with creating IXFR journal for bootstrapped zone
- Race condition in processing NOTIFY/SOA queries
- TSIG improper assignment of algorithm type
For all changes made since the last release, see RELNOTES in the source
directory.
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.0.1.tar.gz
Packages will be available shortly on http://www.knot-dns.cz
Have a nice weekend!
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello,
Congratulations to the release of Knot 1.0 which I'm looking at a bit
now, starting off with a minimal configuration.
system {
storage "/etc/knot";
user: "root";
}
interfaces {
ipv4 { address 127.0.0.1@53; }
}
keys {
my-key hmac-md5 "xxxx";
}
remotes {
local0 { address 127.0.0.1; }
mastr { address 192.168.1.145; }
m2 { address 192.168.1.53; key my-key; }
}
zones {
example.com {
file "example.com.zone";
}
inline.aa {
file "inline.aa";
semantic-checks off;
xfr-in mastr;
notify-in mastr;
}
jpmens.net {
file "jpmens.net";
semantic-checks off;
xfr-in m2;
notify-in m2;
xfr-out local0;
}
}
Apologies for nitpicking on these rather cosmetic issues, but maybe they
can be addressed in a future version:
An invocation of `knotc -c knot.conf compile' complains that slave zone
files don't (yet) exist. (True enough: they haven't yet been
transferred):
Zone file 'inline.aa' doesn't exist.
Zone file 'jpmens.net' doesn't exist.
Parsing file 'example.com.zone', origin 'example.com.' ...
Compilation successful.
After launching Knot with `knotc -c knot.conf start', zones are
populated from the master server(s) and I see the *.db and *.db.crc
files. The zones are loaded and I can query them. So far, so good. :)
A small change to `example.com.zone' and a compile, again warns that the
slave zone files don't exist. In effect it is true: the filenames I've
configured in knot.conf do not exist, but the message is confusing
because the zones have been loaded/exist.
knotc -c knot.conf compile
Zone file 'inline.aa' doesn't exist.
Zone file 'jpmens.net' doesn't exist.
Parsing file 'example.com.zone', origin 'example.com.' ...
Compilation successful.'
A subsequent server reload `knotc -c knot.conf reload' says in the log
that the file(s) I just compiled are out of date:
Loading 3 compiled zones...
warning: Database for zone 'example.com' is not up-to-date. Please recompile.
Loaded zone 'example.com.'
Zone 'inline.aa.' is up-to-date, no need for reload.
Zone 'jpmens.net.' is up-to-date, no need for reload.
Loaded 3 out of 3 zones.
Configuration reloaded.
Regards,
-JP
Dear Knot DNS users,
special days deserve special events and this day will surely be
extraordinary not only for us, but for the whole DNS community. CZ.NIC
Labs released first stable version of Knot DNS!
Please visit our websize http://www.knot-dns.cz for more information and
all relevant links.
Source files are available here:
http://public.nic.cz/files/knot-dns/knot-1.0.0.tar.gz
(SHA256: ab947ff09655f44bd4106da65764810ff760b646b83e9b0939ee994f943372a6)
Packages will be available shortly from usual repositories. Instructions
on how to setup them are available at http://www.knot-dns.cz.
Lots of testing has been done in the past few weeks and we believe Knot
DNS is as stable and bugfree as possible. Thank you all for support and
feedback!
We will continue developing Knot DNS - there is still place for a lot of
optimizations, minor tweaks or new features, so stay tuned for next
releases.
Thank you again for using Knot DNS!
Kind regards,
Lubos, CZ.NIC Labs
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hi,
CZ.NIC Labs are proud to announce the first Release Candidate of Knot DNS! There are a lot of new features and some bug fixes that should make Knot DNS substantially more stable and secure. To pick just few interesting new features:
- Support for NSID.
- Support for root zone.
- Dropping privileges after binding to port 53.
- Automatic zone compile on server start.
For all changes made since the last release, see RELNOTES in the source directory.
Source files can be downloaded here: http://public.nic.cz/files/knot-dns/knot-1.0-rc1.tar.gz (Sha256: b0e79159386555ce4086a43231fcf97b28cafc83)
Packages will be available shortly from usual repositories. Instructions on how to setup them are available at http://www.knot-dns.cz.
We will be grateful for any feedback from you to make the final release as stable and bugfree as possible. We will release the final 1.0 version shortly after more testing we plan to do in following weeks.
Regards,
Lubos, CZ.NIC Labs
--
Ľuboš Slovák Knot DNS
CZ.NIC Labshttp://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email:lubos.slovak@nic.cz
WWW:http://labs.nic.cz http://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign athttp://thinkBeforePrinting.org
Hi,
a (mostly) bugfix release of Knot DNS was made today (v. 0.9.1).
Corrected issues:
- Fixed build on BSD.
- Fixed parsing and dumping of some types (IPSECKEY, WKS, DLSV, APL,
SPF, NSAP).
Moreover, we added RRSet round-robin rotation when answering and a new
pseudo-random number generator.
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-0.9.1.tar.gz
Packages will follow shortly (probably tomorrow).
Enjoy and be ready for the 1.0 release, which is on the way!
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello, everybody!
I'm trying to compile Knot-0.9 on FreeBSD 8.2 amd64 and getting the
following error:
./.libs/libknotd.a(fdset.o)(.text+0x6f): In function `fdset_init':
common/fdset.c:64: undefined reference to `FDSET_KQUEUE'
*** Error code 1
Stop in /home/apn/knot-0.9/src.
*** Error code 1
Stop in /home/apn/knot-0.9/src.
*** Error code 1
Stop in /home/apn/knot-0.9.
--
--
AP
Hi,
we released new version of Knot DNS - 0.9. It includes full support for
TSIG in both server and client. Moreover, performance on Linux was
improved. There are also some bugfixes:
- Knot was not accepting AXFR-style IXFR with first SOA in a separate
packet (i.e. from Power DNS).
- Wrong SOA TTL in negative answers.
- Wrong max packet size for outgoing transfers (was causing the packets
to be malformed).
- Wrong handling of WKS record in zone compiler.
- Problems with zone bootstrapping.
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-0.9.tar.gz
Thank you again for helping us test Knot. We are looking forward to the
1.0 release, which should bring (among other) support for root zone,
NSID, or improvements to IXFR.
Do have a wonderful year 2012!
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labshttp://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email:lubos.slovak@nic.cz
WWW:http://labs.nic.cz http://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign athttp://thinkBeforePrinting.org
Dobrý den,
pokusně jsem nainstaloval Knot (z deb balíčků) jako slave a spustil pomocí
knotc -vi start
Při notify z masteru se mi u jedné zóny stalo, že se zónový soubor sice
načetl, ale následně knot spadl s chybou:
knotd: libknot/dname.c:616: knot_dname_to_str: Assertion `*w != 0' failed.
Stalo se to několikrát za sebou, když jsem však začal zkoumat příčiny,
problém se vytratil (původní soubor, který problémy způsoboval už
bohužel nemám.) Nicméně jsem si všiml, že ke stejné chybě dojde i při
ukončení interaktivního spuštění pomocí Ctrl+C., což by se asi dít
nemělo (chyba ukazuje na porušenou strukturu knot_dname).
S pozdravem
Ondřej Caletka
Dobry den,
je k dispozici postup jak zkompilovat Knot DNS pod FreeBSD? Konkretne
na 8.2-RELEASE koncim s chybou u ./configure:
configure: error: liburcu not found
liburcu jsem v portech nenasel.
Diky za nakopnuti.
Josef Pinc
Dobry den,
zkousim nasadit Knot DNS jako jeden ze sekundarnich DNS serveru a narazil jsem na nejake problemy.
1. Prenese se mi jen mala cast zon, pak se zanou v logu obevovat nasledujci hlasky:
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to create journal file '/var/lib/knot/av-tech.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to open journal file '/var/lib/knot/av-tech.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to create journal file '/var/lib/knot/avalancheshop.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to open journal file '/var/lib/knot/avalancheshop.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to create journal file '/var/lib/knot/avdata.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to open journal file '/var/lib/knot/avdata.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to create journal file '/var/lib/knot/avdnachod.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to open journal file '/var/lib/knot/avdnachod.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to create journal file '/var/lib/knot/aveli.cz.diff.db'
Dec 1 15:00:31 ns4 knot[3061]: error: Failed to open journal file '/var/lib/knot/aveli.cz.diff.db'
2. Server bezi pod rootem, nenasel jsem v konfiguraci ani v init scriptu (fedora) moznost nejak civilizovane nastavil uzivatele pod kterym to pobezi.
3. Pod Fedora 16 ktera pozuiva systemd neni obsluha knotu uplne idealni - chtelo by to definovat koraktne service pro systemd, ale to je vec tvorby rpm baliku pro fedoru.
--
Stanislav Petr
Hosting90 systems s.r.o.
stanislav.petr(a)hosting90.cz
Hi,
today we released Knot DNS version 0.8.1 which brings two bugfixes:
- Handling SPF records (compilation of zone with SPF failed).
- Saving unknown RR types to zone file (caused failure of XFR/IN).
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-0.8.1.tar.gz
Thank you all for using Knot DNS and reporting problems. We have a few
other bugs to fix in the following days. They will be aggregated in the
next bugfix release which we hope to release in the following two weeks.
With regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dobry den,
pokousim se nasadit knot-dns verze 0.8.0 jako slave server. Pro tyto
ucely mam vmware virtualni stroj s 1GB ram, Ubuntu 10.04.3 x86,
nainstalovano pres apt z launchpad.net.
Pri zaslani notifikace master serverem se mi zona nestahne a v logu
vidim hlasku:
error: IXFR/IN request failed - OS lacked necessary resources.
Nejaky napad jakych prostredku se serveru nedostava?
Config:
system {
identity "knot";
storage "/var/lib/knot";
workers 2;
}
interfaces {
my-local { address 127.0.0.1@53; }
my-ipv4 { address ip4@53; }
my-ipv6 { address ip6@53; }
}
remotes {
my-master { address master_ip@53; }
}
+
cca 50 slave zon.
zony nastavene takto:
mojezona.cz {
file "/var/lib/knot/mojezona.cz.zone";
semantic-checks off; # vypne semantickou kontrolu
# pro tuto zonu
xfr-in my-master; # master server pro tuto zonu
notify-in my-master; # od koho prijmout NOTIFY
}
Diky za pomoc.
Liquid
