knot-dns-users

knot-dns-users@lists.nic.cz

2 participants
751 discussions

by John-Paul Gignac

I'm an engineer at Dyn and I work on the same team as Matthijs Mekking. I noticed that commit 3f950e1d ( https://gitlab.labs.nic.cz/labs/knot/commit/3f950e1d3f323b0ebbd339de29f8c8b…) changes the handling of the CD bit in responses. The test code comments indicate that this is in accordance with https://tools.ietf.org/html/rfc4035#section-3.1.6, but my reading is that it contradicts section 3 of the same RFC. I was wondering if somebody could explain the history or the thinking behind this change. Thanks in advance! John-Paul Gignac

9 let, 1 měsíc

"make check" FAIL with 1.6.0/1.6.8 on Arch Linux

by Tom Preissler

Hi, I am about to migrate my authoritative Bind instance to Knot. My server is Debian Jessie, and the available packge there is 1.6.0-1. I wanted to play on my Arch Linux installation at home to try the migration out, so I am trying to compile aur/knot-lts, which is 1.6.8-1. Compiling it is fine, but "make check" fails: dnssec_sign.............FAILED 45, 50, 53, 56 (killed by signal 6, core dumped) I tried 1.6.0 directly from source as well, same for 1.6.8 from source. I even downloaded the Debian source and compiled that on AL, same error. ldd tests/.libs/lt-dnssec_sign linux-vdso.so.1 (0x00007ffc1a1d2000) libknot.so.0 => /home/tomtom/Rubbish/knot-dns/knot-lts/knot-1.6.0/src/.libs/libknot.so.0 (0x00007fda7c3b4000) liblmdb.so => /usr/lib/liblmdb.so (0x00007fda7c19f000) libzscanner.so.0 => /home/tomtom/Rubbish/knot-dns/knot-lts/knot-1.6.0/src/zscanner/.libs/libzscanner.so.0 (0x00007fda7bf45000) libz.so.1 => /usr/lib/libz.so.1 (0x00007fda7bd2f000) libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0x00007fda7bb29000) libdl.so.2 => /usr/lib/libdl.so.2 (0x00007fda7b925000) libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fda7b708000) libm.so.6 => /usr/lib/libm.so.6 (0x00007fda7b404000) liburcu.so.4 => /usr/lib/liburcu.so.4 (0x00007fda7b1fc000) libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x00007fda7ad84000) libc.so.6 => /usr/lib/libc.so.6 (0x00007fda7a9e6000) /lib64/ld-linux-x86-64.so.2 (0x00007fda7c5db000) liburcu-common.so.4 => /usr/lib/liburcu-common.so.4 (0x00007fda7a7e1000) Versions: usr/lib/liblmdb.so is owned by extra/lmdb 0.9.18-2 usr/lib/libz.so.1 is owned by core/zlib 1.2.8-4 usr/lib/libcap-ng.so.0 is owned by extra/libcap-ng 0.7.8-1 usr/lib/libdl.so.2 is owned by core/glibc 2.24-2 usr/lib/libpthread.so.0 is owned by core/glibc 2.24-2 usr/lib/libm.so.6 is owned by core/glibc 2.24-2 usr/lib/liburcu.so.4 is owned by community/liburcu 0.9.2-1 usr/lib/libcrypto.so.1.0.0 is owned by core/openssl 1.0.2.j-1 usr/lib/libc.so.6 is owned by core/glibc 2.24-2 usr/lib/liburcu-common.so.4 is owned by community/liburcu 0.9.2-1 I have attached the detailed segfault output separately. Regards Tom -- www.preissler.co.uk | Twitter: @module0x90 GPG: BA359D78200264B363314AF5E3839138A11FFD2A

9 let, 2 měsíce

Knot Resolver 1.1.0-8 is caching delegation's TTL instead of zone's TTL

by Arsen STASIC

Hi, I have recently started using Knot Resolver. Thanks for that really nice piece of software. Knot Resolver seems to cache the TTL of parent zone (= delegation) instead of the TTL which is in the zone itself. dig +noall +auth @n.ns.at univie.ac.at ns univie.ac.at. 10800 IN NS ns3.univie.ac.at. univie.ac.at. 10800 IN NS ns4.univie.ac.at. univie.ac.at. 10800 IN NS ns5.univie.ac.at. univie.ac.at. 10800 IN NS ns7.univie.ac.at. univie.ac.at. 10800 IN NS ns8.univie.ac.at. univie.ac.at. 10800 IN NS ns10.univie.ac.at. dig +noall +ans @ns10.univie.ac.at univie.ac.at ns univie.ac.at. 600 IN NS ns7.univie.ac.at. univie.ac.at. 600 IN NS ns4.univie.ac.at. univie.ac.at. 600 IN NS ns8.univie.ac.at. univie.ac.at. 600 IN NS ns3.univie.ac.at. univie.ac.at. 600 IN NS ns5.univie.ac.at. univie.ac.at. 600 IN NS ns10.univie.ac.at. dig +noall +ans @ns10.univie.ac.at ns10.univie.ac.at a ns10.univie.ac.at. 600 IN A 192.76.243.2 Knot Resolver is caching 10800 instead of 600: dig +noall +answer @127.0.0.1 ns10.univie.ac.at a ns10.univie.ac.at. 10634 IN A 192.76.243.2 Bind, unbound and pdns-recursor cache authoritative TTL (600). I have tried to file a bug report at https://gitlab.labs.nic.cz/labs/knot/issues , but I wasn't able to create a user account. cheers, -arsen

9 let, 2 měsíce

Knot DNS 2.3.2

by Ondřej Surý

Dear Knot DNS users, CZ.NIC has just released a new version of Knot DNS. This is mainly bug fix release, but there are some small improvements included as well. There are few fixes related to templates (the root zone now expands to an empty string), timers (zone transfer refresh), ENTs and CD bit handling. knotc is now faster and zone purge also purges timers. You can also specify a journal path and timeout of dnsproxy module. We would also like to invite everyone to migrate from Knot DNS 1.6.x to the current stable Knot DNS 2.x.x release. And that's it! Thank you for using Knot DNS. And we are really looking forward to your feedback. Full changelog: https://gitlab.labs.nic.cz/labs/knot/raw/v2.3.2/NEWS Sources: https://secure.nic.cz/files/knot-dns/knot-2.3.2.tar.xz GPG signature: https://secure.nic.cz/files/knot-dns/knot-2.3.2.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.x/html/ -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ --------------------------------------------

9 let, 2 měsíce

Enable Multi Core CPU in KnotDNS

by shidiq＠pandi.id

Hi All, i'm using knot dns in centos 7 and cpu usage average is 70-90%. i have multi core cpu in this server, but just 1 cpu use by knot DNS. How to enable more than 1 core cpu in knot dns? Thanks, .shidiq

9 let, 2 měsíce

xip.io functionality with Knot?

by Tobias Brunner

Hi Knot people, As xip.io is very unreliable, I was wondering if it is possible to achieve a similar service with Knot? Examples what xip.io is doing: 10.0.0.1.xip.io resolves to 10.0.0.1 www.10.0.0.2.xip.io resolves to 10.0.0.2 foo.10.0.0.3.xip.io resolves to 10.0.0.3 bar.baz.10.0.0.4.xip.io resolves to 10.0.0.4 Cheers, Tobias

9 let, 2 měsíce

snapshot 186526

by Bastien Durel

Hello, I see there's an "unreleased" snapshot in http://deb.knot-dns.cz/knot/ repository, is it intentionnal ? The following packages are currently pending an upgrade: knot 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 knot-dnsutils 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 libdnssec2 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 libknot4 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 libzscanner1 2.3.1-1+0~20161025234932.8+jessie~1.gbp186526 ======================================================================== Package Details: Reading changelogs... --- Changes for knot (knot knot-dnsutils libdnssec2 libzscanner1) --- knot (2.3.1-1+0~20161025234932.8+jessie~1.gbp186526) unstable; urgency=medium ** SNAPSHOT build @18652664b6e8eeb47ba878c1ff6790f5b6ce3451 ** * UNRELEASED -- Ondřej Surý <ondrej(a)sury.org> Wed, 26 Oct 2016 01:49:34 +0200 Regards, -- Bastien

9 let, 2 měsíce

knot 2.3.0-3: Automatic DNSSEC signing: Current limitations and creating trusted-keys { ... }

by georg＠riseup.net

Hi all, I'm running {knot,knot-dnsutils} 2.3.0-3~bpo8+1 out of Debian jessie-backports, and enabled automatic DNSSEC signing, which works great! I've got two question, as per the subject: - According to [1], "KSK rollover is not implemented.". Does this mean, if the key was created and exists, then currently knot doesn't change / rollover the KSK? Is it safe to assume, that as long one is using this version, the key stays the same? - I'm running Unbound to do resolving and forwarding some forward and corresponding reverse zones to knot. To make DNSSEC work, I've created a trusted-keys { ... } file with all the KSK created and used by / with knot. Right now, I've created this file manually, using $ keymgr zone key show ... and $ cat $name_of_zone.json and putting it all together. Right now, is there a tool / utility / command which does this already? TIA and all the best, Georg [1] https://www.knot-dns.cz/docs/2.x/html/configuration.html#limitations

9 let, 2 měsíce

What is stored in Knot's zone timer database?

by Anand Buddhdev

Dear Knot devs, When Knot writes out the zone timer database, what pieces of information about a zone are stored? Regards, Anand

9 let, 2 měsíce

is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

by Toralf Förster

As a lazy slacker I do wonder about such a knot-in-a-nutshell-for-tor-exit-relay-operator-dummies doc ? ;) -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7

9 let, 2 měsíce

← Newer
1
...
44
45
46
47
48
49
50
...
76
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users