Hi,
second Release Candidate of Knot DNS 1.1 is out now. We slightly
improved and fixed the user manual, fixed two minor bugs:
- generating journal for IXFR when the zone contains IPSECKEY and APL
records in binary format,
- possible leak on server shutdown with a pending transfer
and fixed the behaviour of slave server using TSIG. It did not sign SOA
queries to master, causing it to fail the zone version check when
talking to Bind with allow-query configured to use TSIG key.
Source files are available here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz
GPG signature:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz.asc
Packages will be updated soon at the usual place on http://www.knot-dns.cz.
Please provide us with any feedback before the final 1.1 release next week.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
we've just released a Release Candidate of Knot DNS 1.1. The new version
brings a lot of enhancements and bugfixes which improve stability and
interoperability of Knot DNS. It also contains a complete User manual
for easier deployment. The manual can be either built from the sources
('make pdf' or 'make html'), or accessed online via Knot DNS website
(http://www.knot-dns.cz).
Here are some highlights of changes in the new version:
- Improved speed of incoming IXFR even more.
- Optimized loading of many zones.
- Option to disable authoritative ANY answers as a mitigation to recent
DDoS reflection attacks.
- Fixed some problems and leaks cased if an IXFR transfer failed (e.g.
because of malformed data).
- Improved malformed packet parsing and handling.
- Fixed answering in some special cases.
We also implemented an option to generate zone differences from zone
reload and using them for IXFR journal. Thus Knot DNS may serve as IXFR
primary master (until now, it needed to obtain the differences by a
transfer from some other master). However, this feature is only
experimental, so use it with care. We do not guarantee that the results
will be always good or that it won't compromise the stability of the server.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0-rc…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc1.tar.gz
GPG signature:
Packages will be available soon on http://www.knot-dns.cz.
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello list,
I found an article
http://blog.nic.cz/2012/07/19/zavazna-vzdalena-zranitelnost-v-dns-serveru-n…
which mentions "list of non-standard DNS queries" for test purposes.
Is it possible to obtain this list and related tools? I looked into latest
Knot sources tarball and I found nothing :-)
I'm developer of BIND 9 plugin and I want to explore and re-use mentioned
tests for configurations with this plugin
(https://fedorahosted.org/bind-dyndb-ldap/).
I'm not a member of knot-dns-users list, please add me to Cc in reply.
Thanks for your time.
--
Petr Spacek
Red Hat Czech
Hi,
I am having difficulties running knot on an dualstack host. I want Knot
to listen on all IPv4 and all IPv6 interfaces. I am using this
interfaces section in config file:
interfaces {
allv4 { address 0.0.0.0; }
allv6 { address [::]; }
}
Using this config, Knot listens only on v4 address and gives an error
binding the v6 address:
2012-07-27T13:21:44.646094+02:00 Binding to interface 0.0.0.0 port 53.
2012-07-27T13:21:44.646197+02:00 [error] Cannot bind to socket (98).
2012-07-27T13:21:44.646233+02:00 [error] Could not bind to TCP interface
:: port 53.
2012-07-27T13:21:44.646240+02:00 Binding to interface :: port 53.
Changing interface order the other way around results in listening on v6
only with same error, yet also v4 connections are accepted, probably due
to IPV6_V6ONLY socket option not being turned on by Knot.
When I tried changing listening port on either line, problem
disappeared. I am using Debian package, version 1.0.6-1~bpo60+1.
Cheers,
Ondřej Caletka
Hello,
I'm new to KNOT and I'm trying to install it on a CentOS 6.3 (Final)
minimal install, I already updated openssl to the newest version and
install all the pre-requirements but when I run make command I get the
following error:
*************************
BINDIR=\"/usr/local/sbin\" -g -O2 -fpredictive-commoning
-I/usr/local/include -mmmx -msse -msse2 -msse3 -MT journal.lo -MD -MP
-MF .deps/journal.Tpo -c knot/server/journal.c -fPIC -DPIC -o
.libs/journal.o
In file included from knot/server/journal.c:26:
./common/crc.h:30:18: error: zlib.h: No such file or directory
In file included from knot/server/journal.c:26:
./common/crc.h: In function 'crc_init':
./common/crc.h:49: warning: implicit declaration of function 'adler32'
make[2]: *** [journal.lo] Error 1
make[2]: Leaving directory `/root/knot-1.0.6/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/knot-1.0.6/src'
make: *** [all-recursive] Error 1
*************************
Can any of you guys help me?
Best regards,
--
Eduardo Duarte
SIT-DNS
DNS.PT - https://www.dns.pt/
FCCN - http://www.fccn.pt/
Sorry, didn't send it to the list before..
L.
-------- Original Message --------
Subject: Re: [knot-dns-users] Fail to serve RFC 2317-ish zone
Date: Wed, 04 Jul 2012 15:12:59 +0200
From: Lubos Slovak <lubos.slovak(a)nic.cz>
To: Koh-ichi Ito <kohi(a)kkdlabs.jp>
Hi there,
thanks for the report! It's true that Knot DNS actually imposes quite
rigid rules to domain names. We will probably change that in future. But
we forgot about the RFC 2317 case, so thanks once more for the notice.
Will add support for / in domain names in the next release - that should
suffice.
Regards,
Lubos
On 07/04/2012 12:48 PM, Koh-ichi Ito wrote:
> Dear team,
>
> I found that Knot DNS v1.0.6(from tarball) fails to serve
> RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case.
>
> -----[ knot.conf ]------------------------------------------
> system {
> storage "/proj/knot-dns/var";
> }
> zones {
> 32/27.2.0.192.in-addr.arpa {
> file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa";
> }
> }
>
> -----[ zone data ]------------------------------------------
> $TTL 1d
> $ORIGIN 32/27.2.0.192.in-addr.arpa
> @ IN SOA ns.example1.jp. hostmaster.example1.jp. (
> 2012070401
> 20m
> 15m
> 4w
> 15m )
> NS ns.example1.jp.
>
> -----[ The result ]-----------------------------------------
> kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa
> [sudo] password for kohi:
> 2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32').
> 2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'.
> kohi@lars[2]%
> ------------------------------------------------------------
>
> Thanks in advance.
>
> Koh-ichi Ito
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hi,
Is there any frontend for knotdns? We have different kind of users and for
non technicians is more difficult to manage from command line.
¡Thanks!
Hello team,
I experienced the following compile error while installing
knot-1.0.6(tarball from WWW site) on FreeBSD 8.3.
% make
Making all in src
make all-am
/bin/sh ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Ilibknot -DLIBEXECDIR='"/pub/knot-1.0.6/libexec"' -DSYSCONFDIR='"/pub/knot-1.0.6/etc"' -DSBINDIR='"/pub/knot-1.0.6/sbin"' -I/pub/include -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT utils.lo -MD -MP -MF .deps/utils.Tpo -c -o utils.lo `test -f 'libknot/util/utils.c' || echo './'`libknot/util/utils.c
:
:
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Ilibknot -DLIBEXECDIR=\"/pub/knot-1.0.6/libexec\" -DSYSCONFDIR=\"/pub/knot-1.0.6/etc\" -DSBINDIR=\"/pub/knot-1.0.6/sbin\" -I/pub/include -I/usr/local/include -mmmx -msse -msse2 -msse3 -MT dthreads.lo -MD -MP -MF .deps/dthreads.Tpo -c knot/server/dthreads.c -fPIC -DPIC -o .libs/dthreads.o
knot/server/dthreads.c: In function 'dt_setaffinity':
knot/server/dthreads.c:864: error: 'cpu_set_t' undeclared (first use in this function)
knot/server/dthreads.c:864: error: (Each undeclared identifier is reported only once
knot/server/dthreads.c:864: error: for each function it appears in.)
knot/server/dthreads.c:868: warning: implicit declaration of function 'pthread_setaffinity_np'
knot/server/dthreads.c:868: error: expected expression before ')' token
*** Error code 1
Stop in /u1/share/pub/src/knot-dns/knot-1.0.6/src.
*** Error code 1
Stop in /u1/share/pub/src/knot-dns/knot-1.0.6/src.
*** Error code 1
Stop in /u1/share/pub/src/knot-dns/knot-1.0.6.
As an ad-hoc workaround, the following trial works fine.
% cd src
% mv config.h config.h.ORG
% cp config.h.ORG config.h
% ed config.h
10154
/HAVE_PTHREAD_SETAFFINITY_NP
#define HAVE_PTHREAD_SETAFFINITY_NP 1
s/^#define/#undef/
s/ 1$//
p
#undef HAVE_PTHREAD_SETAFFINITY_NP
s/^#define/#undef/
s/ 1$//
p
#undef HAVE_PTHREAD_SETAFFINITY_NP
w
10151
q
% diff -u config.h.ORG config.h
--- config.h.ORG 2012-06-30 14:56:16.000000000 +0900
+++ config.h 2012-06-30 15:08:09.000000000 +0900
@@ -107,7 +107,7 @@
#define HAVE_PSELECT 1
/* Define to 1 if you have the `pthread_setaffinity_np' function. */
-#define HAVE_PTHREAD_SETAFFINITY_NP 1
+#undef HAVE_PTHREAD_SETAFFINITY_NP
/* Define to 1 if you have the `regcomp' function. */
#define HAVE_REGCOMP 1
% cd ..
As long as invoke via knotc and easy query via dig, the
result binary seems to work fine.
Thanks in advance
--
kkdlabs.jp, featuring Koh-ichi Ito as just another DNS freak in town.
Hello again. Here's another one.
I noticed that zone data contains relative notation such as
'@' but no $ORIGIN causes error.
knotc checkzone says:
-----
kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc checkzone example1.jp
[sudo] password for kohi:
2012-07-04T19:52:19.603883+09:00 Using '/proj/knot-dns/etc/knot.conf' as default configuration.
2012-07-04T19:52:19.615871+09:00 [error] /proj/dns/namedb/example1.jp:3: @ used, but no $ORIGIN specified.
2012-07-04T19:52:19.631618+09:00 [error] /proj/dns/namedb/example1.jp:11: Zone file does not contain SOA record!
-----
And knotc compile says:
-----
kohi@lars[2]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc compile
2012-07-04T19:54:02.023025+09:00 Using '/proj/knot-dns/etc/knot.conf' as default configuration.
2012-07-04T19:54:02.039299+09:00 Parsing file '/proj/dns/namedb/example1.jp', origin 'example1.jp.' ...
2012-07-04T19:54:02.051637+09:00 [error] /proj/dns/namedb/example1.jp:3: @ used, but no $ORIGIN specified.
2012-07-04T19:54:02.052790+09:00 [error] /proj/dns/namedb/example1.jp:11: Zone file does not contain SOA record!
2012-07-04T19:54:02.053653+09:00 [error] Compilation of 'example1.jp.' failed, knot-zcompile return code was '1'
-----
It complains even though it knows that "origin 'example1.jp.' ...".
Is this behavior by design policy? Or I wish it to be
enhanced.
Best regards,
Koh-ichi Ito
