Re: [knot-dns-users] Inter-operability issues with other DNS Servers

Hi Evilham, thanks for using Knot DNS and for sharing your issues with us. I was able to watch the misbehavoiur of your name server easily with kdig -t DNSKEY unchat.cat. @ns1.unchat.cat. +notcp +cookie=deadbeefdeadbeef I observed an infinite loop, caused by the server never being happy with the provided server cookie. Looking at the tcpdump, I saw that for some queries, a different server cookie was returned than sent, and for some, DOUBLE cookie option appeared in the response, with different server cookies. I immediately caught a suspicion that such thing can happen if the cookie module is applied twice. Indeed, I was able co create equally malfunctioning setup by configuring: mod-cookies:       - id: default         badcookie-slip: 1 template:       - id: "default"         global-module: mod-cookies/default zone:       - domain: "example.com."         module: mod-cookies/default ...where the cookies module is inserted once as global and once as per-zone. Isn't this also your case? The "relevant bits" of your configuration don't include zone section :-\ This also might potentionally be the reason why DNSViz failed on your domain, unable to reach the DNSKEY records. Looking forward to solving this, Libor Dne 20.10.20 v 23:27 Evilham napsal(a):