17 Led
2017
17 Led
'17
18:54
Dear Knot Resolver users,
CZ.NIC is proud to release a new release candidate of Knot Resolver.
The team has worked very hard to bring:
- reworked DNSSEC Validation, that fixes several know problems
with less standard DNS configurations, and it is also a solid
base for further improvements
- optional EDNS(0) Padding support for DNS over TLS
- support for debugging DNSSEC with CD bit
- DNS over TLS is now able to create ephemeral certs on the runtime
(Thanks Daniel Kahn Gilmore for contributing to DNS over TLS
implementation in Knot Resolver.)
- configurable minimum and maximum TTL (default 6 days)
- configurable pseudo-random reordering of RR sets
- new module 'version' that can call home and report new versions
and security vulnerabilities to the log file
This release also fixes bugs, most notable ones:
- The resolver was setting AD flag when running in a forwarding
mode. Thanks Stéphane Bortzmeyer for reporting this issue!
- We now correctly return RCODE=NOTIMPL on meta-queries and
non IN class queries
- Fix crash in hints module when hints file was empty
- Fix non-lowercase hints
We also have a new LRU implementation under the hood.
That's it! Thank you for using Knot Resolver. And if you are
not using it yet, please give it a try.
Full changelog:
https://gitlab.labs.nic.cz/knot/resolver/raw/v1.2.0-rc1/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz.asc
Documentation:
http://knot-resolver.readthedocs.io/en/latest/
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
18 Led
18 Led
14:29
New subject: Knot Resolver 1.2.0-rc1 (Release Candidate 1) release
Hello, all
In the environment of Ubuntu 16.04.1, I installed knot resolver from the repository, but
daemon does not start.
kometch@dns02:~$ sudo systemctl restart kresd.service
Failed to restart kresd.service: Operation refused, unit kresd.service may be requested by
dependency only.
See system logs and 'systemctl status kresd.service' for details.
If you modify the following location in the systemctl file, it will be launched.
kometch@dns02:~$ sudo systemctl cat kresd.service
# /lib/systemd/system/kresd.service
[Unit]
Description=Knot DNS Resolver daemon
Documentation=man:kresd(8)
## This is a socket-activated service:
RefuseManualStart=true <==false?
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
EnvironmentFile=-/etc/default/kresd
ExecStart=/usr/sbin/kresd $KRESD_ARGS
User=knot-resolver <==root?
Restart=on-failure
[Install]
WantedBy=sockets.target
There are no messages of particular interest in log.
In this case how should I do?
Thanks.
On 2017/01/18 02:54:16, Ondřej Surý <ondrej.sury(a)nic.cz> wrote:
Dear Knot Resolver users,
CZ.NIC is proud to release a new release candidate of Knot Resolver.
The team has worked very hard to bring:
- reworked DNSSEC Validation, that fixes several know problems
with less standard DNS configurations, and it is also a solid
base for further improvements
- optional EDNS(0) Padding support for DNS over TLS
- support for debugging DNSSEC with CD bit
- DNS over TLS is now able to create ephemeral certs on the runtime
(Thanks Daniel Kahn Gilmore for contributing to DNS over TLS
implementation in Knot Resolver.)
- configurable minimum and maximum TTL (default 6 days)
- configurable pseudo-random reordering of RR sets
- new module 'version' that can call home and report new versions
and security vulnerabilities to the log file
This release also fixes bugs, most notable ones:
- The resolver was setting AD flag when running in a forwarding
mode. Thanks Stéphane Bortzmeyer for reporting this issue!
- We now correctly return RCODE=NOTIMPL on meta-queries and
non IN class queries
- Fix crash in hints module when hints file was empty
- Fix non-lowercase hints
We also have a new LRU implementation under the hood.
That's it! Thank you for using Knot Resolver. And if you are
not using it yet, please give it a try.
Full changelog:
https://gitlab.labs.nic.cz/knot/resolver/raw/v1.2.0-rc1/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz.asc
Documentation:
http://knot-resolver.readthedocs.io/en/latest/
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
16:01
New subject: Knot Resolver 1.2.0-rc1 (Release Candidate 1) release
Horigome-san,
this is still the same issue as https://gitlab.labs.nic.cz/knot/resolver/issues/115.
kresd in Debian and Ubuntu is socket activated under systemd. If you want to override
this, do:
sudo systemctl mask kresd.socket
sudo systemctl mask kresd-control.socket
then create:
/etc/systemd/system/kresd.service
and put something like:
--cut here--
[Unit]
Description=Knot DNS Resolver daemon
Documentation=man:kresd(8)
## This is a socket-activated service:
RefuseManualStart=false
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
EnvironmentFile=-/etc/default/kresd
ExecStart=/usr/sbin/kresd $KRESD_ARGS
User=root
Restart=on-failure
[Install]
WantedBy=sockets.target
--cut here--
into it.
Then edit /etc/knot-resolver/kresd.conf and add:
user('knot-resolver','knot-resolver')
after any net or net.listen statements, but before any cache.* statements.
Finally issue:
sudo systemctl daemon-reload
sudo systemctl restart kresd
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Horigome Yoshihito"
<kometch(a)gmail.com>
To: "knot-dns-users" <knot-dns-users(a)lists.nic.cz>
Sent: Wednesday, 18 January, 2017 14:29:26
Subject: Re: [knot-dns-users] Knot Resolver 1.2.0-rc1 (Release Candidate 1) release
Hello, all
In the environment of Ubuntu 16.04.1, I installed knot resolver from the
repository, but daemon does not start.
kometch@dns02:~$ sudo systemctl restart kresd.service
Failed to restart kresd.service: Operation refused, unit kresd.service may be
requested by dependency only.
See system logs and 'systemctl status kresd.service' for details.
If you modify the following location in the systemctl file, it will be launched.
kometch@dns02:~$ sudo systemctl cat kresd.service
# /lib/systemd/system/kresd.service
[Unit]
Description=Knot DNS Resolver daemon
Documentation=man:kresd(8)
## This is a socket-activated service:
RefuseManualStart=true <==false?
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
EnvironmentFile=-/etc/default/kresd
ExecStart=/usr/sbin/kresd $KRESD_ARGS
User=knot-resolver <==root?
Restart=on-failure
[Install]
WantedBy=sockets.target
There are no messages of particular interest in log.
In this case how should I do?
Thanks.
On 2017/01/18 02:54:16, Ondřej Surý <ondrej.sury(a)nic.cz> wrote: Dear Knot
Resolver users,
CZ.NIC is proud to release a new release candidate of Knot Resolver.
The team has worked very hard to bring:
- reworked DNSSEC Validation, that fixes several know problems
with less standard DNS configurations, and it is also a solid
base for further improvements
- optional EDNS(0) Padding support for DNS over TLS
- support for debugging DNSSEC with CD bit
- DNS over TLS is now able to create ephemeral certs on the runtime
(Thanks Daniel Kahn Gilmore for contributing to DNS over TLS
implementation in Knot Resolver.)
- configurable minimum and maximum TTL (default 6 days)
- configurable pseudo-random reordering of RR sets
- new module 'version' that can call home and report new versions
and security vulnerabilities to the log file
This release also fixes bugs, most notable ones:
- The resolver was setting AD flag when running in a forwarding
mode. Thanks Stéphane Bortzmeyer for reporting this issue!
- We now correctly return RCODE=NOTIMPL on meta-queries and
non IN class queries
- Fix crash in hints module when hints file was empty
- Fix non-lowercase hints
We also have a new LRU implementation under the hood.
That's it! Thank you for using Knot Resolver. And if you are
not using it yet, please give it a try.
Full changelog:
https://gitlab.labs.nic.cz/knot/resolver/raw/v1.2.0-rc1/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz.asc
Documentation:
http://knot-resolver.readthedocs.io/en/latest/
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
19 Led
19 Led
10:47
New subject: Knot Resolver 1.2.0-rc1 (Release Candidate 1) release
Ondrej-san
Thank you for information.
I'm sorry for the previous question.
Again in this case you only have to mask the TLS related Socket file.
Also thank you for teaching the method of the systemd file.
The problem was solved by the method taught.
With my setting, there is only this way.
I'd like to take this as a procedure for the time being.
Thanks.
On 2017/01/19 00:01:05, Ondřej Surý <ondrej.sury(a)nic.cz> wrote:
Horigome-san,
this is still the same issue as https://gitlab.labs.nic.cz/knot/resolver/issues/115.
kresd in Debian and Ubuntu is socket activated under systemd. If you want to override
this, do:
sudo systemctl mask kresd.socket
sudo systemctl mask kresd-control.socket
then create:
/etc/systemd/system/kresd.service
and put something like:
--cut here--
[Unit]
Description=Knot DNS Resolver daemon
Documentation=man:kresd(8)
## This is a socket-activated service:
RefuseManualStart=false
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
EnvironmentFile=-/etc/default/kresd
ExecStart=/usr/sbin/kresd $KRESD_ARGS
User=root
Restart=on-failure
[Install]
WantedBy=sockets.target
--cut here--
into it.
Then edit /etc/knot-resolver/kresd.conf and add:
user('knot-resolver','knot-resolver')
after any net or net.listen statements, but before any cache.* statements.
Finally issue:
sudo systemctl daemon-reload
sudo systemctl restart kresd
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Horigome Yoshihito"
To: "knot-dns-users"
Sent: Wednesday, 18 January, 2017 14:29:26
Subject: Re: [knot-dns-users] Knot Resolver 1.2.0-rc1 (Release Candidate 1) release
Hello, all
In the environment of Ubuntu 16.04.1, I installed knot resolver from the
repository, but daemon does not start.
kometch@dns02:~$ sudo systemctl restart kresd.service
Failed to restart kresd.service: Operation refused, unit kresd.service may be
requested by dependency only.
See system logs and 'systemctl status kresd.service' for details.
If you modify the following location in the systemctl file, it will be launched.
kometch@dns02:~$ sudo systemctl cat kresd.service
# /lib/systemd/system/kresd.service
[Unit]
Description=Knot DNS Resolver daemon
Documentation=man:kresd(8)
## This is a socket-activated service:
RefuseManualStart=true <==false?>
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
EnvironmentFile=-/etc/default/kresd
ExecStart=/usr/sbin/kresd $KRESD_ARGS
User=knot-resolver <==root?>
Restart=on-failure
[Install]
WantedBy=sockets.target
There are no messages of particular interest in log.
In this case how should I do?
Thanks.
On 2017/01/18 02:54:16, Ondřej Surý wrote: Dear Knot
Resolver users,
CZ.NIC is proud to release a new release candidate of Knot Resolver.
The team has worked very hard to bring:
- reworked DNSSEC Validation, that fixes several know problems
with less standard DNS configurations, and it is also a solid
base for further improvements
- optional EDNS(0) Padding support for DNS over TLS
- support for debugging DNSSEC with CD bit
- DNS over TLS is now able to create ephemeral certs on the runtime
(Thanks Daniel Kahn Gilmore for contributing to DNS over TLS
implementation in Knot Resolver.)
- configurable minimum and maximum TTL (default 6 days)
- configurable pseudo-random reordering of RR sets
- new module 'version' that can call home and report new versions
and security vulnerabilities to the log file
This release also fixes bugs, most notable ones:
- The resolver was setting AD flag when running in a forwarding
mode. Thanks Stéphane Bortzmeyer for reporting this issue!
- We now correctly return RCODE=NOTIMPL on meta-queries and
non IN class queries
- Fix crash in hints module when hints file was empty
- Fix non-lowercase hints
We also have a new LRU implementation under the hood.
That's it! Thank you for using Knot Resolver. And if you are
not using it yet, please give it a try.
Full changelog:
https://gitlab.labs.nic.cz/knot/resolver/raw/v1.2.0-rc1/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz.asc
Documentation:
http://knot-resolver.readthedocs.io/en/latest/
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
2863
days inactive
2865
days old
3 comments
2 participants
participants (2)
-
Horigome Yoshihito -
Ondřej Surý