Hi Juergen, The warning usually appears if the configuration of all nameservers is inconsistent. For example cookies are enabled on some nameservers only. Daniel On 12/22/21 1:07 PM, J. Echter wrote: > Hi, > > i have knot dns setup with dns cookie module enabled but if i check with > dnsviz.net i always get: > > The server appears to support DNS cookies but did not return a COOKIE > option. > > Relevant parts of my knot.conf: > > template: > > - id: default storage: "/var/lib/knot" > > dnssec-signing: on > > dnssec-policy: rsa2048 > > global-module: [ "mod-cookies", "mod-rrl/default" ] > > > mod-rrl: > > - id: default > > rate-limit: 200 > > slip: 2 > > > - domain: mydomain.de > > file: "/etc/knot/zones/mydomain.de.zone" > > notify: secondary > > acl: acl_secondary > > zonefile-load: difference > > > I thought about maybe it's the slip: 2, but that didn't change anything > if set to 1 > > > Do you guys see anything obvious causing this "issue"? > > > Thanks for your time > > Juergen > > > -- >

On 12/22/21 1:36 PM, J. Echter wrote: No, the signing is configured correctly. I have tried almost the same configuration and dnsviz didn't complain. It's strange. Daniel > Thanks for your fast respone. > > Juergen > > Am 22.12.21 um 13:25 schrieb Daniel Salzman: >> Hi Juergen, >> >> The warning usually appears if the configuration of all nameservers is inconsistent. >> For example cookies are enabled on some nameservers only. >> >> Daniel >> >> On 12/22/21 1:07 PM, J. Echter wrote: >>> Hi, >>> >>> i have knot dns setup with dns cookie module enabled but if i check with >>> dnsviz.net i always get: >>> >>> The server appears to support DNS cookies but did not return a COOKIE >>> option. >>> >>> Relevant parts of my knot.conf: >>> >>> template: >>> >>> - id: default storage: "/var/lib/knot" >>> >>> dnssec-signing: on >>> >>> dnssec-policy: rsa2048 >>> >>> global-module: [ "mod-cookies", "mod-rrl/default" ] >>> >>> >>> mod-rrl: >>> >>> - id: default >>> >>> rate-limit: 200 >>> >>> slip: 2 >>> >>> >>> - domain: mydomain.de >>> >>> file: "/etc/knot/zones/mydomain.de.zone" >>> >>> notify: secondary >>> >>> acl: acl_secondary >>> >>> zonefile-load: difference >>> >>> >>> I thought about maybe it's the slip: 2, but that didn't change anything >>> if set to 1 >>> >>> >>> Do you guys see anything obvious causing this "issue"? >>> >>> >>> Thanks for your time >>> >>> Juergen >>> >>> >>> -- >>>

On Wed, 22 Dec 2021 13:07:34 +0100 "J. Echter" <j.echter(a)gmx.de> wrote: I don't have such problem. but I have configuration for mod-cookies and so I load it differently. mod-cookies: - id: default secret-lifetime: 26h badcookie-slip: 1 And in default template: global-module: [ mod-cookies/default, mod-rrl/default ]

How about telling us version you are running? This has been working for ages.