knot-resolver-users Prosinec 2018

knot-resolver-users@lists.nic.cz

4 participants
2 discussions

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 3.2.0 has been released. New features ------------ - module edns_keepalive to implement server side of RFC 7828 (#408) - module nsid to implement server side of RFC 5001 (#289) - module bogus_log provides .frequent() table (!629, credit Ulrich Wisser) - module stats collects flags from answer messages (!629, credit Ulrich Wisser) - module view supports multiple rules with identical address/TSIG specification and keeps trying rules until a "non-chain" action is executed (!678) - module experimental_dot_auth implements an DNS-over-TLS to auth protocol (!711, credit Manu Bretelle) - net.bpf bindings allow advanced users to use eBPF socket filters Bugfixes -------- - http module: only run prometheus in parent process if using --forks=N, as the submodule collects metrics from all sub-processes as well. - TLS fixes for corner cases (!700, !714, !716, !721, !728) - fix build with -DNOVERBOSELOG (#424) - policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710) - avoid SERVFAILs due to certain kind of NS dependency cycles, again (#374) this time seen as 'circular dependency' in verbose logs - policy and view modules do not overwrite result finished requests (!678) Improvements ------------ - Dockerfile: rework, basing on Debian instead of Alpine - policy.{FORWARD,TLS_FORWARD,STUB}: give advantage to IPv6 when choosing whom to ask, just as for iteration - use pseudo-randomness from gnutls instead of internal ISAAC (#233) - tune the way we deal with non-responsive servers (!716, !723) - documentation clarifies interaction between policy and view modules (!678, !730) Module API changes ------------------ - new layer is added: answer_finalize - kr_request keeps ::qsource.packet beyond the begin layer - kr_request::qsource.tcp renamed to ::qsource.flags.tcp - kr_request::has_tls renamed to ::qsource.flags.tls - kr_zonecut_add(), kr_zonecut_del() and kr_nsrep_sort() changed parameters slightly Full changelog: https://gitlab.labs.nic.cz/knot/knot-resolver/raw/v3.2.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-3.2.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-3.2.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v3.2.0/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 11 měsíců

knot-resolver 3.1.0 nevrací A záznam pro www.cezdistribuce.cz

by Zdeněk Janiš

Dobrý den, používám knot-resolver ver. 3.1.0 a zjistil, že nevrací A záznamy pro: www.cezdistribuce.cz když vymažu cache: cache.clear('cezdistribuce.cz') tak se knot-resolver na nedefinovanou dobu umoudří a A záznamy normálně vrací. Přitom google DNS 8.8.8.8 záznamy vrací v pořádku. Jinou anomálii jsem nezjistil. V čem může být problém? Konfigurace? Nefunkční výpis: $ dig @192.168.100.100 -t A www.cezdistribuce.cz ; <<>> DiG 9.11.4-P2-3~bpo9+1-Debian <<>> @192.168.100.100 -t A www.cezdistribuce.cz ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26696 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.cezdistribuce.cz. IN A ;; AUTHORITY SECTION: cezdistribuce.cz. 41952 IN SOA ns10.cez.cz. netmaster.cezdata.cz. 2018112701 28800 7200 864000 86400 ;; Query time: 1 msec ;; SERVER: 192.168.100.100#53(192.168.100.100) ;; WHEN: Po pro 10 07:58:55 CET 2018 ;; MSG SIZE rcvd: 112 Funkční, po vymazaní z cache: $ dig @192.168.100.100 -t A www.cezdistribuce.cz ; <<>> DiG 9.11.4-P2-3~bpo9+1-Debian <<>> @192.168.100.100 -t A www.cezdistribuce.cz ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 89 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.cezdistribuce.cz. IN A ;; ANSWER SECTION: www.cezdistribuce.cz. 24 IN A 89.111.76.140 ;; Query time: 0 msec ;; SERVER: 192.168.100.100#53(192.168.100.100) ;; WHEN: Po pro 10 08:09:59 CET 2018 ;; MSG SIZE rcvd: 65 Děkuji za pomoc. -- Zdeněk Janiš

5 let, 11 měsíců

2024

2023

2022

2021

2020

2019

2018

knot-resolver-users Prosinec 2018