-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Knot Resolver users,
we would like to inform you about certain changes in upcoming Knot Resolver 5.2.0:
- - Users of Control sockets API need to terminate each command sent to resolver with newline character (ASCII \n). Correct usage: "cache.stats()\n". Newline terminated commands are accepted by all resolver versions >= 1.0.0.
- - Human readable output from Control sockets is not stable and changes from time to time. Users who need machine readable output for scripts should use Lua function "tojson()" to convert Lua values into standard JSON format instead of attempting to parse the human readable output. For example API call "tojson(cache.stats())\n" will return JSON string with "cache.stats()" results represented as dictionary. Function "tojson()" is available in all resolver versions >= 1.0.0.
- - DoH served with http module DNS-over-HTTP (DoH) will be marked as legacy and won’t receive any more bugfixes. A more reliable and scalable DoH module will be available instead. The new DoH module will only support HTTP/2 over TLS.
- - New releases since October 2020 will contain changes for DNS Flag Day 2020. Please double-check your firewall, it has to allow DNS traffic on UDP and also TCP port 53. See https://dnsflagday.net/2020/ for more information.
This text with links to further documentation can be found here:
https://knot-resolver.readthedocs.io/en/latest/upgrading.html#upcoming-chan…
We plan to use the same URL to publish planned changes in not-yet-released versions.
To make our version numbers easier to understand we have documented how we version new releases:
https://knot-resolver.readthedocs.io/en/latest/NEWS.html#version-numbering
Feedback is more than welcome. Do not hesitate to reach out on the usual channels:
https://www.knot-resolver.cz/support/
- --
Petr Špaček @ CZ.NIC
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvibrucvgWbORDKNbzo3WoaUKIeQFAl9+9kcACgkQzo3WoaUK
IeR7Jg/5AT4QLP1ZJBR8Vkoa5DirCnTBrBx3GPkiW+hVEXZPl55AXWMu54i9ZTuY
4R38+I1PypAM924n5xk98AaX7iRbISVZ87kOEfeJOKR2tzB8TiYwzufl2Y3PUYo8
IlazzcUyNFcQw4ARE3BqiQF6DLKl/s8U812XMEUlRdryE7lURWVEJyo711XNLPPy
6PWuGpsNboMR2V6z/7yrX/i+/0XGpxoSL8S9Fv4hQrOJB3c0lIZNSfaj23GywDao
ZgkqlxwBgPkOGAhSIq3r5Xqitl9fTh2Gb1565Lrbj+4OY5WbL8YqaNArZMp3poUD
T2QCH1bUypa0EP+smzdcriuFDWwl3L0zwODsnH2ofLAnosWeGfxtHXHI5W7rwskF
gAAZJJe+UhxSeBzwr01r6YwZbDYlHiDA9+AkGkYGjYwQmfLCTftXRhlqmJ3BvpeR
Nr97D8lSuct9XugIN2pUJfR1cVIr40ViiO3TG4m2eL2dHExELB4OOf/ZCOTX5dQk
KJuQSspz5zQvVFWZZh17L6iT9WUdgwmi0TkvR8aMmPlr75vokFvioQMAOHfHgGtq
7s10W9TtRGX5o9ioHtTLrDaqEC/0P79bMTVU5HCap1dSCzgk1AYXtUDu4AVc0pWC
Aui8tih9ykESC8rPUaEBc6wpR3wgKSPclfIWgiJira4xB8eRCUs=
=9lwy
-----END PGP SIGNATURE-----
Trying to use Knot DNS + Knot Resolver for a small business network.
So far it's working great, however there's one function that's still
needed: short hostname resolution suffixing.
Meaning for 'server.example.com' I can `dig server.example.com` and get the
desired result, but wondering how to attach the 'example.com' suffix so I
can simply query `dig server` and have Knot auto-append 'example.com'
suffix.
I believe I saw it in the documentation but I can't find it again for the
life of me...
Thanks in advance,
-KM
Dear Knot Resolver users,
Knot Resolver 5.1.3 has been released!
Improvements
------------
- capabilities are no longer constrained when running as root (!1012)
- cache: add percentage usage to cache.stats() (#580, !1025)
- cache: add number of cache entries to cache.stats() (#510, !1028)
- aarch64 support again, as some systems still didn't work (!1033)
- support building against Knot DNS 3.0 (!1053)
Bugfixes
--------
- tls: fix compilation to support net.tls_sticket_secret() (!1021)
- validator: ignore bogus RRSIGs present in insecure domains (!1022,
#587)
- build if libsystemd version isn't detected as integer (#592, !1029)
- validator: more robust reaction on missing RRSIGs (#390, !1020)
- ta_update module: fix broken RFC5011 rollover (!1035)
- garbage collector: avoid keeping multiple copies of cache (!1042)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v5.1.3/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.1.3.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.1.3.tar.xz.asc
Documentation:
https://knot-resolver.readthedocs.io/en/v5.1.3/
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
I am newby in kresd and lua
ipv4 format in documentation 127.0.0.1 as "\127\0\0\1" is new for me
i meen "fe80::56e6::f188:75d6" as "\fe80\\56e6\f188\75d6" is no right way (no work for me)
i will try kres.str2ip('........')
On 13. 08. 20 8:35, knot-resolver-users-bounces(a)lists.nic.cz wrote:
> how is correct syntax for ipv6 address in policy.ANSWER ?
Hello,
and thank you for pointing out our insufficient documentation.
I've attempted to clarify it in the following change:
https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1037/diffs?view=p…
Does the text on right side (green part) answer your question? If not, what is unclear?
--
Petr Špaček @ CZ.NIC
Hello all,
I have a question regarding cache size and it’s using. We are running
knot-resolver on RaspberryPI 4 (as secondary cache). Previously we had
256MB cache as tmpfs and hit issue that process crashed due to “No space
left on device (workdir '/var/lib/knot-resolver')” I doubled the site to
512MB, but same issue occurs. My question is why it crash even from the
logs the usage of cache is about 80 percent (same in the case with 256MB).
I taught that kres-cache-gc is taking care about its size and it does not
allow to full the cache and prevent writing to it in the way that main
process crash. Should we increase the cache size or we hit a some bug? Any
other suggestion what could cause that cache is full and not “cleared”?
Thank you for tip and have a nice day. Petr Kyselak
Config:
/etc/fstab
tmpfs /var/cache/knot-resolver tmpfs
rw,size=512m,uid=knot-resolver,gid=knot-resolver,nosuid,nodev,noexec,mode=0700
0 00
-- Cache size
cache.size = cache.fssize() - 10*MB
Logs:
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Cache analyzed in 1.41
secs, 1038386 records, limit category is 100.
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: 0 records to be deleted
using 0.00 MBytes of temporary memory, 0 records skipped due to memory
limit.
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Deleted 0 records (0
already gone) types
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: It took 0.00 secs, 0
transactions (OK)
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Usage: 81.32% (428077056 /
526385152)
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Cache analyzed in 1.41
secs, 1038420 records, limit category is 100.
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: 0 records to be deleted
using 0.00 MBytes of temporary memory, 0 records skipped due to memory
limit.
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Deleted 0 records (0
already gone) types
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: It took 0.00 secs, 0
transactions (OK)
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Usage: 81.32% (428077056 /
526385152)
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Cache analyzed in 1.41
secs, 1038420 records, limit category is 100.
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: 0 records to be deleted
using 0.00 MBytes of temporary memory, 0 records skipped due to memory
limit.
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Deleted 0 records (0
already gone) types
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: It took 0.00 secs, 0
transactions (OK)
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Usage: 81.32% (428077056 /
526385152)
Jun 4 16:32:05 dns-cache-2 kres-cache-gc[548]: Cache analyzed in 1.41
secs, 1038421 records, limit category is 100.
Jun 4 16:32:32 dns-cache-2 kresd[672]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[672]: [cache] clearing error, falling back
Jun 4 16:32:32 dns-cache-2 kresd[672]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing error, falling back
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing failed to get
./.cachelock; retry later
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing error, falling back
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing failed to get
./.cachelock; retry later
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing error, falling back
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing failed to get
./.cachelock; retry later
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
…
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)1.service: Main process
exited, code=killed, status=11/SEGV
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing failed to get
./.cachelock; retry later
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing error, falling back
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing failed to get
./.cachelock; retry later
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
…
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)1.service: Failed with result
'signal'.
…
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)2.service: Main process
exited, code=killed, status=11/SEGV
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing failed to get
./.cachelock; retry later
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing error, falling back
…
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)2.service: Failed with result
'signal'.
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -17
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing error, falling back
…
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] MDB_BAD_TXN, probably
overfull
Jun 4 16:32:32 dns-cache-2 kresd[675]: [cache] clearing because overfull,
ret = -28
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)1.service: Service
RestartSec=100ms expired, scheduling restart.
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)1.service: Scheduled restart
job, restart counter is at 1.
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)2.service: Service
RestartSec=100ms expired, scheduling restart.
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)2.service: Scheduled restart
job, restart counter is at 1.
Jun 4 16:32:32 dns-cache-2 kresd[30052]: [system] error while loading
config: /usr/lib/knot-resolver/sandbox.lua:400: can't open cache path
'/var/cache/knot-resolver'; working directory '/var/lib/knot-resolver'; No
space left on device (workdir '/var/lib/knot-resolver')
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)1.service: Main process
exited, code=exited, status=1/FAILURE
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)1.service: Failed with result
'exit-code'.
Jun 4 16:32:32 dns-cache-2 kresd[30051]: [system] error while loading
config: /usr/lib/knot-resolver/sandbox.lua:400: can't open cache path
'/var/cache/knot-resolver'; working directory '/var/lib/knot-resolver'; No
space left on device (workdir '/var/lib/knot-resolver')
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)2.service: Main process
exited, code=exited, status=1/FAILURE
Jun 4 16:32:32 dns-cache-2 systemd[1]: kresd(a)2.service: Failed with result
'exit-code'.
Hello all,
I am trying to configure my local PC (always on server), to serve DNS
resolving all other computers in my LAN. I installed and enabled the
service. I've attempted configuration. Knot-resolver correctly resolves
DNS querier on localhost machine, but fails to reply to queries from
other LAN machines.
Can someone please share configuration which I should use to have LAN
resolving?
I've tried various net.listen(), net() in config file, to no avail. I've
studied this page
https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-net_server.h…
but I have no idea which option I should put in config to enable my
server PC (192.168.1.44) to allow all PCs in LAN (192.168.1.xxx) to use
knot-resolver.
I'd appreciate if someone with knowledge would help a newbie like me.
Thank you!
pioruns
Hi all,
Is there a way to reload dynamically the knot-resolver configuration
without stopping knot-resolver ?
e.g I have to add this in the config file
extraTrees = policy.todnames({'foo.example.net'})
policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), extraTrees))
policy.add(policy.suffix(policy.FORWARD({'192.168.0.15'}), extraTrees))
Is there a sort of CLI command to take it in account ?
Regards
______________________________
*Pierrick CHOVELON I *Ingénieur système
*Advanced Software I IT*
+33 4 77 43 27 05
pierrick.chovelon(a)savoye.com
*SAVOYE - 8, rue de la Richelandière - 42100 - Saint-Etienne - France*
*Savoye recrute ! <https://careers.savoye.com/#!/fr/index> - *www.savoye.com
