- knot-resolver-users - lists.nic.cz

by Oto Šťáva

Dear Knot Resolver users, Knot Resolver version 5.7.3 (stable) has been released! This maintenance update brings a minor improvement to stats and a bugfix to missing NSEC3 records. An early-access version 6.0.8 including these changes and more will come at a later date - a few more things need to be finalized there before release. Improvements: - stats: add separate metrics for IPv6 and IPv4 (!1544) Bugfixes: - fix NSEC3 records missing in answer for positive wildcard expansion with the NSEC3 having over-limit iteration count (#910, !1550) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.3/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.3.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.3.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v5.7.3/ -- Oto Šťáva | Knot Resolver team lead | CZ.NIC z.s.p.o. PGP: 6DC2 B0CB 5935 EA7A 3961 4AA7 32B2 2D20 C9B4 E680

1 rok, 3 měsíce

1
0
0 0

Re: [knot-dns-users] Re: KNOT resolver and NS serverers with CNAME

by Vladimír Čunát

On 17/05/2024 22.43, Peter Thomassen wrote: > I think the question is whether Knot Resolver follows the letter of > the RFC, like BIND, or whether it is less strict. I'm not aware of RFCs saying that resolvers should fail in such situations. My understanding is more like it's allowed not to work. Anyway, it would be better to continue this thread on knot-resolver-users(a)lists.nic.cz (I already have posted there about this a couple days ago.) --Vladimir

1 rok, 3 měsíce

1
0
0 0

Get readable text properties in request/response Lua functions

by boris.kotyrev＠gmail.com

Trying to make Policy Based Routing routing. Looking for HOWTO/snippents of two API features : 1) Tracking Cache TTL for some records and ability to make requests against cache. 2) Printing some text properties in request/response (kres) functions - like domain name, is cached (yes/no), TTL, etc. As I understood docs regarding Lua/C bindings is not finished yes. But I'm not a experienced developer so reading .c files is not an option for me ;-)

1 rok, 4 měsíce

2
1
0 0

Kresd crashes on raspberry pi

by Ulrich Wisser

Hi, for some time now I have a problem running kresd on my raspberry pi. I am running pihole and use kresd as resolver behind pihole. Everything works fine until some day where kresd "decides" to crash. It is always the same error message (please see below). I then have to manually stop the garbage collector, remove all cache files and restart kresd (which automatically starts the garbage collector). My pi is pxe boot and the root partition is on an nfs mounted volume. The volume has several terra byte of space left. After a restart it will run flawless for tow or three weeks just to crash with the same error again. Any idea how this happens? /Ulrich root@pi-hole1:~# systemctl status kresd ● kresd.service - Knot Resolver daemon Loaded: loaded (/lib/systemd/system/kresd.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2024-04-05 02:31:47 CEST; 6h ago Docs: man:kresd.systemd(7) man:kresd(8) Process: 5106 ExecStart=/usr/sbin/kresd -c /usr/lib/arm-linux-gnueabihf/knot-resolver/distro-preconfig.lua -c /etc/knot-resolver/kresd.conf -n (code=exited, status=1/FAILURE) Process: 5110 ExecStopPost=/usr/bin/env rm -f /run/knot-resolver/control/ (code=exited, status=1/FAILURE) Main PID: 5106 (code=exited, status=1/FAILURE) CPU: 648ms Apr 05 02:31:45 pi-hole1 kresd[5106]: [C]: at 0x0001b2d8 Apr 05 02:31:45 pi-hole1 kresd[5106]: [C]: in function 'pcall' Apr 05 02:31:45 pi-hole1 kresd[5106]: ...b/arm-linux-gnueabihf/knot-resolver/distro-preconfig.lua:9: in main chunk Apr 05 02:31:45 pi-hole1 kresd[5106]: ERROR: net.listen() failed to bind Apr 05 02:31:46 pi-hole1 kresd[5106]: [system] error while loading config: /usr/lib/arm-linux-gnueabihf/knot-resolver/sandbox.lua:402: can't open cache path '/var/cache/knot-resolver'; working directory '/var/lib/knot-resolver'; No space left on device (workdir '/var/lib/knot-resolver') Apr 05 02:31:47 pi-hole1 systemd[1]: kresd.service: Main process exited, code=exited, status=1/FAILURE Apr 05 02:31:47 pi-hole1 env[5110]: rm: cannot remove '/run/knot-resolver/control/': Is a directory Apr 05 02:31:47 pi-hole1 systemd[1]: kresd.service: Control process exited, code=exited, status=1/FAILURE Apr 05 02:31:47 pi-hole1 systemd[1]: kresd.service: Failed with result 'exit-code'. Apr 05 02:31:47 pi-hole1 systemd[1]: Failed to start Knot Resolver daemon. root@pi-hole1:~# ps aux Op | grep kres knot-re+ 569 0.1 0.1 114480 4140 ? Ss Apr02 5:15 /usr/sbin/kres-cache-gc -c /var/cache/knot-resolver -d 1000 root 23835 0.0 0.0 10292 504 pts/0 S+ 09:00 0:00 grep kres root@pi-hole1:~# systemctl status | grep kres │ └─23861 grep kres ├─system-kresd.slice │ └─kres-cache-gc.service │ └─569 /usr/sbin/kres-cache-gc -c /var/cache/knot-resolver -d 1000 root@pi-hole1:~# systemctl stop kres-cache-gc

1 rok, 5 měsíců

2
2
0 0

Knot Resolver 5.7.2 and 6.0.7

by Oto Šťáva

Dear Knot Resolver users, Knot Resolver versions 5.7.2 (stable) and 6.0.7 (early-access) have been released! Both fix running on 32-bit systems with 64-bit time; 6.0.7 additionally brings fixes to RPZ, cache clearing via kresctl, and more. --- Knot Resolver 5.7.2: Bugfixes: - fix on 32-bit systems with 64-bit time_t (!1510) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.2/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.2.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.2.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/artifacts/1056229/index.html --- Knot Resolver 6.0.7: Improvements: - manager: clear the cache via management HTTP API (#876, !1491) - manager: added support for Python 3.12 and removed for 3.7 (!1502) - manager: use build-time install prefix to execute `kresd` instead of PATH (!1511) - docs: documentation is now separated into user and developer parts (!1514) - daemon: ignore UDP requests from ports < 1024 (!1507) - manager: increase startup timeout for processes (!1518, !1520) - local-data: increase default DB size to 2G on 64-bit platforms (!1518) Bugfixes: - fix listening by interface name containing dashes (#900, !1500) - fix kresctl http request timeout (!1505) - fix RPZ if it contains apex NS record (!1516) - fix RPZ if SOA is repated, as usual in AXFR output (!1521) - avoid RPZ overriding the root SOA (!1521) - fix on 32-bit systems with 64-bit time_t (!1510) - fix paths to knot-dns libs if exec_prefix != prefix (!1503) - manager: add missing early check that neither a custom port nor TLS is set for authoritative server forwarding (#902, !1505) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.7/NEWS Documentation: https://www.knot-resolver.cz/documentation/artifacts/1056245/index.html -- Oto Šťáva | Knot Resolver team leader | CZ.NIC z.s.p.o. PGP: 6DC2 B0CB 5935 EA7A 3961 4AA7 32B2 2D20 C9B4 E680

1 rok, 5 měsíců

1
0
0 0

Newbie questions regarding knot-resolver

by Michael Grimm

Hi, I am in the process to migrate from unbound to knot-resolver. This is on FreeBSD 14-STABLE, knot-resolver 5.7.1, and on a very small instance serving a handful users, around 100 mails a day and such. The resolver is up and running, but I still have some questions left I cannot answer myself after reading the documentation et al. 1) I managed to run 'kres-cache-gc -c /var/run/kresd' but I am unsure whether I do need the garbage collector at all? I read that after filling up of '/var/run/kresd/data.mdb' that file would become reset to 0 bytes, correct? FYI: After 3 days '/var/run/kresd/data.mdb' uses less than 1 MB currently. 2) Does knot-resolver automatically update 'root.hints' and 'root.keys', or do I have to install a script in crontab doing the updates instead? FYI: I didn't unload the modules 'ta_signal_query' and 'ta_sentinel‘ 3) I am still struggeling to understand, how to get access to the statistics produced by the module 'stats'? FYI: If I do try to use knotc (I know, it's experimental), I'll get: |dns> kresc /var/run/kresd/control/17158 |Warning! kresc is highly experimental, use at own risk. |Please tell authors what features you expect from client utility. | FYI: There is no 'kresd>' prompt … I tried to modify that socket's privileges but to no avail. 4) If that socket is the way to get hold on all statistics information, how can one name that socket file? Currently, it is just the PID of kresd. Thanks in advance and regards, Michael

1 rok, 5 měsíců

3
7
0 0

DNS Shotgun v20240219

by Oto Šťáva

Dear Knot Resolver users, DNS Shotgun v20240219, our high-performance realistic benchmarking tool for DNS resolvers, has been released. This new release, amongst a variety of other improvements, brings support for testing DNS-over-QUIC. Incompatible changes: - CMake is now being used to build dnssim instead of Autotools - GnuTLS 3.7.5+ is now required Improvements: - pcap/extract-clients: always reset UDP port numbers to 53 (!56) - pcap/extract-clients: ability to write to stdout (!62) - pcap/filter-dnsq: skip 'special' queries for *.dotnxdomain.net (!58) - pcap/split-clients: new tool to split larger PCAPs into smaller ones (!61) - pcap/merge-chunks: allow disabling randomization (!67) - tools/plot-latency: ability to diversify lines with linestyles (!69) - tools/plot-response-rate: estimate worst-case drop caused by discarded packets (!74) - tools/plot-packet-rate: handle incomplete last sampling period (!71) - tools/plot-response-rate: ability to ignore RCODEs with small response rate (!73) - pcap/filter-dnsq: ability to log malformed queries (!72) - pcap/generate-const-qps: new tool to generate constant QPS (!33) - tools: allow customizing plot charts with `SHOTGUN_MPLSTYLES` (!65) - replay: `--preload` argument, mainly for dnssim debugging with sanitizers (!76) - tools/plot-latency: use fractional values for humans in charts (!78) - pcap/extract-clients: warn if some input packets were skipped (!80) - dnssim: replace Autotools with CMake (!77, !86) - configs: DoH configs with exclusively GET/POST methods (!82) - tools/plot-response-rate: avoid division by zero (!89) - tools/plot-latency: denser labels to improve logarithmic scale readability (!90) - pcap/extract-clients: allow query rewriting - anonymization (!91) - Support for DNS-over-QUIC (!75) Bugfixes: - tools/plot-response-rate: avoid white lines on white background (!55) - tools/plot-client-distribution: properly handle file limit (!59) - pcap: proper PCAP write error handling (!60) - tools/plot-connections: set axis limits properly (!66) - tools/plot-packet-rate: trim chart whitespace (!79) - replay: do not exit silently when dnssim returns non-zero (!87) Full changelog: https://gitlab.nic.cz/knot/shotgun/-/releases/v20240219 Sources: https://gitlab.nic.cz/knot/shotgun/-/archive/v20240219/shotgun-v20240219.ta… Documentation: https://dns-shotgun.readthedocs.io/en/v20240219/ Oto Šťáva Knot Resolver CZ.NIC z.s.p.o.

1 rok, 6 měsíců

1
0
0 0

Why are some names not cached?

by Ondřej Caletka

Hello, I am trying to figure out why some domain names are not resolving on my instance of Knot resolver over DoH with some clients. I was able to reproduce this issue with [doh](https://github.com/curl/doh) client built on libcurl. The problem never manifests with kdig (neither with DoH, nor DoT nor Do53). During this, I noticed something strange. For domain name github.com (which sometimes returns no A record), I always receive an answer with TTL set to 60. It seems like this name does not get cached at all. See the test output below. Interestingly, if I delete cache files and restart the resolver, the TTL starts decreasing as expected. Is this a sign that something was wrong with the cache before? Or is this some sort of cache optimization for low TTL records? Here is the test output: $ for i in `seq 1 5`; do ./doh github.com https://nscache.mtg.ripe.net/dns-query ; echo "----"; kdig +https +noadflag +nocookie +noall +answer github.com A @nscache.mtg.ripe.net ; echo "===="; sleep 1; done [github.com] TTL: 60 seconds AAAA: 0064:ff9b:0000:0000:0000:0000:8c52:7903 ---- github.com. 60 IN A 140.82.121.3 ==== [github.com] TTL: 60 seconds A: 140.82.121.3 AAAA: 0064:ff9b:0000:0000:0000:0000:8c52:7904 ---- github.com. 60 IN A 140.82.121.4 ==== [github.com] TTL: 60 seconds A: 140.82.121.4 AAAA: 0064:ff9b:0000:0000:0000:0000:8c52:7904 ---- github.com. 60 IN A 140.82.121.4 ==== [github.com] TTL: 60 seconds A: 140.82.121.4 AAAA: 0064:ff9b:0000:0000:0000:0000:8c52:7903 ---- github.com. 60 IN A 140.82.121.4 ==== [github.com] TTL: 60 seconds A: 140.82.121.3 AAAA: 0064:ff9b:0000:0000:0000:0000:8c52:7904 ---- github.com. 60 IN A 140.82.121.3 ==== -- Best regards, Ondřej Caletka

1 rok, 6 měsíců

2
1
0 0

LIGA CHAMPIONS

by sachgame570＠gmail.com

Komentator -Liga Champions✔️✔️ Owen Hargreaves mengatakan bahwa “semua orang akan terpukul” oleh penampilan buruk Bayern Munich baru-baru ini, kali ini setelah kalah dari Lazio di leg pertama babak 16 besar Liga Champions. Situs web: https://svipbola.com/liga/liga-champions Pertandingan Liga Champions“Mereka perlu menemukan cara untuk mempercepat permainan dan menjadi sedikit lebih cepat. Mereka melewati fase ini di bawah asuhan Pep dan memainkan sepakbola terindah. Hari ini mereka bahkan tidak memainkan sepakbola indah.” Jadwal Liga Champions - dengan meningkatnya perhatian media terhadap manajer dan pemain, mantan gelandang Manchester United dan pemenang Liga Champions Hargreaves tidak berharap tim tamu mendapat ulasan positif atas penampilan seperti itu. Liga Champions 2023⭐“Ketika Anda bermain untuk tim papan atas, saya tahu orang-orang tidak ingin mendengarnya, namun ketika Anda bermain seperti itu, Anda akan dikritik. Saya pikir akan ada banyak rasa frustrasi di dalam dan di sekitar Bayern saat ini.” Address: Jl Gondosuli 8 Yk Jawa Tengah Indonesia #Liga Champions #pertandingan liga champions #jadwal liga champions #klasemen liga champions #liga champions uefa #liga champions 2023 #hasil liga champions #liga champions 2022

1 rok, 7 měsíců

1
0
0 0

Unable to install kdig utility in Linux fedora 8.8

by Ramakrishnudu MANGALA

Hi Team, I am trying to install kdig utility in Linux fedora 8.8 but not successful. I took the reference from https://www.knot-resolver.cz/download/ Tried below: # yum install -y epel-release Oracle Linux 8 BaseOS Latest (x86_64) 4.7 kB/s | 3.6 kB 00:00 Oracle Linux 8 Application Stream (x86_64) 9.8 kB/s | 3.9 kB 00:00 Oracle Linux 8 CodeReady Builder (x86_64) - Unsupported 3.7 kB/s | 3.3 kB 00:00 ITE 20 kB/s | 1.4 kB 00:00 Package oracle-epel-release-el8-1.0-5.el8.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! # yum install -y knot-resolver Oracle Linux 8 BaseOS Latest (x86_64) 1.1 kB/s | 3.6 kB 00:03 Oracle Linux 8 Application Stream (x86_64) 10 kB/s | 3.9 kB 00:00 Oracle Linux 8 CodeReady Builder (x86_64) - Unsupported 8.3 kB/s | 3.3 kB 00:00 ITE 22 kB/s | 1.4 kB 00:00 No match for argument: knot-resolver Error: Unable to find a match: knot-resolver # dnf install -y knot-resolver Oracle Linux 8 BaseOS Latest (x86_64) 2.4 kB/s | 3.6 kB 00:01 Oracle Linux 8 BaseOS Latest (x86_64) 15 MB/s | 62 MB 00:04 Oracle Linux 8 Application Stream (x86_64) 10 kB/s | 3.9 kB 00:00 Oracle Linux 8 Application Stream (x86_64) 11 MB/s | 48 MB 00:04 Oracle Linux 8 CodeReady Builder (x86_64) - Unsupported 2.2 kB/s | 3.3 kB 00:01 Oracle Linux 8 CodeReady Builder (x86_64) - Unsupported 4.5 MB/s | 8.6 MB 00:01 ITE 1.1 kB/s | 1.4 kB 00:01 No match for argument: knot-resolver Error: Unable to find a match: knot-resolver But none of the above is successful. Could you help me with kdig utility installation on Fedora 8.8? Regards, Rama.

1 rok, 7 měsíců

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

knot-resolver-users