Hello,
I have noticed kresd segfault:
[Sun May 15 14:22:47 2022] kresd[1791403]: segfault at 407ce590 ip
00000000407ce590 sp 00007ffc2d192668 error 15
There were also about 1300 lines from the same PID with a message like this:
May 15 14:23:45 xxxx kresd[1791403]: [primin] triggered priming query,
next in 0 seconds
Maybe it is related to the crash maybe not.
OS: Debian Linux 11.3 kernel 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1
(2022-03-17)
Knot-Resolver: 5.5.0-cznic.1
With regards
Ales
Hello,
We are using Knot-Resolver 5.5.0 with rebinding protection:
modules.load('rebinding < iterate')
We have some complains about an invalid domain name being returned in
the additional section of the response to the blocked request:
;; ADDITIONAL SECTION:
explanation.invalid. 10800 IN TXT "blocked by DNS
rebinding protection"
It looks like some windows domain controllers running DNS clients do not
like it and log an error:
The DNS server encountered an invalid domain name in a packet from
<Knot-Resolver IP> The packet will be rejected. The event data contains
the DNS packet.
Is there a way how to suppress this? Or even better response with SERVFAIL?
Thanks
Ales Rygl
Hello,
I'd would like to ask for help with preload module. The issue is that
when running multiple instatnces of kresd under systemd usualy just one
of them is able to start correctly. The other hangs and fails to start.
The config is just copy/paste from the documentation:
modules.load('prefill')
prefill.config({
['.'] = {
url = 'https://www.internic.net/domain/root.zone',
interval = 86400, -- seconds
}
})
Starting instances in a sequence does not help, the 2nd one hangs - and
only if the 1st one is killed/stopped the 2nd one goes on and processes
the root zone.
Did I miss something in the documentation?
With regards
Ales Rygl
Hi everyone,
The DNS Security Extensions (DNSSEC) add integrity and authenticity to the
Domain Name System (DNS). Now, more than 17 years after their
standardization, we would like to hear from DNS recursive resolver operators
about their experience with DNSSEC. For this reason, we have set up a short
survey. It’s directed mainly towards organisations that run a recursive
resolver. Filling out the survey should take roughly 5 to 10 minutes.
https://forms.gle/FxTD9FofaogdvLqcA (link directs to Google Forms)
This survey is carried out by SIDN Labs (https://sidnlabs.nl) and by the
Swedish Internet Foundation (https://internetstiftelsen.se/en/). You can
contact us via email: moritz.muller(a)sidn.nl
Please excuse us, if you have received this email via different mailing
lists.
—
Moritz Müller Research Engineer at SIDN Labs
