18 Říj
2021
18 Říj
'21
12:13
Dear Tomas,
On 18/10/21 11:56, Tomas Krizek wrote:
On 16/10/2021 19.50, Matthew Richardson wrote:
Yes, I can reproduce the issue every time with this procedure:-
Whilst setting up Knot Resolver (version 5.4.1 on
Rocky 8), it fails to
resolve 213-133-203-34.newtel.in-addr.itconsult.net with a cold cache, but
succeeds if the cache has been specifically warmed. With the cold cache
SERVFAIL is returned and it logs:-
> Oct 16 18:40:52 dt05 kresd[36140]: [dnssec] validation failure:
213-133-203-34.newtel.in-addr.itconsult.net. PTR
Hi,
I can't reproduce this behaviour. I get NOERROR even with cold cache.
What does your configuration look like? Is the issue reproducible in
your environment? [root@dt05 ~]# systemctl stop kresd(a)1.service
[root@dt05 ~]# systemctl stop kres-cache-gc
[root@dt05 ~]# rm /var/cache/knot-resolver/*.mdb
rm: remove regular file '/var/cache/knot-resolver/data.mdb'? y
rm: remove regular file '/var/cache/knot-resolver/lock.mdb'? y
[root@dt05 ~]# systemctl start kresd(a)1.service
[root@dt05 ~]# dig @dt05 -p 533 -t ptr 213-133-203-34.newtel.in-addr.itconsult.net
; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> @dt05 -p 533 -t ptr
213-133-203-34.newtel.in-addr.itconsult.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35112
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;213-133-203-34.newtel.in-addr.itconsult.net. IN PTR
;; Query time: 23 msec
;; SERVER: 193.201.42.59#533(193.201.42.59)
;; WHEN: Mon Oct 18 11:08:10 BST 2021
;; MSG SIZE rcvd: 72
The config is:-
[root@dt05 ~]# cat /etc/knot-resolver/kresd.conf
-- SPDX-License-Identifier: CC0-1.0
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
-- Network interface configuration
net.listen('127.0.0.1', 533, { kind = 'dns' })
net.listen('193.201.42.59', 533, { kind = 'dns' })
--net.listen('127.0.0.1', 853, { kind = 'tls' })
--net.listen('127.0.0.1', 443, { kind = 'doh2' })
--net.listen('::1', 53, { kind = 'dns', freebind = true })
--net.listen('::1', 853, { kind = 'tls', freebind = true })
--net.listen('::1', 443, { kind = 'doh2' })
-- Load useful modules
modules = {
'hints > iterate', -- Load /etc/hosts and allow custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
'bogus_log',
}
-- Cache size
cache.size = 100 * MB
Hope this helps...
Best wishes,
Matthew