10 Bře
2024
10 Bře
'24
11:20
Hi
Vladimír Čunát via knot-resolver-users <knot-resolver-users(a)lists.nic.cz> wrote:
Thanks, that was new to me.
Cool, that is absolutely sufficient for my purposes, thanks.
Perfect, I just added net.listen('/var/run/kresd/control/kresd.sock', nil, { kind
= 'control' }).
Sorry, I missed that as well.
On 09/03/2024 15.45, Michael Grimm via
knot-resolver-users wrote:
Yes, it isn't. Actually the resolver is bored to death ;-)
I think I can live with very occasionally latency drops, as my cache is set to 100 MB.
1) I managed to run 'kres-cache-gc -c /var/run/kresd' but I am unsure whether I
do need the garbage collector at all?
I read that after filling up of '/var/run/kresd/data.mdb' that file would become
reset to 0 bytes, correct?
Yes, when cache fills up completely, it gets reset to
empty. So it is possible to run that way; you'll just temporarily get worse latency
whenever the reset happens.
FYI: After 3 days
'/var/run/kresd/data.mdb' uses less than 1 MB currently.
I expect your DNS
traffic isn't very diverse. 2) Does
knot-resolver automatically update 'root.hints' and 'root.keys', or do I
have to install a script in crontab doing the updates instead?
That depends on your
packaging and configuration. Certainly not something for crontab. Note that rotation of
root keys has only happened once in the whole history so far. It's a very slow and
careful process. My preferred way is to use these as read-only files,
updated by software updates. But we also have code for automatic maintenance according to
RFC 5011. I think in the FreeBSD port it's configurable
https://cgit.freebsd.org/ports/tree/dns/knot-resolver/Makefile?id=e8c9d591e…
My bad, I should have checked that first. Yes, both options ROOTKEYS and TRUSTANCHOR are
set on default.
Well, then I can omit my crontab settings.
3) I am still
struggeling to understand, how to get access to the statistics produced by the module
'stats'?
FYI: If I do try to use knotc (I know, it's experimental), I'll get:
|dns> kresc /var/run/kresd/control/17158
|Warning! kresc is highly experimental, use at own risk.
|Please tell authors what features you expect from client utility.
|
FYI: There is no 'kresd>' prompt …
I tried to modify that socket's privileges but to no avail.
kresc was an
experiment, incomplete and abandoned years ago. I expect you could use something like
echo 'tojson(stats.list())' | sudo socat - /var/run/knot-resolver/control/0
4) If that
socket is the way to get hold on all statistics information, how can one name that socket
file? Currently, it is just the PID of kresd.
It is possible to change or add these control sockets. It's just
net.listen('path', nil, { kind = 'control' }) Defaults depend on your init scripts, e.g. with
systemd it's typically not named by PID but by service name.
The FreeBSD init script doesn't provide this.
I tried to start the resolver daemon by adding "-S
/var/run/kresd/control/kresd.sock" but to no avail:
Mar 10 10:49:45 <daemon.notice> kresd[32252]: [system] incorrect value passed to
'-S/--fd': /var/run/kresd/control/kresd.sock
[endless loop]
Anyway, as long as the user is able to name the control socket in the config file there is
no need to debug this, IMHO, because of:
Some of these aspects get improved in versions >=
6.0. Control of the GC and kresd processes is integrated inside, also stats aggregation
and there's new kresctl command (and user config gets rewritten completely, from Lua
to YAML). But honestly we don't do any BSD ourselves, so I don't expect you want
to package and try it at this point…
Perhaps I will ;-)
I thank you very much for your invaluable help and kind regards,
Michael