CZ-NIC/knot

Knot DNS: High-performance authoritative-only DNS server. https://www.knot-dns.cz/support/

bleve

@bleve

when ping to slave is 119ms 200ms tcp timeout is not so good...

Daniel Salzman

@salzmdan

But this timeout doesn't count the TCP segment round trip time! There are some data available to read! For short messages (1 TCP segment) it's ok.

bleve

@bleve

ok - so network latency is not issue here?

Daniel Salzman

@salzmdan

In most cases (no transfers) no, it's not an issue.

bleve

@bleve

this is transfers.

Daniel Salzman

@salzmdan

Yes, I know. So in this case you have to tune the config.

When there are more users complaining about this default, we can change it. So far I think it's ok.

bleve

@bleve

I didn't have any problems before anycast dns service.

My own servers don't have issues with timeouts.

But those are all less than 10ms away.

bleve

@bleve

Hmh. I smell fresh software :)

In production, seem to work

bleve

@bleve

@salzmdan Back to tcp timeout. Increasing to 500ms did the trick and slaves don't get errors any more.

Micah

@micah_gitlab

hi, my slaves are having trouble refreshing one of my zones from my master, they say no usable master and I cannot see why

Daniel Salzman

@salzmdan

Hi, any logs? Try enabling debug verbosity level

Micah

@micah_gitlab

I only see refresh, remote owl not usable

and refresh, remote owl, address 0.0.0.0@53, failed (connection reset)

which is odd, the other zones between those machines are fine

Daniel Salzman

@salzmdan

Is the zone loaded on the master? Can you dig it?

Micah

@micah_gitlab

the master says, debug: TCP, send, address 0.0.0.0@45652 (connection timeout) (where the 0.0.0.0 is the ip)

I can do dig @127.0.0.1 and get a response

Daniel Salzman

@salzmdan

It sounds like the TCP timeout issue. Try increasing https://www.knot-dns.cz/docs/2.9/html/reference.html#tcp-io-timeout

on the master

Micah

@micah_gitlab

that would be weird, these machines are connected via a switch

Daniel Salzman

@salzmdan

I suspect the zone is bigger than the other ones?

Micah

@micah_gitlab

it is

huh, the tcp-timeout seemed to resolve it

bleve

@bleve

@salzmdan I really think default for tcp-io-timeout is too low :(

Daniel Salzman

@salzmdan

I understand your opinion, but you are influenced by your use case only.Probably you don't know how vulnerable TCP is :-)

There is no universal value for master servers. I can set the default to 500 ms. It will solve just your problem and will affect all other slave servers, which don't need it...

On the other hand, there is no significant difference between 200 and 500.

Micah

@micah_gitlab

I just noticed that I stumbled into the @bleve conversation about tcp timeouts with my tcp timeout problem :D

Daniel Salzman

@salzmdan

Yes :-D

Micah

@micah_gitlab

I swear I'm not a sock puppet account for @bleve :D

Jonathan Foote

@footePGH_twitter

Hi all. It looks like the oss-fuzz integration build broke due to gnutls requiring libev4: https://oss-fuzz-build-logs.storage.googleapis.com/log-8c57a29d-aecc-4537-9964-28f39ff6104e.txt

Step #4: configure: error: ***
Step #4: *** libev4 was not found.

I think this patch to the oss-fuzz integration will fix it

$ git diff
diff --git a/projects/knot-dns/Dockerfile b/projects/knot-dns/Dockerfile
index 22b1039..4977181 100644
--- a/projects/knot-dns/Dockerfile
+++ b/projects/knot-dns/Dockerfile
@@ -28,7 +28,9 @@ RUN apt-get update && apt-get install -y \
  make \
  pkg-config \
  texinfo \
- wget
+ wget \
+ libev4 \
+ libev-dev

 ENV GNULIB_TOOL $SRC/gnulib/gnulib-tool
 RUN git clone git://git.savannah.gnu.org/gnulib.git

I can submit a PR to oss-fuzz to fix it -- just wanted to run it past this group

Jonathan Foote

@footePGH_twitter

https://github.com/google/oss-fuzz/compare/master...jfoote:master

PR is here: google/oss-fuzz#3199

Daniel Salzman

@salzmdan

@footePGH_twitter Thank you! :thumbsup:

azzamsa

@azzamsa

I never know and never find the link to this gitter channel but today. I also don't find it in knot docs.

all my problem for 3 months in google search just linked me to the docs and mailing list.

Daniel Salzman

@salzmdan

But it's on the project web page https://www.knot-dns.cz/development/ :-)

azzamsa

@azzamsa

Oh, I missed that :). which one do you recommend for asking issue, gitter or mailing-list?

Daniel Salzman

@salzmdan

I think gitter is better for simple questions

azzamsa

@azzamsa

Thank you. I really appreciate for all your hard work for knot and other knot teams. I love that it provides the socket via python, so that I can corporate with our project https://github.com/BiznetGIO/RESTKnot

Daniel Salzman

@salzmdan

Interesting! Thanks for the link :-)

azzamsa

@azzamsa

:-), I never thought my question in mailing-list/issues would be replied that fast considering this type of project. Turns out it so fast so that I don't have to wait too long to solve my problem :))

Daniel Salzman

@salzmdan

It's because of Knot DNS is so fast ;-)

azzamsa

@azzamsa

Thank you so much for knot teams! :-))

Where communities thrive

People

Repo info

Activity