These are chat archives for CZ-NIC/knot-resolver

9th
Nov 2016
xferix
@xferix
Nov 09 2016 17:42
hello there, we are testing knot-resolver and are facing this issues on ubuntu 16.4 lts: test@resolv2-2:~$ sudo systemctl restart kresd
Failed to restart kresd.service: Operation refused, unit kresd.service may be requested by dependency only.
See system logs and 'systemctl status kresd.service' for details.

and:
```test@resolv2-2:~$ systemctl status kresd.service
● kresd.service - Knot DNS Resolver daemon
Loaded: loaded (/lib/systemd/system/kresd.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Wed 2016-11-09 18:10:04 CET; 23min ago
Docs: man:kresd(8)
Process: 1316 ExecStart=/usr/sbin/kresd $KRESD_ARGS (code=exited, status=1/FAILURE)
Main PID: 1316 (code=exited, status=1/FAILURE)

Nov 09 18:10:04 resolv2-2 systemd[1]: kresd.service: Unit entered failed state.
Nov 09 18:10:04 resolv2-2 systemd[1]: kresd.service: Failed with result 'exit-code'.
Nov 09 18:10:04 resolv2-2 systemd[1]: kresd.service: Service hold-off time over, scheduling restart.
Nov 09 18:10:04 resolv2-2 systemd[1]: Stopped Knot DNS Resolver daemon.
Nov 09 18:10:04 resolv2-2 systemd[1]: kresd.service: Start request repeated too quickly.
Nov 09 18:10:04 resolv2-2 systemd[1]: Failed to start Knot DNS Resolver daemon.

```

Vladimír Čunát
@vcunat
Nov 09 2016 17:46
@xferix: which package do you use? Directly from the distribution?
xferix
@xferix
Nov 09 2016 17:46
yes
no
LC_ALL=C.UTF-8 add-apt-repository ppa:cz.nic-labs/knot-resolver
this one
so version 1.1.1
Ondřej Surý
@oerdnj
Nov 09 2016 17:49
$ zcat /usr/share/doc/knot-resolver/NEWS.Debian.gz 
knot-resolver (1.1.0~git2016072900-1) unstable; urgency=medium

  * Knot Resolver now starts and runs under unprivileged user and uses a
    socket activations to bind on the privileged ports.  That means that if
    you use anything more complicated than that you need to either override
    the default service file with `systemd edit knot-resolver.service`, or
    just disable it and provide your own custom system service file tailored
    to your needs.

 -- Ondřej Surý <ondrej@debian.org>  Thu, 04 Aug 2016 09:04:53 +0200
What does:
systemctl status kresd*.socket say?
xferix
@xferix
Nov 09 2016 17:50

test@resolv2-2:~$ systemctl status kresd*.socket
● kresd-tls.socket - Knot DNS Resolver TLS network listener
Loaded: loaded (/lib/systemd/system/kresd-tls.socket; enabled; vendor preset: enabled)
Active: failed (Result: service-start-limit-hit) since Wed 2016-11-09 18:10:04 CET; 40min ago
Docs: man:kresd(8)
Listen: [::]:853 (Stream)

Nov 09 18:09:32 resolv2-2 systemd1: Listening on Knot DNS Resolver TLS network listener.
Nov 09 18:10:04 resolv2-2 systemd1: kresd-tls.socket: Unit entered failed state.

● kresd.socket - Knot DNS Resolver network listeners
Loaded: loaded (/lib/systemd/system/kresd.socket; enabled; vendor preset: enabled)
Active: failed (Result: service-start-limit-hit) since Wed 2016-11-09 18:10:04 CET; 40min ago
Docs: man:kresd(8)
Listen: [::1]:53 (Stream)

       [::1]:53 (Datagram)
       127.0.0.1:53 (Stream)
       127.0.0.1:53 (Datagram)

Nov 09 18:09:32 resolv2-2 systemd1: Listening on Knot DNS Resolver network listeners.
Nov 09 18:10:04 resolv2-2 systemd1: kresd.socket: Unit entered failed state.

● kresd-control.socket - Knot DNS Resolver control socket
Loaded: loaded (/lib/systemd/system/kresd-control.socket; enabled; vendor preset: enabled)
Active: failed (Result: service-start-limit-hit) since Wed 2016-11-09 18:10:04 CET; 40min ago
Docs: man:kresd(8)
Listen: /run/knot-resolver/control (Stream)

Nov 09 18:09:32 resolv2-2 systemd1: Listening on Knot DNS Resolver control socket.
Nov 09 18:10:04 resolv2-2 systemd1: kresd-control.socket: Unit entered failed state.

Ondřej Surý
@oerdnj
Nov 09 2016 17:52

do:

systemctl reset-failed kresd*
systemctl restart kresd*.socket
systemctl stop kresd.service

anything interesting in:
journalctl --unit=kresd.service?

xferix
@xferix
Nov 09 2016 17:53
root@resolv2-1:/lib/systemd# journalctl --unit=kresd.service
-- Logs begin at Wed 2016-11-09 17:50:45 CET, end at Wed 2016-11-09 18:52:55 CET. --
Nov 09 17:52:53 resolv2-1 systemd1: Stopped Knot DNS Resolver daemon.
Nov 09 18:52:55 resolv2-1 systemd1: Stopped Knot DNS Resolver daemon.
Ondřej Surý
@oerdnj
Nov 09 2016 17:53
journactl --unit=kresd.socket?
xferix
@xferix
Nov 09 2016 17:55
-- No entries --
I have another server installed and there I have more information:
test@resolv2-2:~$ journalctl --unit=kresd.service
-- Logs begin at Wed 2016-11-09 18:09:30 CET, end at Wed 2016-11-09 18:56:27 CET. --
Nov 09 18:10:02 resolv2-2 systemd1: Starting Knot DNS Resolver daemon...
Nov 09 18:10:03 resolv2-2 kresd[1303]: error: Cannot assign requested address
Nov 09 18:10:03 resolv2-2 kresd[1303]: [system] worker failed: Bad file descriptor
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 18:10:03 resolv2-2 systemd1: Failed to start Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Unit entered failed state.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Failed with result 'exit-code'.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Service hold-off time over, scheduling restart.
Nov 09 18:10:03 resolv2-2 systemd1: Stopped Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: Starting Knot DNS Resolver daemon...
Nov 09 18:10:03 resolv2-2 kresd[1307]: error: Cannot assign requested address
Nov 09 18:10:03 resolv2-2 kresd[1307]: [system] worker failed: Bad file descriptor
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 18:10:03 resolv2-2 systemd1: Failed to start Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Unit entered failed state.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Failed with result 'exit-code'.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Service hold-off time over, scheduling restart.
Nov 09 18:10:03 resolv2-2 systemd1: Stopped Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: Starting Knot DNS Resolver daemon...
Nov 09 18:10:03 resolv2-2 kresd[1310]: error: Cannot assign requested address
Nov 09 18:10:03 resolv2-2 kresd[1310]: [system] worker failed: Bad file descriptor
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 18:10:03 resolv2-2 systemd1: Failed to start Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Unit entered failed state.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Failed with result 'exit-code'.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Service hold-off time over, scheduling restart.
Nov 09 18:10:03 resolv2-2 systemd1: Stopped Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: Starting Knot DNS Resolver daemon...
Nov 09 18:10:03 resolv2-2 kresd[1313]: error: Cannot assign requested address
Nov 09 18:10:03 resolv2-2 kresd[1313]: [system] worker failed: Bad file descriptor
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 18:10:03 resolv2-2 systemd1: Failed to start Knot DNS Resolver daemon.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Unit entered failed state.
Nov 09 18:10:03 resolv2-2 systemd1: kresd.service: Failed with result 'exit-code'.
Nov 09 18:10:04 resolv2-2 systemd1: kresd.service: Service hold-off time over, scheduling restart.
Nov 09 18:10:04 resolv2-2 systemd1: Stopped Knot DNS Resolver daemon.
Nov 09 18:10:04 resolv2-2 systemd1: Starting Knot DNS Resolver daemon...
Nov 09 18:10:04 resolv2-2 kresd[1316]: error: Cannot assign requested address
Nov 09 18:10:04 resolv2-2 kresd[1316]: [system] worker failed: Bad file descriptor
Nov 09 18:10:04 resolv2-2 systemd1: kresd.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 18:10:04 resolv2-2 systemd1: Failed to start Knot DNS Resolver daemon.
Nov 09 18:10:04 resolv2-2 systemd1: kresd.service: Unit entered failed state.
Nov 09 18:10:04 resolv2-2 systemd1: kresd.service: Failed with result 'exit-code'.
Nov 09 18:10:04 resolv2-2 systemd1: kresd.service: Service hold-off time over, scheduling restart.
Nov 09 18:10:04 resolv2-2 systemd1: Stopped Knot DNS Resolver daemon.
Nov 09 18:10:04 resolv2-2 systemd1: kresd.service: Start request repeated too quickly.
Nov 09 18:10:04 resolv2-2 systemd1: Failed to start Knot DNS Resolver daemon.
Nov
Ondřej Surý
@oerdnj
Nov 09 2016 17:57
what systemd version do you have on those systems?
xferix
@xferix
Nov 09 2016 17:58
systemd 229
ubuntu 16.4 lts latest updates installed
Ondřej Surý
@oerdnj
Nov 09 2016 18:00
And how does the config file looks like? Do you bind to any addresses there with net.listen()?
xferix
@xferix
Nov 09 2016 18:00
yes
no
net = { '127.0.0.1', '::1', }
/etc/knot-resolver/kresd.conf
Ondřej Surý
@oerdnj
Nov 09 2016 18:01
hmm, ok, then that's the case. You either need to modify kresd.socket to listen on required IP addresses, or mask kresd*.socket and modify kresd.service to run as root and change the user in the config file
as kresd is started under knot-resolver user, it cannot bind to those IP addresses
Vladimír Čunát
@vcunat
Nov 09 2016 18:03
What addresses are listened by kresd.socket by default?
Ondřej Surý
@oerdnj
Nov 09 2016 18:03
127.0.0.1 and ::1
ListenStream=[::1]:53
ListenDatagram=[::1]:53
ListenStream=127.0.0.1:53
ListenDatagram=127.0.0.1:53
Vladimír Čunát
@vcunat
Nov 09 2016 18:03
In that case it should be enough to remove that config line, right?
Ondřej Surý
@oerdnj
Nov 09 2016 18:04
True
Vladimír Čunát
@vcunat
Nov 09 2016 18:04
the net = { '127.0.0.1', '::1', } line, to be clear
xferix
@xferix
Nov 09 2016 18:05
ok, thank you very much for the support, I will check this tomorrow
Ondřej Surý
@oerdnj
Nov 09 2016 18:05
I was thinking about more general case when listening to other IP addresses (external) is required
xferix
@xferix
Nov 09 2016 18:05
ok thank you, I will check tomorrow
Ondřej Surý
@oerdnj
Nov 09 2016 18:05
On one of my servers I have:
root@milkyway:~# cat /etc/systemd/system/kresd.socket.d/override.conf 
[Unit]
After=network-online.target

[Socket]
ListenStream=[fd00:5f0:c001:122:a8::1]:53
ListenDatagram=[fd00:5f0:c001:122:a8::1]:53
Vladimír Čunát
@vcunat
Nov 09 2016 18:07
Hmm, yeah, the systemd root-less way has this disadvantage that you have to set such things in different file(s) and in a more complicated way than just /etc/knot-resolver/kresd.conf
Ondřej Surý
@oerdnj
Nov 09 2016 18:09
I will provide more clear instructions in README.Debian how to easily switch from one way to another, or prepare a switch script.
Vladimír Čunát
@vcunat
Nov 09 2016 18:10
This will be the same on other systemd distros, right?
Ondřej Surý
@oerdnj
Nov 09 2016 18:10
Yep, but Debian/Ubuntu is the only one that's packaged this way.
Vladimír Čunát
@vcunat
Nov 09 2016 18:11
Not Fedora?
(I see kresd.socket file in the rpm)
Vladimír Čunát
@vcunat
Nov 09 2016 18:17
Maybe I should also finally make a kresd service for NixOS, months after having packaged kresd locally, but there the IP lists for systemd can be auto-generated...