These are chat archives for CZ-NIC/knot-resolver

4th
Feb 2017
Peter
@petzah
Feb 04 2017 10:59
I've just installed knot-resolver from strech debian repo and noticed that by default tls port is bound to all interfaces(ListenStream=853). Shouldn't it be only for localhost?
Peter
@petzah
Feb 04 2017 12:05
Another issue I have is systemd socket enabled thingy. In ansible, I want to configure kresd to listen on different port, so I will create the drop-in for kresd.socket and execute daemon-reload, now I want to systemctl restart kresd.socket to get it to different port but I get: "kresd.socket: Socket service kresd.service already active, refusing."
Peter
@petzah
Feb 04 2017 12:15
Solution for me was to put BindsTo= for all 3 sockets into the kresd.service drop-in ref: https://lists.freedesktop.org/archives/systemd-devel/2015-February/027988.html
Andreas Rammhold
@andir
Feb 04 2017 15:38
@petzah you need to clear out the variable in your drop-in file first. Using a "Variable=" line (not sure what the variables are) I did that in my puppet configuration since I wanted it to bind to different addresses
Peter
@petzah
Feb 04 2017 16:15
@andir Thanks, it works! :)
Peter
@petzah
Feb 04 2017 17:25
@andir and it doesn't :D .. next step would be to do some configuration in /etc/knot-resolver/kresd.conf and restart the daemon. Assumption is that because of service is socket activated then if I will bring down any of the systemd sockets the service should go down too, but it isn't. If one will stop kresd.socket, the service will bound to the interface instead of systemd (netstat -natp is kresd instead of init) which means it's not socket-activated anymore. Trying to bring up kresd.socket back up is yielding the message above (kresd.socket: Socket service kresd.service already active, refusing). By configuring tight dependency between sockets and service (e.g. with BindsTo=) this is not happening. Or my assumption is incorrect and I'm doing something wrong :D