These are chat archives for CZ-NIC/knot-resolver

6th
Aug 2018
Petr Špaček
@pspacek
Aug 06 2018 06:55 UTC
You can only set global minimum and maximum TTL, see cache.min_ttl in docs.
edoo
@ookangzheng
Aug 06 2018 07:27 UTC
ok
Robert Šefr
@robcza
Aug 06 2018 13:43 UTC

What is the best practice in regards of initialization of root hints? Just encountered an issue on one particular instance, that seems odd:

> hints.root()
[c.root-servers.net.] => {
    [1] => 192.33.4.12
}
[k.root-servers.net.] => {
    [1] => 2001:7fd::1
}
[i.root-servers.net.] => {
    [1] => 2001:7fe::53
}
[b.root-servers.net.] => {
    [1] => 2001:500:200::b
}

This happens on request: dig irishtimes.com @127.0.0.1
https://pastebin.com/raw/KjLDWKjc

Vladimír Čunát
@vcunat
Aug 06 2018 13:46 UTC
In the log it tries to ask the NSs for com. and not root.
No idea why they reply with SERVFAIL to you.
(I looked at the first two IPs tried, and they seem correct.)
Robert Šefr
@robcza
Aug 06 2018 14:02 UTC
@vcunat but I'm not expected to initialize hints.root in any way?
Vladimír Čunát
@vcunat
Aug 06 2018 14:02 UTC
@robcza I can't see how this would be related to root hints.
kresd asks IPs for com., and it asks for a name in com.
Petr Špaček
@pspacek
Aug 06 2018 14:05 UTC
This smells like firewall/hijack. All the IP addresses have almost the same (very low) RTT and its quite unlikely.
From CESNET in Brno:
$ ping 192.41.162.30
PING 192.41.162.30 (192.41.162.30) 56(84) bytes of data.
64 bytes from 192.41.162.30: icmp_seq=1 ttl=52 time=130 ms
64 bytes from 192.41.162.30: icmp_seq=2 ttl=52 time=129 ms
Robert Šefr
@robcza
Aug 06 2018 14:07 UTC
could be actually something like that :( will investigate further, thank you
Vladimír Čunát
@vcunat
Aug 06 2018 14:11 UTC
You might try something like dnstraceroute from https://dnsdiag.org/
(or maybe simple traceroute will reveal this one as well)
Robert Šefr
@robcza
Aug 06 2018 14:37 UTC
I smell something fishy :)
traceroute to 192.41.162.30 (192.41.162.30), 30 hops max, 60 byte packets
 1  l.gtld-servers.net (192.41.162.30)  1.068 ms  1.022 ms  0.974 ms
 2  l.gtld-servers.net (192.41.162.30)  1.062 ms * *
 3  l.gtld-servers.net (192.41.162.30)  7.960 ms  7.903 ms  7.861 ms
 4  l.gtld-servers.net (192.41.162.30)  9.591 ms  9.605 ms  9.489 ms
 5  l.gtld-servers.net (192.41.162.30)  9.382 ms  9.336 ms  7.792 ms
 6  l.gtld-servers.net (192.41.162.30)  7.733 ms  10.241 ms  7.977 ms
 7  l.gtld-servers.net (192.41.162.30)  9.402 ms  8.517 ms  10.062 ms
Vladimír Čunát
@vcunat
Aug 06 2018 14:40 UTC
On the first hop already :-D
Robert Šefr
@robcza
Aug 06 2018 14:40 UTC
yes, incredibly optimized location for the resolver :)
Vladimír Čunát
@vcunat
Aug 06 2018 14:41 UTC
You beat the speed of light, apparently.
Petr Špaček
@pspacek
Aug 06 2018 16:34 UTC
@robcza Here is preliminary list of changes in upcomming Knot Resolver: https://knot-resolver.readthedocs.io/en/knot-2.7/lib.html#incompatible-changes-since-3-0-0