These are chat archives for CZ-NIC/knot-resolver

6th
Sep 2018
Vladimír Čunát
@vcunat
Sep 06 2018 06:00 UTC
For surprised readers, this is NixOS configuration snippet. Interesting problem; I'll have a further look.
Vladimír Čunát
@vcunat
Sep 06 2018 06:36 UTC
BTW, you don't need to specify ca_file, as the system trust store is used by default in kresd >= 2.4.0.
Vladimír Čunát
@vcunat
Sep 06 2018 06:44 UTC
@eadwu: with exactly this configuration and same kresd version, I can't make it happen. I correctly assume x86_64, right? I can't see how that assertion could be triggered. Can you add verbose(true) to the config file and provide some logs around these assertions?
Edmund Wu
@eadwu
Sep 06 2018 20:19 UTC

Sorry just got back from school, late last night while trying to find out what was wrong I found out that I had more configuration in another file so I'll just post the config (after I merged them) from the system service

modules = {
  'policy'
}

verbose(true)
cache.size = 100 * MB

policy.add(policy.all(policy.TLS_FORWARD({
  { '9.9.9.9', hostname = 'dns.quad9.net'},
  { '149.112.112.112', hostname = 'dns.quad9.net'},
  { '2620:fe::fe', hostname = 'dns.quad9.net'},
  { '2620:fe::9', hostname = 'dns.quad9.net'}
})))

as for the verbose(true), the output from journalctl -b -u kresd.service is here https://pastebin.com/EMpznd09.

Edmund Wu
@eadwu
Sep 06 2018 21:31 UTC
Removing the IPv6 addresses seem to stop the messages from appearing and everything appears to work fine (at least for now), though there is a message saying [ ta ] active refresh failed for . with rcode: 2.