These are chat archives for CZ-NIC/knot-resolver

7th
Dec 2018
Vladimír Čunát
@vcunat
Dec 07 2018 08:41
I'm unable to reproduce the error. There are some problems with the nameservers, but I can't see anything fatal for kresd in typical case. http://dnsviz.net/d/flutter-io.cn/XAow2Q/dnssec/ (e.g. TCP is a fallback mechanism for some issues, so you have lower resiliency if it doesn't work; apex CNAMEs are also against standards and they break forwarding)
Petr Špaček
@pspacek
Dec 07 2018 09:31
@ookangzheng Hi. The fact it works on 1.1.1.1 and does not work locally indicates potential problem in local network because 1.1.1.1 is running Knot Resolver ...
edoo
@ookangzheng
Dec 07 2018 13:37
@pspacek Ya, Im running knot-resolver too, when I changed forward.stub to 1.1.1.1 or 8.8.8.8 or 9.9.9.9, it works perfectly. I think is DNSSEC problem
Vladimír Čunát
@vcunat
Dec 07 2018 14:16
Your "usual/broken" configuration is without forwarding, right?
(Otherwise the apex CNAME will break resolution, most likely.)
edoo
@ookangzheng
Dec 07 2018 14:31
yap, I think will be apex CNAME
I made a whitelist for this domain in knot-resolver to fix this problem