For reference, we finally released 1.2.0 yesterday. I believe it's much better tested than any our previous release. Thanks!
yay thats good new :D
I've just installed knot-resolver from strech debian repo and noticed that by default tls port is bound to all interfaces(ListenStream=853). Shouldn't it be only for localhost?
Another issue I have is systemd socket enabled thingy. In ansible, I want to configure kresd to listen on different port, so I will create the drop-in for kresd.socket and execute daemon-reload, now I want to systemctl restart kresd.socket to get it to different port but I get: "kresd.socket: Socket service kresd.service already active, refusing."
@petzah you need to clear out the variable in your drop-in file first. Using a "Variable=" line (not sure what the variables are) I did that in my puppet configuration since I wanted it to bind to different addresses
@andir Thanks, it works! :)
@andir and it doesn't :D .. next step would be to do some configuration in /etc/knot-resolver/kresd.conf and restart the daemon. Assumption is that because of service is socket activated then if I will bring down any of the systemd sockets the service should go down too, but it isn't. If one will stop kresd.socket, the service will bound to the interface instead of systemd (netstat -natp is kresd instead of init) which means it's not socket-activated anymore. Trying to bring up kresd.socket back up is yielding the message above (kresd.socket: Socket service kresd.service already active, refusing). By configuring tight dependency between sockets and service (e.g. with BindsTo=) this is not happening. Or my assumption is incorrect and I'm doing something wrong :D
I think listening on all interfaces on 853 wasn't intended. @oerdnj
@andir Yes, but even with such config there is an issue with restarting daemon. (systemctl restart kresd.service won't work due to "unit kresd.service may be requested by dependency only" and systemctl restart kresd.socket won't work either because once it is stopped kresd daemon will bind to the interfaces insted of systemd)
i usually stop kresd.service after reloading the daemon, config changes to kresd will be picked up due to it being restarted on the next request
nc -v localhost 53
systemctl restart kresd.socket
first is to activate daemon , second will try to stop and start kresd.socket
when socket is down, kresd will bound to the interfaces (verify with netstat -natp |grep 53)