Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Vladimír Čunát
@vcunat
But I guess you meant listening for standard DNS queries :-)
Michal Cichra
@mikz
Yeah, that is acceptable. This would be running alongside the API Gateway in a Docker container, so just one process should be enough.
Yep. Listening for queries.
Vladimír Čunát
@vcunat
I think there's no explicit support for that.
Michal Cichra
@mikz
OpenResty cosockets support UDP over unix domain sockets so I was hoping it would be a bit more efficient when running in the same container.
Petr Špaček
@pspacek
... I would start optimizing later, when is actually works :-)
Vladimír Čunát
@vcunat
I would personally expect bottlenecks to be elsewhere.
Some reported performance degradation when running kresd within docker.
CZ-NIC/knot-resolver#28
Michal Cichra
@mikz
Thanks for the info. Will post some report when I do benchmarks comparing to dnsmasq. I expect the de-duplication could help a lot for my use case.
Vladimír Čunát
@vcunat
Looking forward to that :-)
Michal Cichra
@mikz
Morning. Any recommendation how to use knot-resolver on CentOS/RHEL ? I can see just Fedora packages. Checked EPEL, but it is not there either.
Vladimír Čunát
@vcunat
There might be even some basic dependencies missing or not in high enough version, e.g. we require libknot >= 2.3.1 and libuv >= 1.0.
I don't know if there's a better way than to build from source, unless you already use e.g. https://nixos.org/nix
Michal Cichra
@mikz
vcunat: yeah, some are not there at all like lua-sec-compat. I guess there is no plan to build also for CentOS right?
Vladimír Čunát
@vcunat
No lua libraries are required for basic function, except for luajit itself.
There are no such plans at this moment.
(And I know little about CentOS/RHEL myself.)
Johnathon Mohr
@johnathonm_twitter
Hello
Is there a possible port to Windows?
Vladimír Čunát
@vcunat
At one point kresd did work on Windows, reportedly, but I don't know what's the current status. We've seen no demand yet, I think (up to now).
igregr
@igregr
Hello, is there a way, how to dump the entire cache?
Vladimír Čunát
@vcunat
@igregr: not really.
Certainly not the whole contents.
Ondřej Surý
@oerdnj
igregr: but it's a standard lmdb database, so you can write an utility; or use redis/memcached backend and you can work with cache contents directly
you would just need to decode the data
@johnathonm_twitter: with virtualization being so common (even on Windows) there's a little motivation to do a direct Windows port
Vladimír Čunát
@vcunat
The current state what you can get looks like this:
> cache.get('cz')
[c.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
[cz] => {
    [NS] => true
    [DNSKEY] => true
    [DS] => true
}
[seznam.cz] => {
    [NS] => true
}
[ans.seznam.cz] => {
    [A] => true
    [AAAA] => true
}
[www.seznam.cz] => {
    [A] => true
}
[hc3bc4rs8r2ai3kioqv5c3ktorkc39h4.cz] => {
    [NSEC3] => true
}
[ams.seznam.cz] => {
    [A] => true
    [AAAA] => true
}
[b.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
[a.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
[d.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
Petr Špaček
@pspacek
I think that igregr would be okay with a Lua snippet which returns the data, AFAIK he does not need to extract the data without kresd.
In other words, he could use kresd's decoding functions in Lua if we can give him hint how to use them.
lanconnected
@lanconnected
Hello, how can I fill in a bug report? We would like to set up knot resolver in a way that only a certain amount of fixed IPs are allowed to ask queries and the rest of the internet wil get dropped. The ACL filter seems straight forward:
Vladimír Čunát
@vcunat
@lanconnected: and what's wrong?
lanconnected
@lanconnected
view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end) to drop everything as a last rule. The problem is this does not work because of the function kr_bitcmp() which does not allow 0 bitlen. The proposed change should look like:
int kr_bitcmp(const char a, const char b, int bits)
{
  • if (!a || !b || bits == 0) {
  • if (!a || !b) {
    return kr_error(ENOMEM);
    }
    / Compare part byte-divisible part. /
After this change, the ACL ruleset works correctly.
Vladimír Čunát
@vcunat
I see. I'll have a look. It not clear immediately if the condition was there for a purpose.
lanconnected
@lanconnected
Thanks. As I understand it, the function should end on memcmp() which should always succeed.
Anyway, the kr_bitcmp() should allow bitlen==0. It's a valid input value which makes sence.
Vladimír Čunát
@vcunat
Yes, I checked all call sites now. I'll fix it.
lanconnected
@lanconnected
It would also be nice to add this special case to the documentation. So others know how to specify catch-all scenario.
Vladimír Čunát
@vcunat
You mean the view module?
Vladimír Čunát
@vcunat
I would take the following approach, but for the current use cases it should make no difference.
https://gitlab.labs.nic.cz/knot/resolver/merge_requests/234
lanconnected
@lanconnected
The patch seems OK from my point-of-view, it allows /0 and that's important. I would also put one more example with /0 under "Example configuration" to the view module documentation.
Vladimír Čunát
@vcunat
OK, added that.
Dan Rimal
@danrimal
Hello, i try to setup knot resolver is some non trivial network environment and i have some issue. I think it is bug. Is there any way to confirm bug?
Ondřej Surý
@oerdnj
@danrimal Hi Dan, the best way would be to report it to https://gitlab.labs.nic.cz/knot/resolver/issues so we can take a look
Dan Rimal
@danrimal
Fajn, i will do that. Thanks
lanconnected
@lanconnected
Hello, we would like to create a munin plugin for knot-resolver. I have noticed there is a stats module which provides a lot of information but the documentation is unclear on how to gather this information from outside of knot process (which is running as a daemon). Could you point me to some relevant documentation/examples? Is there a way to bind the interactive command line to a running knot? Do we have to create a separate module for this and populate some file on HDD?
Vladimír Čunát
@vcunat
@lanconnected: if you run it in non-interactive mode, it creates a socket. You can connect on the socket and give (lua) commands, just as in config file or interactive mode.
Ondřej Surý
@oerdnj
@lanconnected There's a HTTP/2 interface available as a kresd module.