Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Vladimír Čunát
@vcunat
(And I know little about CentOS/RHEL myself.)
Johnathon Mohr
@johnathonm_twitter
Hello
Is there a possible port to Windows?
Vladimír Čunát
@vcunat
At one point kresd did work on Windows, reportedly, but I don't know what's the current status. We've seen no demand yet, I think (up to now).
igregr
@igregr
Hello, is there a way, how to dump the entire cache?
Vladimír Čunát
@vcunat
@igregr: not really.
Certainly not the whole contents.
Ondřej Surý
@oerdnj
igregr: but it's a standard lmdb database, so you can write an utility; or use redis/memcached backend and you can work with cache contents directly
you would just need to decode the data
@johnathonm_twitter: with virtualization being so common (even on Windows) there's a little motivation to do a direct Windows port
Vladimír Čunát
@vcunat
The current state what you can get looks like this:
> cache.get('cz')
[c.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
[cz] => {
    [NS] => true
    [DNSKEY] => true
    [DS] => true
}
[seznam.cz] => {
    [NS] => true
}
[ans.seznam.cz] => {
    [A] => true
    [AAAA] => true
}
[www.seznam.cz] => {
    [A] => true
}
[hc3bc4rs8r2ai3kioqv5c3ktorkc39h4.cz] => {
    [NSEC3] => true
}
[ams.seznam.cz] => {
    [A] => true
    [AAAA] => true
}
[b.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
[a.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
[d.ns.nic.cz] => {
    [A] => true
    [AAAA] => true
}
Petr Špaček
@pspacek
I think that igregr would be okay with a Lua snippet which returns the data, AFAIK he does not need to extract the data without kresd.
In other words, he could use kresd's decoding functions in Lua if we can give him hint how to use them.
lanconnected
@lanconnected
Hello, how can I fill in a bug report? We would like to set up knot resolver in a way that only a certain amount of fixed IPs are allowed to ask queries and the rest of the internet wil get dropped. The ACL filter seems straight forward:
Vladimír Čunát
@vcunat
@lanconnected: and what's wrong?
lanconnected
@lanconnected
view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end) to drop everything as a last rule. The problem is this does not work because of the function kr_bitcmp() which does not allow 0 bitlen. The proposed change should look like:
int kr_bitcmp(const char a, const char b, int bits)
{
  • if (!a || !b || bits == 0) {
  • if (!a || !b) {
    return kr_error(ENOMEM);
    }
    / Compare part byte-divisible part. /
After this change, the ACL ruleset works correctly.
Vladimír Čunát
@vcunat
I see. I'll have a look. It not clear immediately if the condition was there for a purpose.
lanconnected
@lanconnected
Thanks. As I understand it, the function should end on memcmp() which should always succeed.
Anyway, the kr_bitcmp() should allow bitlen==0. It's a valid input value which makes sence.
Vladimír Čunát
@vcunat
Yes, I checked all call sites now. I'll fix it.
lanconnected
@lanconnected
It would also be nice to add this special case to the documentation. So others know how to specify catch-all scenario.
Vladimír Čunát
@vcunat
You mean the view module?
Vladimír Čunát
@vcunat
I would take the following approach, but for the current use cases it should make no difference.
https://gitlab.labs.nic.cz/knot/resolver/merge_requests/234
lanconnected
@lanconnected
The patch seems OK from my point-of-view, it allows /0 and that's important. I would also put one more example with /0 under "Example configuration" to the view module documentation.
Vladimír Čunát
@vcunat
OK, added that.
Dan Rimal
@danrimal
Hello, i try to setup knot resolver is some non trivial network environment and i have some issue. I think it is bug. Is there any way to confirm bug?
Ondřej Surý
@oerdnj
@danrimal Hi Dan, the best way would be to report it to https://gitlab.labs.nic.cz/knot/resolver/issues so we can take a look
Dan Rimal
@danrimal
Fajn, i will do that. Thanks
lanconnected
@lanconnected
Hello, we would like to create a munin plugin for knot-resolver. I have noticed there is a stats module which provides a lot of information but the documentation is unclear on how to gather this information from outside of knot process (which is running as a daemon). Could you point me to some relevant documentation/examples? Is there a way to bind the interactive command line to a running knot? Do we have to create a separate module for this and populate some file on HDD?
Vladimír Čunát
@vcunat
@lanconnected: if you run it in non-interactive mode, it creates a socket. You can connect on the socket and give (lua) commands, just as in config file or interactive mode.
Ondřej Surý
@oerdnj
@lanconnected There's a HTTP/2 interface available as a kresd module.
lanconnected
@lanconnected

@oerdnj I have tried adding 'http' to modules={} but it complains that http module cannot be found: error: module 'http' not found: error: No such file or directory.
Is it a .lua module? Do we have to recompile the daemon with different flags?

The relevant config part looks like:
modules = {
'policy', -- Block queries to local zones/bad sites
'view', -- Handle requests by source IP
'stats', -- Track internal statistics
'http',
}

Ondřej Surý
@oerdnj
It's a lua module. How did you install the kresd?
It requires several lua extensions, most notably: https://github.com/daurnimator/lua-http
lanconnected
@lanconnected

@oerdnj It's a custom rpm package. Now I see, there is a part of the rpm which excludes this module. I'll check it out.

What about the socket Vladimir talked about? Isn't it an easier way if it's already built in? Can I configure where the socket appears? How do I find which socket is meant to be used for this communication?

Vladimír Čunát
@vcunat
@lanconnected: it's builtin. A named socket (for each process), typically it's created in $PWD/tty/$PID but systemd service can override the location.
lanconnected
@lanconnected
@vcunat Is there any documentation regarding the syntax?
Ondřej Surý
@oerdnj
@lanconnected However that would require you to parse lua output
Vladimír Čunát
@vcunat
Yes, the HTTP interface will be easier to consume.
Ondřej Surý
@oerdnj
@lanconnected It's a lua console, so everything in the documentation related to the config file, modules, etc. can be used there. And the output is lua
lanconnected
@lanconnected
I see. Thanks for the tips. I'll try to make it work one way or another.
Marek Vavruša
@vavrusa
There is a third option - you can just write stats every X to a file like you want from the config. If you write something like local s, f = '', io.open('logs', 'a') for k,v in pairs(stats.list()) do s = s .. string.format('%s = %d\n', k, v) end f:write(s) f:close()(untested, but you get the idea) it will append stats to a logs file. You can schedule to do this every minute for example, like event.recurrent(1 * minute, function () local s, f = '', io.open('logs', 'a') for k,v in pairs(stats.list()) do s = s .. string.format('%s = %d\n', k, v) end f:write(s) f:close() end) (you just put this in the config). See http://knot-resolver.readthedocs.io/en/stable/daemon.html#events-and-services
James Nedila
@krunchyklown
I'm in the middle of learning the Lua module interface with Knot-Resolver, and I have a question: Where would I find the source IP address of a particular DNS request?
Marek Vavruša
@vavrusa
Marek Vavruša
@vavrusa
@mikz this actually supports async DNS in OpenResty https://github.com/vavrusa/ljdns/tree/master/warp#running-in-openresty but there's no backend using libkres yet (just auth and caches/forwarders), it shouldn't be so hard to create it though as libkres already has an ffi abstraction
James Nedila
@krunchyklown
@vavrusa Great, thanks!
James Nedila
@krunchyklown
Next question, how do I get this field into presentable format?