Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Vladimír Čunát
@vcunat
The XDP work was originally started for resolver (a year ago), but release-wise it's the other way.
Robert Šefr
@robcza
It just caught my eye. But if I understand it, the XDP support will be added to resolver as well sooner or later
Vladimír Čunát
@vcunat
Yes, certainly. There's mainly configuration interface missing and such details.
I thought you used VM or containers and for now I'm not sure how XDP applies there, though at least in theory the API can be used for significantly decreasing the price paid for passing through such additional layers.
Petr Špaček
@pspacek
@robcza XDP support on our side will require change in API for modules, see https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/985
Vladimír Čunát
@vcunat
(I didn't verify it now, but I can't recall anything relevant changing in the meantime.)
Micah
@micah_gitlab
hello, it seems there is something wrong with the repository for Debian_10. The Packages file lists the size of the package knot-resolver_5.1.3-1_amd64.deb as 293328 bytes but if you download the actual package you find that it is 293436 bytes in size
matrixbot
@matrixbot
tkrizek Hi, does it actually break something?
tkrizek OBS is a huge mess when it comes to details like this. It's the reason their Arch packages are unusable..
tkrizek It might also be some transient artifact caused by out of sync metadata vs published packages.
tkrizek You could report it to OBS, but I doubt they're going to fix it if it doesn't break something. This issue might be related openSUSE/open-build-service#1130
Micah
@micah_gitlab
yes, it does break the ability to install the package
apt will refuse to install a package that does not validate, in this case the size is different from the signed version of the file.
  File has unexpected size (293436 != 293328). Mirror sync in progress? [IP: 198.252.153.38 9999]
  Hashes of expected file:
   - SHA256:68d47a8488987a9da8a3ea89523f92a67415bc8c2f8f3ed2f66817f3f1697a2d
   - SHA1:d272ecc5c32c0e4c1256fa99a63c019a53df8eb9 [weak]
   - MD5Sum:001f79ad908b7b65df715b7cea1d24c0 [weak]
   - Filesize:293328 [weak]
that is what you get and it will fail to proceed. Ignoring this is a security problem.
if the hash of the file differs from the hash that is in the file that has been signed by the archive, that means that the file is different than it should be.
and apt is doing the right thing by refusing to install something that is not cryptographically authenticated
matrixbot
@matrixbot
tkrizek I might be hitting a different mirror, but when I try to install the package for Debian 10 in Docker, it works
look inside of it, and look for the knot-resolver section, and find the Size that is listed
matrixbot
@matrixbot
tkrizek I see the difference there, I'm just trying to figure out if the Packages file that was downloaded in my docker container is the same, or somehow different
Jakub Ružička
@jruzicka-nic
It's relatively new package so it can be mirror sync issue as suggested... let me see if I can use the repo from VM.
matrixbot
@matrixbot
tkrizek When I download the package directly from https://build.opensuse.org/package/binaries/home:CZ-NIC:knot-resolver-latest/knot-resolver/Debian_10 it has the right size, so there might be some OBS issues with mirror synchronization. I'd give it a few hours
Jakub Ružička
@jruzicka-nic
Setting up knot-resolver (5.1.3.1599813553.3e661bfe-1) ...
Micah
@micah_gitlab
fyi: ive had this issue for three days
Jakub Ružička
@jruzicka-nic
I'm able to install from knot-resolver-latest repo on fresh debian 10.
Micah
@micah_gitlab
our alerting system has been firing for that long, so I did wait a little while in case it was a mirror sync issue
@jruzicka-nic i suspect you are getting a different mirror perhaps, and one of the mirrors involved is broken or compromised
Jakub Ružička
@jruzicka-nic
@micah_gitlab yes it seem like borked mirror so I wonder how to fix that up other way than rebuild.
Jakub Ružička
@jruzicka-nic
🤔
matrixbot
@matrixbot
tkrizek I attempted to delete all binaries and triggered a rebuild, that's the best OBS lets me do. Hopefully that will fix it.
tkrizek @micah_gitlab have you seen this issue before or was this the first time it happened?
Micah
@micah_gitlab
tkrizek: I have seen it before
I still see the files there, so let me know when its done so I can check it!
matrixbot
@matrixbot
tkrizek knot-resolver-5.1.3-2 seems to have fixed it for Ubuntu. Hopefully once Debian repo is updated, the issue will go away. Thanks for reporting this, it gives us yet another reason to migrate away from OBS.
Micah
@micah_gitlab
I'm not a fan myself, I find the URLs confusing (who puts : in urls like that ?)
Jakub Ružička
@jruzicka-nic
OBS is close to being great but not really due to issues like this and utter lack of control. Good value but inconsistent quality... We can (should) do better and we will, mark my words :)
Micah
@micah_gitlab
I believe you, knot consistently does better all around, I've been impressed many times over :D
Jakub Ružička
@jruzicka-nic
Yeah I announced termination of knot-dns OBS repos yesterday and knot-resolver is likely to follow shortly as buildsystem should seriously not force new package release, what a bad taste :[
Jakub Ružička
@jruzicka-nic
@micah_gitlab I, too, am very pleasantly surprised by knot packaging, it's nearly state of the art AFAICT ;)
Micah
@micah_gitlab
tkrizek: i just was able to get the -2 package and it worked perfectly
Robert Šefr
@robcza
having issues on one of the resolvers accessing some of the domains on wp-hosting after yesterdays issue with authoritative servers. not able to read the debug log properly. Could I ask you for help?
https://gist.githubusercontent.com/robcza/aefbe161ed98519c8e13648529a2f690/raw/9fcc15708bdb1886c30304d2313eec64a834e226/wp-hosting.cz
Vladimír Čunát
@vcunat
@robcza: they have two IPv4 NSs and neither replies (over UDP or TCP). The same is still happening from my point of view ATM.
I assume you turned IPv6 off at that point? That one address seems to work here.
Petr Špaček
@pspacek
Well it seems (https://www.facebook.com/Subreg.CZ/posts) that they had quite serious outage so it is not exactly surprising it died :-)
Vladimír Čunát
@vcunat
Based on what I had read, I thought Subreg's DNS was up already long before I tested it.
titouwan
@titouwan
any one having issues with stats.frequent() reporting only 1 count for all entries ?