Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
matrixbot
@matrixbot
tkrizek I might be hitting a different mirror, but when I try to install the package for Debian 10 in Docker, it works
look inside of it, and look for the knot-resolver section, and find the Size that is listed
matrixbot
@matrixbot
tkrizek I see the difference there, I'm just trying to figure out if the Packages file that was downloaded in my docker container is the same, or somehow different
Jakub Ružička
@jruzicka-nic
It's relatively new package so it can be mirror sync issue as suggested... let me see if I can use the repo from VM.
matrixbot
@matrixbot
tkrizek When I download the package directly from https://build.opensuse.org/package/binaries/home:CZ-NIC:knot-resolver-latest/knot-resolver/Debian_10 it has the right size, so there might be some OBS issues with mirror synchronization. I'd give it a few hours
Jakub Ružička
@jruzicka-nic
Setting up knot-resolver (5.1.3.1599813553.3e661bfe-1) ...
Micah
@micah_gitlab
fyi: ive had this issue for three days
Jakub Ružička
@jruzicka-nic
I'm able to install from knot-resolver-latest repo on fresh debian 10.
Micah
@micah_gitlab
our alerting system has been firing for that long, so I did wait a little while in case it was a mirror sync issue
@jruzicka-nic i suspect you are getting a different mirror perhaps, and one of the mirrors involved is broken or compromised
Jakub Ružička
@jruzicka-nic
@micah_gitlab yes it seem like borked mirror so I wonder how to fix that up other way than rebuild.
Jakub Ružička
@jruzicka-nic
🤔
matrixbot
@matrixbot
tkrizek I attempted to delete all binaries and triggered a rebuild, that's the best OBS lets me do. Hopefully that will fix it.
tkrizek @micah_gitlab have you seen this issue before or was this the first time it happened?
Micah
@micah_gitlab
tkrizek: I have seen it before
I still see the files there, so let me know when its done so I can check it!
matrixbot
@matrixbot
tkrizek knot-resolver-5.1.3-2 seems to have fixed it for Ubuntu. Hopefully once Debian repo is updated, the issue will go away. Thanks for reporting this, it gives us yet another reason to migrate away from OBS.
Micah
@micah_gitlab
I'm not a fan myself, I find the URLs confusing (who puts : in urls like that ?)
Jakub Ružička
@jruzicka-nic
OBS is close to being great but not really due to issues like this and utter lack of control. Good value but inconsistent quality... We can (should) do better and we will, mark my words :)
Micah
@micah_gitlab
I believe you, knot consistently does better all around, I've been impressed many times over :D
Jakub Ružička
@jruzicka-nic
Yeah I announced termination of knot-dns OBS repos yesterday and knot-resolver is likely to follow shortly as buildsystem should seriously not force new package release, what a bad taste :[
Jakub Ružička
@jruzicka-nic
@micah_gitlab I, too, am very pleasantly surprised by knot packaging, it's nearly state of the art AFAICT ;)
Micah
@micah_gitlab
tkrizek: i just was able to get the -2 package and it worked perfectly
Robert Šefr
@robcza
having issues on one of the resolvers accessing some of the domains on wp-hosting after yesterdays issue with authoritative servers. not able to read the debug log properly. Could I ask you for help?
https://gist.githubusercontent.com/robcza/aefbe161ed98519c8e13648529a2f690/raw/9fcc15708bdb1886c30304d2313eec64a834e226/wp-hosting.cz
Vladimír Čunát
@vcunat
@robcza: they have two IPv4 NSs and neither replies (over UDP or TCP). The same is still happening from my point of view ATM.
I assume you turned IPv6 off at that point? That one address seems to work here.
Petr Špaček
@pspacek
Well it seems (https://www.facebook.com/Subreg.CZ/posts) that they had quite serious outage so it is not exactly surprising it died :-)
Vladimír Čunát
@vcunat
Based on what I had read, I thought Subreg's DNS was up already long before I tested it.
titouwan
@titouwan
any one having issues with stats.frequent() reporting only 1 count for all entries ?
Vladimír Čunát
@vcunat
I don't.
Beware of
#define FREQUENT_PSAMPLE  10 /* Sampling rate, 1 in N */
titouwan
@titouwan
tried a script that does 1000 queries for the same domain and still the first of the list is something irrelevant and all entries have [count] => 1
Petr Špaček
@pspacek
@titouwan How many kresd instances are you running on the resolver machine?
titouwan
@titouwan
@pspacek i'm running 3, two for 53/udp+tcp, 1 for tls
Petr Špaček
@pspacek
Okay. Then I guess the traffic goes to the other instance and that's why you do not see it in stats. Connect to the other control socket and check it there.
titouwan
@titouwan
i thought of that but same on all sockets
and I tried to run only one instance
matrixbot
@matrixbot
tkrizek Could you do a quick check that you're indeed sending the queries to kresd? E.g. configure it to REFUSE all queries and verify your scripts receives REFUSE rcodes? policy.add(policy.all(policy.REFUSE))
Vladimír Čunát
@vcunat
I usually debug such stuff in an interactive session in verbose mode. That way I can see logs from any queries coupled with a CLI allowing me to inspect the internals like stats.frequent().
(you get the session by simply running kresd -v ... manually in terminal)
titouwan
@titouwan
thanks, I'll try that
git-ed
@ookangzheng
How to tell knot-resolver dont return IPV6 local ip when a domain does not have IPv6 by default.
example: dig githubstatus.com AAAA
will return:
;; ANSWER SECTION:
githubstatus.com.    900    IN    AAAA    fe80::21b:aabb:b9c7:6c99
githubstatus.com.    900    IN    AAAA    fe80::21b:aabb:b9c7:6d99
githubstatus.com.    900    IN    AAAA    fe80::21b:aabb:b9c7:6e99
githubstatus.com.    900    IN    AAAA    fe80::21b:aabb:b9c7:6f99

;; AUTHORITY SECTION:
githubstatus.com.    900    IN    SOA    ns-1330.awsdns-38.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
Vladimír Čunát
@vcunat
Eh, who would put fe80 addresses into DNS? (I can't see such nonsense records from my point of view.)
matrixbot
@matrixbot
tkrizek What's your configuration? I see NOERROR with 0 answers, not any IPv6 local IPs
Vladimír Čunát
@vcunat
Still, our rebinding module does filter the fe80 prefix...
(it's just not enabled by default)
git-ed
@ookangzheng
maybe it is my fault? missconfig?