Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Mar 27 17:20
    Libor Peltan opened merge request #1112 Dnssec validation in Knot DNS
  • Mar 27 17:19
    GitLab | Libor Peltan pushed 2 commits to Knot DNS
  • Mar 27 17:09
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Mar 27 11:54
    GitLab | Libor Peltan pushed 20 commits to Knot DNS
  • Mar 27 10:59
    GitLab | Libor Peltan pushed 3 commits to Knot DNS
  • Mar 26 16:00
    Libor Peltan opened merge request #1111 implemented zone data backup in Knot DNS
  • Mar 26 16:00
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Mar 26 15:06
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Mar 26 13:36
    GitLab | Vladimír Čunát pushed 1 commits to Knot DNS
  • Mar 26 10:12
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Mar 25 18:14
    GitLab | Daniel Salzman pushed 3 commits to Knot DNS
  • Mar 25 17:50
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Mar 25 17:46
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Mar 25 17:03
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Mar 25 16:52
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Mar 25 15:03
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Mar 25 13:57
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Mar 25 12:35
    GitLab | Libor Peltan pushed 2 commits to Knot DNS
  • Mar 25 12:20
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Mar 24 20:56
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
bleve
@bleve
@salzmdan I really think default for tcp-io-timeout is too low :(
Daniel Salzman
@salzmdan
I understand your opinion, but you are influenced by your use case only.Probably you don't know how vulnerable TCP is :-)
There is no universal value for master servers. I can set the default to 500 ms. It will solve just your problem and will affect all other slave servers, which don't need it...
On the other hand, there is no significant difference between 200 and 500.
Micah
@micah_gitlab
I just noticed that I stumbled into the @bleve conversation about tcp timeouts with my tcp timeout problem :D
Daniel Salzman
@salzmdan
Yes :-D
Micah
@micah_gitlab
I swear I'm not a sock puppet account for @bleve :D
Jonathan Foote
@footePGH_twitter
Hi all. It looks like the oss-fuzz integration build broke due to gnutls requiring libev4: https://oss-fuzz-build-logs.storage.googleapis.com/log-8c57a29d-aecc-4537-9964-28f39ff6104e.txt
Step #4: configure: error: ***
Step #4: *** libev4 was not found.
I think this patch to the oss-fuzz integration will fix it
$ git diff
diff --git a/projects/knot-dns/Dockerfile b/projects/knot-dns/Dockerfile
index 22b1039..4977181 100644
--- a/projects/knot-dns/Dockerfile
+++ b/projects/knot-dns/Dockerfile
@@ -28,7 +28,9 @@ RUN apt-get update && apt-get install -y \
  make \
  pkg-config \
  texinfo \
- wget
+ wget \
+ libev4 \
+ libev-dev

 ENV GNULIB_TOOL $SRC/gnulib/gnulib-tool
 RUN git clone git://git.savannah.gnu.org/gnulib.git
I can submit a PR to oss-fuzz to fix it -- just wanted to run it past this group
Jonathan Foote
@footePGH_twitter
https://github.com/google/oss-fuzz/compare/master...jfoote:master
PR is here: google/oss-fuzz#3199
Daniel Salzman
@salzmdan
@footePGH_twitter Thank you! :thumbsup:
azzamsa
@azzamsa
I never know and never find the link to this gitter channel but today. I also don't find it in knot docs.
all my problem for 3 months in google search just linked me to the docs and mailing list.
Daniel Salzman
@salzmdan
But it's on the project web page https://www.knot-dns.cz/development/ :-)
azzamsa
@azzamsa
Oh, I missed that :). which one do you recommend for asking issue, gitter or mailing-list?
Daniel Salzman
@salzmdan
I think gitter is better for simple questions
azzamsa
@azzamsa
Thank you. I really appreciate for all your hard work for knot and other knot teams. I love that it provides the socket via python, so that I can corporate with our project https://github.com/BiznetGIO/RESTKnot
Daniel Salzman
@salzmdan
Interesting! Thanks for the link :-)
azzamsa
@azzamsa
:-), I never thought my question in mailing-list/issues would be replied that fast considering this type of project. Turns out it so fast so that I don't have to wait too long to solve my problem :))
Daniel Salzman
@salzmdan
It's because of Knot DNS is so fast ;-)
azzamsa
@azzamsa
Thank you so much for knot teams! :-))
muellert
@muellert

I am trying to add the nic.cz archive to my system, but on import of the gpg key, I get this message:

gpg --recv-keys 8A0EFB02C84B1E9B

gpg: key 8A0EFB02C84B1E9B: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1

Daniel Salzman
@salzmdan
Try a different keyserver gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0x8A0EFB02C84B1E9B
muellert
@muellert
Knot does not seem to open a socket.
As a result, I can't send it any queries. It claims "warning: no zones loaded", which is driving me mad. Initially, it loaded zones very well, and "knotc conf-check" says the configuration is valid.
muellert
@muellert
On a different machine with the same OS and the same configuration, exept for the "listen" statement, works without any problems.
That it doesn't open any socket, I have verified with 'ss'.
Daniel Salzman
@salzmdan
It's difficult to help if you don't provide any logs, configuration, or other details. In general, Knot DNS doesn't require zones configured.
muellert
@muellert

Granted.

Config:

server:
    identity: "my-nameserver"
    nsid: "my-nameserver"
    rundir: "/run/knot"
    user: knot:knot
    listen: [ 0.0.0.0@53 ]

log:
  - target: syslog
    any: info

remote:
  - id: slave0
    address: 1.2.3.4
  - id: slave1
    address: 2.3.4.5

acl:
  - id: acl_master
    address: [ 1.2.3.4, 2.3.4.5, ... ]
    action: transfer

template:
  - id: default
    semantic-checks: on
    storage: "/var/lib/knot/data"
    file: "%s.zone"
    acl: acl_master
    zonefile-sync: -1
    zonefile-load: difference
    journal-content: changes

zone:

   - domain: example.com
   - domain: example.net
   - ...

Logs:


systemd[1]: Starting Knot DNS server...
knotc[18493]: Configuration is valid
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-cookies', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-dnsproxy', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-dnstap', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-geoip', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-noudp', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-onlinesign', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-queryacl', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-rrl', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-stats', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-synthrecord', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-whoami', loaded static
knotd[18495]: 2020-02-03T23:55:32 info: Knot DNS 2.9.2 starting
knotd[18495]: 2020-02-03T23:55:32 info: loaded configuration database '/var/lib/knot/confdb'
knotd[18495]: 2020-02-03T23:55:32 info: using reuseport for UDP
knotd[18495]: 2020-02-03T23:55:32 info: loading 0 zones
knotd[18495]: 2020-02-03T23:55:32 warning: no zones loaded
knotd[18495]: 2020-02-03T23:55:32 info: starting server
knotd[18495]: 2020-02-03T23:55:32 info: server started in the foreground, PID 18495
systemd[1]: Started Knot DNS server.
knotd[18495]: 2020-02-03T23:55:32 info: control, binding to '/run/knot/knot.sock'

At this point, no TCP or UDP socket is open.

muellert
@muellert
Knot does not seem to do anything after that, unless being instructed via knotc - but it does not open a socket, possibly unless it can find at least one zone to serve. Also, 'knotc zone-reload <zone>' seems to be a noop. Oh... knot actually ignores my entire configuration. But why?
Daniel Salzman
@salzmdan
This line is important info: loaded configuration database '/var/lib/knot/confdb' ! The server uses configuration database, which is probably empty.
So remove the directory and the configuration file should be used instead.
muellert
@muellert
I tried this, too, but then knot complained about not having a config database.
But let me try again.
Daniel Salzman
@salzmdan
How do you start the server?
muellert
@muellert
systemd
I am now running the Debian package from OpenSuse.
I have moved the config dir out of the way, and restarted knot. Now it returns SERVFAIL again, but at least, it opens a socket.
Daniel Salzman
@salzmdan
Can you see info: loaded configuration file '/etc/knot/knot.conf'?
Or share the logs again please
muellert
@muellert
No. Now the daemon log looks like this:

systemd[1]: Starting Knot DNS server...
knotc[5179]: Configuration is valid
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-cookies', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-dnsproxy', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-dnstap', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-geoip', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-noudp', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-onlinesign', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-queryacl', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-rrl', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-stats', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-synthrecord', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-whoami', loaded static
systemd[1]: Started Knot DNS server.
(I clipped the initial timestamp and hostname.)
Daniel Salzman
@salzmdan
It's not enough. What about journalctl -u knot ?
We are looking for some logs about zones...
muellert
@muellert

systemd[1]: Starting Knot DNS server...
knotc[3757]: Configuration is valid
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-cookies', loaded static                         
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-dnsproxy', loaded static                        
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-dnstap', loaded static                          
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-geoip', loaded static                           
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-noudp', loaded static                           
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-onlinesign', loaded static                      
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-queryacl', loaded static                        
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-rrl', loaded static                             
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-stats', loaded static                           
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-synthrecord', loaded static                     
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-whoami', loaded static                          
knotd[3758]: 2020-02-04T19:58:23 info: Knot DNS 2.9.2 starting                                      
knotd[3758]: 2020-02-04T19:58:23 info: loaded configuration database '/var/lib/knot/confdb'         
knotd[3758]: 2020-02-04T19:58:23 info: using reuseport for UDP                                      
knotd[3758]: 2020-02-04T19:58:23 info: binding to interface 0.0.0.0@53                              
knotd[3758]: 2020-02-04T19:58:23 info: binding to interface ::@53                                   
knotd[3758]: 2020-02-04T19:58:23 info: loading 1 zones                                              
knotd[3758]: 2020-02-04T19:58:23 info: [my-zone.local.] zone will be loaded                        
knotd[3758]: 2020-02-04T19:58:23 info: starting server                                              
knotd[3758]: error: [my-zone.local.] failed to parse zone file (not exists)                        
knotd[3758]: 2020-02-04T19:58:23 error: [my-zone.local.] failed to parse zone file (not exists)    
knotd[3758]: error: [my-zone.local.] zone event 'load' failed (not exists)                         

# ls -l /var/lib/knot/confdb
/bin/ls: cannot access '/var/lib/knot/confdb': No such file or directory
This my-zone.local was something I tried to add via knotc, but it doesn't exist.
The config database it is allegedly trying to load, also does not exist, as indicated by the ls command, and since the zone does not exist, trying to knotc zone-purge does not work, either, with or without -f.
Honestly, I am running out of ideas. Since I "deleted" the config database, and the timers database, too, knot should not know about that ephemeral zone I tried to add from the command line, but stopping and starting knot still results in knot thinking it should load that zone. I have no idea why this is so.
Daniel Salzman
@salzmdan
It's really strange. Where did you get the package?