by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 16:02
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • 15:39
    GitLab | Daniel Salzman pushed 30 commits to Knot DNS
  • 14:11
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • 12:25
    GitLab | David Vasek pushed 39 commits to Knot DNS
  • 12:24
    GitLab | David Vasek pushed 33 commits to Knot DNS
  • 11:55
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • 11:55
    GitLab | Libor Peltan pushed to Knot DNS
  • 11:55
    Daniel Salzman merged merge request #1145 onlinesign: bugfix: dont promote NXDOMAIN to NOERROR if not signed in Knot DNS
  • 11:30
    Libor Peltan opened merge request #1145 onlinesign: bugfix: dont promote NXDOMAIN to NOERROR if not signed in Knot DNS
  • 11:30
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • 08:06
    GitLab | Daniel Salzman pushed 12 commits to Knot DNS
  • Jun 01 20:29
    GitLab | Libor Peltan pushed 14 commits to Knot DNS
  • Jun 01 20:29
    GitLab | David Vasek pushed to Knot DNS
  • Jun 01 20:29
    Libor Peltan merged merge request #1141 Tests extra updates in Knot DNS
  • Jun 01 14:59
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Jun 01 13:56
    GitLab | Libor Peltan pushed 226 commits to Knot DNS
  • Jun 01 07:37
    GitLab | Daniel Salzman pushed to Knot DNS
  • Jun 01 07:37
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • May 31 15:59
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • May 31 15:04
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
muellert
@muellert
That it doesn't open any socket, I have verified with 'ss'.
Daniel Salzman
@salzmdan
It's difficult to help if you don't provide any logs, configuration, or other details. In general, Knot DNS doesn't require zones configured.
muellert
@muellert

Granted.

Config:

server:
    identity: "my-nameserver"
    nsid: "my-nameserver"
    rundir: "/run/knot"
    user: knot:knot
    listen: [ 0.0.0.0@53 ]

log:
  - target: syslog
    any: info

remote:
  - id: slave0
    address: 1.2.3.4
  - id: slave1
    address: 2.3.4.5

acl:
  - id: acl_master
    address: [ 1.2.3.4, 2.3.4.5, ... ]
    action: transfer

template:
  - id: default
    semantic-checks: on
    storage: "/var/lib/knot/data"
    file: "%s.zone"
    acl: acl_master
    zonefile-sync: -1
    zonefile-load: difference
    journal-content: changes

zone:

   - domain: example.com
   - domain: example.net
   - ...

Logs:


systemd[1]: Starting Knot DNS server...
knotc[18493]: Configuration is valid
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-cookies', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-dnsproxy', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-dnstap', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-geoip', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-noudp', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-onlinesign', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-queryacl', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-rrl', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-stats', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-synthrecord', loaded static
knotd[18495]: 2020-02-03T23:55:32 debug: module 'mod-whoami', loaded static
knotd[18495]: 2020-02-03T23:55:32 info: Knot DNS 2.9.2 starting
knotd[18495]: 2020-02-03T23:55:32 info: loaded configuration database '/var/lib/knot/confdb'
knotd[18495]: 2020-02-03T23:55:32 info: using reuseport for UDP
knotd[18495]: 2020-02-03T23:55:32 info: loading 0 zones
knotd[18495]: 2020-02-03T23:55:32 warning: no zones loaded
knotd[18495]: 2020-02-03T23:55:32 info: starting server
knotd[18495]: 2020-02-03T23:55:32 info: server started in the foreground, PID 18495
systemd[1]: Started Knot DNS server.
knotd[18495]: 2020-02-03T23:55:32 info: control, binding to '/run/knot/knot.sock'

At this point, no TCP or UDP socket is open.

muellert
@muellert
Knot does not seem to do anything after that, unless being instructed via knotc - but it does not open a socket, possibly unless it can find at least one zone to serve. Also, 'knotc zone-reload <zone>' seems to be a noop. Oh... knot actually ignores my entire configuration. But why?
Daniel Salzman
@salzmdan
This line is important info: loaded configuration database '/var/lib/knot/confdb' ! The server uses configuration database, which is probably empty.
So remove the directory and the configuration file should be used instead.
muellert
@muellert
I tried this, too, but then knot complained about not having a config database.
But let me try again.
Daniel Salzman
@salzmdan
How do you start the server?
muellert
@muellert
systemd
I am now running the Debian package from OpenSuse.
I have moved the config dir out of the way, and restarted knot. Now it returns SERVFAIL again, but at least, it opens a socket.
Daniel Salzman
@salzmdan
Can you see info: loaded configuration file '/etc/knot/knot.conf'?
Or share the logs again please
muellert
@muellert
No. Now the daemon log looks like this:

systemd[1]: Starting Knot DNS server...
knotc[5179]: Configuration is valid
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-cookies', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-dnsproxy', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-dnstap', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-geoip', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-noudp', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-onlinesign', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-queryacl', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-rrl', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-stats', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-synthrecord', loaded static
knotd[5180]: 2020-02-04T20:51:19 debug: module 'mod-whoami', loaded static
systemd[1]: Started Knot DNS server.
(I clipped the initial timestamp and hostname.)
Daniel Salzman
@salzmdan
It's not enough. What about journalctl -u knot ?
We are looking for some logs about zones...
muellert
@muellert

systemd[1]: Starting Knot DNS server...
knotc[3757]: Configuration is valid
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-cookies', loaded static                         
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-dnsproxy', loaded static                        
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-dnstap', loaded static                          
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-geoip', loaded static                           
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-noudp', loaded static                           
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-onlinesign', loaded static                      
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-queryacl', loaded static                        
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-rrl', loaded static                             
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-stats', loaded static                           
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-synthrecord', loaded static                     
knotd[3758]: 2020-02-04T19:58:23 debug: module 'mod-whoami', loaded static                          
knotd[3758]: 2020-02-04T19:58:23 info: Knot DNS 2.9.2 starting                                      
knotd[3758]: 2020-02-04T19:58:23 info: loaded configuration database '/var/lib/knot/confdb'         
knotd[3758]: 2020-02-04T19:58:23 info: using reuseport for UDP                                      
knotd[3758]: 2020-02-04T19:58:23 info: binding to interface 0.0.0.0@53                              
knotd[3758]: 2020-02-04T19:58:23 info: binding to interface ::@53                                   
knotd[3758]: 2020-02-04T19:58:23 info: loading 1 zones                                              
knotd[3758]: 2020-02-04T19:58:23 info: [my-zone.local.] zone will be loaded                        
knotd[3758]: 2020-02-04T19:58:23 info: starting server                                              
knotd[3758]: error: [my-zone.local.] failed to parse zone file (not exists)                        
knotd[3758]: 2020-02-04T19:58:23 error: [my-zone.local.] failed to parse zone file (not exists)    
knotd[3758]: error: [my-zone.local.] zone event 'load' failed (not exists)                         

# ls -l /var/lib/knot/confdb
/bin/ls: cannot access '/var/lib/knot/confdb': No such file or directory
This my-zone.local was something I tried to add via knotc, but it doesn't exist.
The config database it is allegedly trying to load, also does not exist, as indicated by the ls command, and since the zone does not exist, trying to knotc zone-purge does not work, either, with or without -f.
Honestly, I am running out of ideas. Since I "deleted" the config database, and the timers database, too, knot should not know about that ephemeral zone I tried to add from the command line, but stopping and starting knot still results in knot thinking it should load that zone. I have no idea why this is so.
Daniel Salzman
@salzmdan
It's really strange. Where did you get the package?
muellert
@muellert
I got this package from OpenSuse. This is listed somewhere in the download section on the Knot homepage. Before that, I was running the official Debian package, which would be 2.7.6. I only changed because I thought there might have been a bugfix in the meantime, but it hasn't. Here's the archive link for apt:
deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-dns-latest/Debian_10/ /
And while I'm at it, trying to import the GPG key from this page: https://www.knot-dns.cz/download/ fails with "No ID" or so.
Daniel Salzman
@salzmdan
Try a different keyserver gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0x8A0EFB02C84B1E9B
Didn't help?
muellert
@muellert
That works. It would be great if that key were available on the other keyservers (MIT etc.) as well.
Do you think I should use a different package? Maybe downgrade to the official Debian package again?
Daniel Salzman
@salzmdan
The official Debian package is recommended. But I don't think it helps now since both repositories use the same package sources
muellert
@muellert
I mean, from my POV, the error behaviour seems to be quite the same. While trying to feed my config to knotd line by line via knotc, I also noted that the documentation is not clear on what can and cannot go into the server.nsid and server.identity fields, or how to specify these on the command line, because I got only strange error messages.
Maybe knot didn't load the config because of that, despite saying that the config is valid.
In reality, I have a FQDN in both fields.
Daniel Salzman
@salzmdan
Do you have any example?
muellert
@muellert
Yes. Without revealing the real (and existing) domain name, I have
server:
    identity: "dns.example.com"
    nsid: "dns.example.com"
Trying this on the command line:
# knotc conf-set 'server[identity]: "dns.example.com"'
error: (unexpected token) : "dns.example.com"
# knotc conf-set 'server.identity: "dns.example.com"'
error: (invalid item) server.identity: "dns.example.com"
Daniel Salzman
@salzmdan
Ah, ok, you have to remove the colon
muellert
@muellert
I tried that as well:
# knotc conf-set 'server.identity "dns.example.com"'
error: (invalid item) server.identity "dns.example.com"
# knotc conf-set 'server[identity] "dns.example.com"'
error: (unexpected token)  "dns.example.com"
Daniel Salzman
@salzmdan
muellert
@muellert
Ok... my bad. :( I think I was too stressed when I tried.
But it doesn't solve any of the "ghost database" and config file ignore problems.
Daniel Salzman
@salzmdan
Let's try it again: stop/kill all running knotd instances, remove the configuration database, and start the server again.
Also check if the server was started with some parameters (-C, -c) ps | grep knotd
muellert
@muellert
# cat /etc/default/knot 
KNOTD_ARGS="-v"
Daniel Salzman
@salzmdan
This one is harmless
muellert
@muellert
# systemctl start knot
# ps auwwx|grep knot
knot      5945  0.0  1.9 567872 19944 ?        Ssl  21:28   0:00 /usr/sbin/knotd -v
Daniel Salzman
@salzmdan
ok, and the logs?
If there was no config DB during the server start, it should use the config file
muellert
@muellert
It says loaded configuration database '/var/lib/knot/confdb', which doesn't exist, also complains about the non-existing zone, and error: failed to load configuration file '/etc/knot/knot.conf' (invalid indentation) I'm trying to track this down, but can't see at the moment what should be wrong (it's a YAML file, isn't it?).
Before any of that, I ran knotc zone-check on all zones, and didn't get any errors.
Daniel Salzman
@salzmdan
Maybe, it checked the configuration database. Try knotc -c /etc/knot/knot.conf conf-check