by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 13:03
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • 11:32
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Jul 09 19:27
    GitLab | Daniel Salzman pushed 22 commits to Knot DNS
  • Jul 09 14:55
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Jul 08 13:34
    GitLab | Libor Peltan pushed 2 commits to Knot DNS
  • Jul 08 13:34
    GitLab | David Vasek pushed to Knot DNS
  • Jul 08 13:34
    Libor Peltan merged merge request #1151 zone: improved logging when master is not usable in Knot DNS
  • Jul 08 13:14
    David Vasek opened merge request #1151 zone: improved logging when master is not usable in Knot DNS
  • Jul 08 13:13
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Jul 08 13:07
    GitLab | David Vasek pushed 3 commits to Knot DNS
  • Jul 08 12:05
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Jul 08 12:04
    GitLab | David Vasek pushed 2 commits to Knot DNS
  • Jul 08 11:54
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Jul 07 07:58
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Jul 06 17:19
    Daniel Salzman commented on issue #681 MDB_READERS_FULL: Environment maxreaders limit reached in Knot DNS
  • Jul 06 17:19
    Daniel Salzman closed issue #681 MDB_READERS_FULL: Environment maxreaders limit reached in Knot DNS
  • Jul 02 11:12
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Jul 02 10:51
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Jul 02 10:31
    GitLab | Daniel Salzman pushed to Knot DNS
  • Jul 02 10:31
    Daniel Salzman merged merge request #1147 DoH kdig in Knot DNS
muellert
@muellert
The config database it is allegedly trying to load, also does not exist, as indicated by the ls command, and since the zone does not exist, trying to knotc zone-purge does not work, either, with or without -f.
Honestly, I am running out of ideas. Since I "deleted" the config database, and the timers database, too, knot should not know about that ephemeral zone I tried to add from the command line, but stopping and starting knot still results in knot thinking it should load that zone. I have no idea why this is so.
Daniel Salzman
@salzmdan
It's really strange. Where did you get the package?
muellert
@muellert
I got this package from OpenSuse. This is listed somewhere in the download section on the Knot homepage. Before that, I was running the official Debian package, which would be 2.7.6. I only changed because I thought there might have been a bugfix in the meantime, but it hasn't. Here's the archive link for apt:
deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-dns-latest/Debian_10/ /
And while I'm at it, trying to import the GPG key from this page: https://www.knot-dns.cz/download/ fails with "No ID" or so.
Daniel Salzman
@salzmdan
Try a different keyserver gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0x8A0EFB02C84B1E9B
Didn't help?
muellert
@muellert
That works. It would be great if that key were available on the other keyservers (MIT etc.) as well.
Do you think I should use a different package? Maybe downgrade to the official Debian package again?
Daniel Salzman
@salzmdan
The official Debian package is recommended. But I don't think it helps now since both repositories use the same package sources
muellert
@muellert
I mean, from my POV, the error behaviour seems to be quite the same. While trying to feed my config to knotd line by line via knotc, I also noted that the documentation is not clear on what can and cannot go into the server.nsid and server.identity fields, or how to specify these on the command line, because I got only strange error messages.
Maybe knot didn't load the config because of that, despite saying that the config is valid.
In reality, I have a FQDN in both fields.
Daniel Salzman
@salzmdan
Do you have any example?
muellert
@muellert
Yes. Without revealing the real (and existing) domain name, I have
server:
    identity: "dns.example.com"
    nsid: "dns.example.com"
Trying this on the command line:
# knotc conf-set 'server[identity]: "dns.example.com"'
error: (unexpected token) : "dns.example.com"
# knotc conf-set 'server.identity: "dns.example.com"'
error: (invalid item) server.identity: "dns.example.com"
Daniel Salzman
@salzmdan
Ah, ok, you have to remove the colon
muellert
@muellert
I tried that as well:
# knotc conf-set 'server.identity "dns.example.com"'
error: (invalid item) server.identity "dns.example.com"
# knotc conf-set 'server[identity] "dns.example.com"'
error: (unexpected token)  "dns.example.com"
Daniel Salzman
@salzmdan
muellert
@muellert
Ok... my bad. :( I think I was too stressed when I tried.
But it doesn't solve any of the "ghost database" and config file ignore problems.
Daniel Salzman
@salzmdan
Let's try it again: stop/kill all running knotd instances, remove the configuration database, and start the server again.
Also check if the server was started with some parameters (-C, -c) ps | grep knotd
muellert
@muellert
# cat /etc/default/knot 
KNOTD_ARGS="-v"
Daniel Salzman
@salzmdan
This one is harmless
muellert
@muellert
# systemctl start knot
# ps auwwx|grep knot
knot      5945  0.0  1.9 567872 19944 ?        Ssl  21:28   0:00 /usr/sbin/knotd -v
Daniel Salzman
@salzmdan
ok, and the logs?
If there was no config DB during the server start, it should use the config file
muellert
@muellert
It says loaded configuration database '/var/lib/knot/confdb', which doesn't exist, also complains about the non-existing zone, and error: failed to load configuration file '/etc/knot/knot.conf' (invalid indentation) I'm trying to track this down, but can't see at the moment what should be wrong (it's a YAML file, isn't it?).
Before any of that, I ran knotc zone-check on all zones, and didn't get any errors.
Daniel Salzman
@salzmdan
Maybe, it checked the configuration database. Try knotc -c /etc/knot/knot.conf conf-check
Yes, it's "YAML". You could try some online checkers. http://www.yamllint.com/
muellert
@muellert
Ok, found it. Your command also says that the (wrong?) config is valid, but the problem was that most of the file has an indent of 2, while the server section had an indent of 4.
Making the server section also have an indent of 2 made knot import the file. But I'd say knotc should have complained already.
Because knotc is run as part of the systemd unit file during startup.
Daniel Salzman
@salzmdan
The indentation can be different across sections, but must be consistent within a section
muellert
@muellert
It was consistent within each section.
I also thought it could be different on a per-section basis, yet this was the change that made it work.
Daniel Salzman
@salzmdan
So, it works now?
muellert
@muellert
No. Something else is wrong. Suddenly, the server refuses all queries, despite having loaded the zones and the socket being open.
Oh.. my mistake: "No zones loaded"
Daniel Salzman
@salzmdan
Btw, could you share an anonymized snippet of the broken config file? I would investigate that.
muellert
@muellert
ok... it does need the zone: section
Daniel Salzman
@salzmdan
if you want to configure zones :-)
muellert
@muellert
It is really the thing I mentioned in the beginning.
I (mis-) understood you to mean that if I don't have a config database, it would load all zone files matching the template specs automatically.
Do you have a GPG key, besides the one for code signing?
Daniel Salzman
@salzmdan
Ah, no, the server loads explicitly configured zones only.
Yes, see https://www.knot-dns.cz/development/
muellert
@muellert
I'll then send you something via email.
Daniel Salzman
@salzmdan
Ok. It's to late here. Will continue tomorrow.