by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 06:29
    Libor Peltan opened merge request #1162 doc: additional hints for Offline KSK operation in Knot DNS
  • 06:28
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Aug 03 14:51
    GitLab | Daniel Salzman pushed 7 commits to Knot DNS
  • Aug 03 14:51
    GitLab | Libor Peltan pushed to Knot DNS
  • Aug 03 14:51
    Daniel Salzman merged merge request #1112 Dnssec validation in Knot DNS
  • Aug 03 14:37
    GitLab | Daniel Salzman pushed 13 commits to Knot DNS
  • Aug 02 19:41
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Aug 02 18:05
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Aug 02 17:59
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Aug 01 21:41
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Aug 01 21:26
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Jul 31 20:45
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Jul 31 15:27
    GitLab | David Vasek pushed 10 commits to Knot DNS
  • Jul 31 14:08
    GitLab | David Vasek pushed 2 commits to Knot DNS
  • Jul 31 13:39
    GitLab | David Vasek pushed 3 commits to Knot DNS
  • Jul 31 08:26
    GitLab | David Vasek pushed 3 commits to Knot DNS
  • Jul 31 07:27
    GitLab | David Vasek pushed 6 commits to Knot DNS
  • Jul 30 14:39
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Jul 30 14:39
    GitLab | Libor Peltan pushed to Knot DNS
  • Jul 30 14:39
    Daniel Salzman merged merge request #1161 xdp gun: completely ignore different incomming traffic in Knot DNS
muellert
@muellert
But it doesn't solve any of the "ghost database" and config file ignore problems.
Daniel Salzman
@salzmdan
Let's try it again: stop/kill all running knotd instances, remove the configuration database, and start the server again.
Also check if the server was started with some parameters (-C, -c) ps | grep knotd
muellert
@muellert
# cat /etc/default/knot 
KNOTD_ARGS="-v"
Daniel Salzman
@salzmdan
This one is harmless
muellert
@muellert
# systemctl start knot
# ps auwwx|grep knot
knot      5945  0.0  1.9 567872 19944 ?        Ssl  21:28   0:00 /usr/sbin/knotd -v
Daniel Salzman
@salzmdan
ok, and the logs?
If there was no config DB during the server start, it should use the config file
muellert
@muellert
It says loaded configuration database '/var/lib/knot/confdb', which doesn't exist, also complains about the non-existing zone, and error: failed to load configuration file '/etc/knot/knot.conf' (invalid indentation) I'm trying to track this down, but can't see at the moment what should be wrong (it's a YAML file, isn't it?).
Before any of that, I ran knotc zone-check on all zones, and didn't get any errors.
Daniel Salzman
@salzmdan
Maybe, it checked the configuration database. Try knotc -c /etc/knot/knot.conf conf-check
Yes, it's "YAML". You could try some online checkers. http://www.yamllint.com/
muellert
@muellert
Ok, found it. Your command also says that the (wrong?) config is valid, but the problem was that most of the file has an indent of 2, while the server section had an indent of 4.
Making the server section also have an indent of 2 made knot import the file. But I'd say knotc should have complained already.
Because knotc is run as part of the systemd unit file during startup.
Daniel Salzman
@salzmdan
The indentation can be different across sections, but must be consistent within a section
muellert
@muellert
It was consistent within each section.
I also thought it could be different on a per-section basis, yet this was the change that made it work.
Daniel Salzman
@salzmdan
So, it works now?
muellert
@muellert
No. Something else is wrong. Suddenly, the server refuses all queries, despite having loaded the zones and the socket being open.
Oh.. my mistake: "No zones loaded"
Daniel Salzman
@salzmdan
Btw, could you share an anonymized snippet of the broken config file? I would investigate that.
muellert
@muellert
ok... it does need the zone: section
Daniel Salzman
@salzmdan
if you want to configure zones :-)
muellert
@muellert
It is really the thing I mentioned in the beginning.
I (mis-) understood you to mean that if I don't have a config database, it would load all zone files matching the template specs automatically.
Do you have a GPG key, besides the one for code signing?
Daniel Salzman
@salzmdan
Ah, no, the server loads explicitly configured zones only.
Yes, see https://www.knot-dns.cz/development/
muellert
@muellert
I'll then send you something via email.
Daniel Salzman
@salzmdan
Ok. It's to late here. Will continue tomorrow.
muellert
@muellert
No problem. This is "only" my standby nameserver. Thanks a bunch for your help so far!
Daniel Lublin
@quite
Hi! (this has probably been asked before) I seems like it would be useful to be able to reference a remote from an acl, to avoid duplicating addresses. Are you against that somehow? Should we generate our knot.conf's from templates anyway...?
Daniel Lublin
@quite
And another question, regarding knot's template. Does non-default templates inherit from the special default template?
Daniel Lublin
@quite
Regarding the default template, other templates does not seem to inherit it.
Daniel Salzman
@salzmdan
You are correct. Templates are exclusive. But you can override template settings in the zone section.
Daniel Salzman
@salzmdan
As for the remote from acl, I understand the idea but there are some slight differences between the items. Anyway, I will reconsider possible simplification.
Daniel Lublin
@quite
should i add an issue?
Daniel Salzman
@salzmdan
It's not necessary (I have my private TODO list :-) ). But if you wish
Daniel Lublin
@quite
ah just tid anyway :) heh there yes
Daniel Salzman
@salzmdan
:-)
Micah
@micah_gitlab
I'm at 2.9.1-1 and when I push out a zone file change, and I do /usr/sbin/knotc zone-reload, I'm told in the logs error: [myzone.] zone event 'load' failed (semantic check) but if I run knotc zone-check on the zone, I dont get any complaints
can I turn up debugging somehow to find out what the sematic check failure is?
I'm able to restart knotd (systemctl restart knotd) and it seems to load it fine. Interestingly, it does a DNSSEC signing before it tries to load it
Daniel Salzman
@salzmdan
This error doesn't necessary mean that the zone itself has errors. In this case it's rather about a problematic zone change during the reload. It depends also on the configuration and journal contents. Do you know how the zone file was modified?
However, I agree the log message lacks some information.
Micah
@micah_gitlab
@salzmdan what I can tell is that it doesn't transfer the new zone to the secondaries, and isn't loaded on the primary
@salzmdan i do know how the zone was modified, I did it myself. I've had issues with the journal in the past, and have had to remove it in order for things to work ok again.
Daniel Salzman
@salzmdan
Hm. I don't remember whether 2.9.2 fixes something that you already reported. Do you have more logs or other details? :-(
Micah
@micah_gitlab
@salzmdan i dont have any more logs than that... but I can replicate this by making a change/bumping the serial, so if there is something I can do to get more info I can easily repeat the problem
I also can install 2.9.2 and see if that fixes anything
Micah
@micah_gitlab
@salzmdan ok, I upgraded to 2.9.2, and when it starts it now says, "zone event 'load' failed (not enough memory)'