Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 20 14:59
    GitLab | Libor Peltan pushed 6 commits to Knot DNS
  • Aug 20 12:32
    GitLab | David Vasek pushed 14 commits to Knot DNS
  • Aug 20 09:22
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Aug 20 09:22
    GitLab | Libor Peltan pushed to Knot DNS
  • Aug 20 09:22
    Daniel Salzman merged merge request #1045 dnssec: CSK rollovers: avoid double-signing zone... in Knot DNS
  • Aug 20 07:05
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Aug 19 15:19
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Aug 19 15:19
    GitLab | Libor Peltan pushed to Knot DNS
  • Aug 19 15:19
    Daniel Salzman merged merge request #1038 dnssec: implemented RRSIG pre-refresh to avoid freqent sign events in Knot DNS
  • Aug 19 15:12
    GitLab | Daniel Salzman pushed 53 commits to Knot DNS
  • Aug 19 13:00
    GitLab | Libor Peltan pushed 26 commits to Knot DNS
  • Aug 19 11:36
    GitLab | Daniel Salzman pushed 177 commits to Knot DNS
  • Aug 19 11:27
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Aug 19 08:23
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Aug 19 08:03
    Petr Špaček commented on issue #654 Support ESNI and/or HTTPSSVC Resource Record in Knot DNS
  • Aug 18 20:04
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Aug 18 20:00
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Aug 18 19:49
    Daniel Salzman commented on issue #653 Notify doesn't fail over to next remote if a REFUSED or NOTAUTH error is encountered in Knot DNS
  • Aug 18 19:45
    Tore Anderson commented on issue #653 Notify doesn't fail over to next remote if a REFUSED or NOTAUTH error is encountered in Knot DNS
  • Aug 18 19:08
    Daniel Salzman commented on issue #653 Notify doesn't fail over to next remote if a REFUSED or NOTAUTH error is encountered in Knot DNS
micah
@micah
should I do kjournalprint /var/lib/knot/journal $zone > zone.journal and then a copy of the zone file?
Daniel Salzman
@salzmdan
yes
micah
@micah
should I get that from the master, or a slave?
because they are quite different
Daniel Salzman
@salzmdan
If both are possible, it would be better :-)
bleve
@bleve
@micah did you run 2.8.0 before 2.8.1 ?
@salzmdan thank you for 2.8.2 - running it already
Daniel Salzman
@salzmdan
@bleve You are super fast :-)
It seems @micah has a different problem, which doesn't relate to TTL. Probably caused by confusion about more KSKs, ZSKs, and stuck key rollovers. Still not exactly sure what happened.
bleve
@bleve
I did btw super-simple cron monitor to list key rollovers
https://bleve.fi/knot-ksk-rollover-monitor
I tried the journal based moditor which is in documentation and it's not usable.
that's /etc/cron.d/knot-ksk-rollover-monitor in hidden master server.
Daniel Salzman
@salzmdan
Why it's not usable?
bleve
@bleve
have you used it?
because that notification will be in joural after rollover has happend, that monitor will continue to complain
journal.
so it will never stop complaining.
/usr/sbin/knotc zone-status continue to be in sync with reality.
so after rollover is done, there is no scheduled parent DS query any more.
Daniel Salzman
@salzmdan
Ah, ok. It was requested to keep history. Anyway, thanks for the feedback.
bleve
@bleve
so that simple cron monitor complains when there is DS update to handle but not after it's done.
And my technique works without systemd too :)
and it would be quite simple to do systemd timer for that.
if cron is too much legacy for systemd purists :)
Louis Sautier
@sbraz
@bleve those errors that you're running into, are they related to zsk or ksk rollovers?
i noticed that i'm not running 2.8 on my slaves, i hope i won't run into similar issues
bleve
@bleve
neither.
they were related to SOA ttl change
Louis Sautier
@sbraz
ah ok (sorry, i didn't read everything)
bleve
@bleve
and they were bug in 2.8.0
but fixing that requires cleaning journal on master and forcing axfr on slaves.
Daniel Salzman
@salzmdan
And the second issue is not a bug in key rollover. But somehow relates to outdated keys...
lostern
@lostern
Hi, I have some questions about extending Knot. I would like to add async handling for requests, and was wondering if the mempool is thread-local, or if not, if it is globally thread safe.
Daniel Salzman
@salzmdan
Every worker/thread (UDP and TCP) has its own memory pool.
Btw, what is your motivation for async request handling?
lostern
@lostern
I want to add a dnsproxy type of handling but using a bit more of the existing Knot machinery. On alias searches, the response won't be as quick, and I don't want to tie up the thread while waiting.
lostern
@lostern
Hi @salzmdan , a slightly more general question ... if I wanted to encapsulate changes in a nice module, I see how to create code under src/knot/modules/<newname> and set up configure.ac, etc., but I don't see how existing modules like cookies, dnsproxy, noudp, etc. are actually checked for and run during runtime. Is there documentation on how to do that? Ideally, I'd like to contribute back to the project, and toward that end I'm trying to make the lightest touch to code that is possible.
Let's take noudp for example. Could you describe how that module is invoked in tdb_request or udp_request, PROCESS_BEGIN, or what have you? I can't follow where the macros are expanded to activate the module code based on appropriate entries in the knot.conf file.
Daniel Salzman
@salzmdan
This is the crucial processing function https://gitlab.labs.nic.cz/knot/knot-dns/blob/master/src/knot/nameserver/process_query.c#L508
I'm sorry, I'm in a hurry today...
lostern
@lostern
@salzmdan Thanks, I was looking in that general area already. I think I see how the modules are hooked into a plan's steps. Is there any documentation on what has to be in a plan?
Daniel Salzman
@salzmdan
Unfortunately, there is no developer documentation for Knot DNS. You have to inspect the code/modules. It's not that complex.
SvenVD-be
@SvenVD-be
There seems to be something wrong with the rpm repos

Downloading packages:
http://download.opensuse.org/repositories/home%3A/CZ-NIC%3A/knot-dns-latest/CentOS_7_EPEL/x86_64/knot-libs-2.8.2-1.2.x86_64.rpm: [Errno 14] curl#52 - "Empty reply from server"
Trying other mirror.
http://download.opensuse.org/repositories/home%3A/CZ-NIC%3A/knot-dns-latest/CentOS_7_EPEL/x86_64/knot-2.8.2-1.2.x86_64.rpm: [Errno 14] curl#52 - "Empty reply from server"
Trying other mirror.
http://download.opensuse.org/repositories/home%3A/CZ-NIC%3A/knot-dns-latest/CentOS_7_EPEL/x86_64/knot-utils-2.8.2-1.2.x86_64.rpm: [Errno 14] curl#52 - "Empty reply from server"
Trying other mirror.

Error downloading packages:
knot-libs-2.8.2-1.2.x86_64: [Errno 256] No more mirrors to try.
knot-2.8.2-1.2.x86_64: [Errno 256] No more mirrors to try.
knot-utils-2.8.2-1.2.x86_64: [Errno 256] No more mirrors to try.

Daniel Salzman
@salzmdan
Still it doesn't work well :-( I hope OBS will be fixed soon.
Vladimír Čunát
@vcunat
I expect they've fixed it. This link now works for me.
SvenVD-be
@SvenVD-be
I confirm the rpm repos are back OK
Daniel Lublin
@quite
Is it possible to dump the journal of a zone? To see the diffs
Daniel Salzman
@salzmdan
Yes, check the kjournalprint utility.
Daniel Lublin
@quite
ah, great thx!
bleve
@bleve
Thank you for another release, 2.8.3 in production.