Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 24 18:53
    Libor Peltan closed merge request #1247 Draft: Catalog transfer in Knot DNS
  • Feb 24 18:48
    Libor Peltan opened merge request #1265 complete refactoring of catalog zones, little fixes/enh in Knot DNS
  • Feb 24 18:46
    GitLab | Libor Peltan pushed 12 commits to Knot DNS
  • Feb 24 18:22
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Feb 24 14:23
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Feb 24 11:31
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Feb 24 10:54
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Feb 24 07:48
    Daniel Salzman commented on issue #714 DNAME not applied more than once to resolve the query in Knot DNS
  • Feb 23 19:38
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Feb 23 17:05
    GitLab | Daniel Salzman pushed to Knot DNS
  • Feb 23 16:38
    GitLab | Daniel Salzman pushed to Knot DNS
  • Feb 23 16:33
    GitLab | Daniel Salzman pushed 4 commits to Knot DNS
  • Feb 23 16:33
    GitLab | Libor Peltan pushed to Knot DNS
  • Feb 23 16:33
    Daniel Salzman merged merge request #1263 kxdpgun: obtain routes from RTNETLINK instead popen(/sbin/ip) in Knot DNS
  • Feb 23 16:32
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Feb 23 16:17
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Feb 23 16:07
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Feb 23 15:36
    GitLab | Daniel Salzman pushed 3 commits to Knot DNS
  • Feb 23 14:37
    GitLab | David Vasek pushed 6 commits to Knot DNS
  • Feb 23 13:56
    GitLab | Daniel Salzman pushed 12 commits to Knot DNS
bleve
@bleve
Should https://gitlab.nic.cz/knot/knot-dns/-/issues/492 be closed?
Daniel Salzman
@salzmdan
Not yet
bleve
@bleve
Ok. so multiple ddns updates can still fail?
Daniel Salzman
@salzmdan
Yes, I think :-/
bleve
@bleve
Are you adding testcases when you fix these issues?
Daniel Salzman
@salzmdan
In most cases, yes
Unfortunately, this issue isn't priority at this moment
bleve
@bleve
I understand - I have never hit that issue.
bleve
@bleve
AFAIK.
bleve
@bleve
I'm doing ds algoritm rollover for one domain. When should knot publish CDS record?
DNSSEC, key, tag 62122, algorithm ECDSAP256SHA256, KSK, public, active+
is current state but it has already been for some time and still not CDS
Things go really slow with 72h propagation delay :)
bleve
@bleve
Hmh. If I understand this correctly this takes three times propagation delay.
libor-peltan-cznic
@libor-peltan-cznic
2*(propagation-delay + maxTTL)
bleve
@bleve
that has gone longtime ago.
still no cds or cdnskey published.
bleve
@bleve
This is my first algorithm rollover since 3.0
Hmh. ok. state doesn't show ready
It looks like there is no submission check at all.
libor-peltan-cznic
@libor-peltan-cznic
Could you share the output of keymgr list?
bleve
@bleve
Ok. So wait for tomorrow...
Felix Lechner
@felix.lechner_gitlab
Hi, how can I drop an NS record, please? Something like knotc zone-unset my -domain.com @ 300 ns a.server.netis not working. Thanks!
Daniel Salzman
@salzmdan
knotc zone-unset my-domain.com @ ns ?
If you mean all NS records in the zone apex
knotc zone-unset my-domain.com @ ns a.server.net for NS record with a.server.net rdata
(TTL isn't a parameter for unset)
Felix Lechner
@felix.lechner_gitlab
I forgot the dot. There is a dot at the end!
Daniel Salzman
@salzmdan
The trailing dot has an effect only for record owner name. Is it your case?
Felix Lechner
@felix.lechner_gitlab
I don't know what that means, but the name server being removed was in another zone.
Daniel Salzman
@salzmdan
Ok, the command has this structure zone-unset <zone> <owner> <type> <rdata>. And if there is no trailing dot at the <owner> it means <owner>.<zone>.
Felix Lechner
@felix.lechner_gitlab
@salzmdan Thanks!
Felix Lechner
@felix.lechner_gitlab
Hi, what does error: failed to control (connection reset) mean when trying to commit zone changes, please?
Daniel Salzman
@salzmdan
Probably the control client was terminated by the server due to server control timetout?
Felix Lechner
@felix.lechner_gitlab
@salzmdan Actually, it was a permissions problem. My setup in Debian stable will somehow not create an empty zone file with knotc zone-commit. Probably due to user: knot:knot for which I cannot remember the reason.
Daniel Salzman
@salzmdan
I hope the upcoming Knot package (3.0.4 in testing) with capabilities enabled fixes such issues.
Kristian Klausen
@klausenbusk

I'm using knot (3.0.4) with a input-only zone:

    zonefile-sync: -1
    zonefile-load: difference-no-serial
    journal-content: changes

... and I deploy zone changes with Ansible and restarting Knot.

I use dns.he.net and Hetzner as slaves, HE always seems to request a AXFR and Hetzner most of the time requests a IXFR.
The issue is, that Hetzner only seems to update the SOA record but not the other changed DNS records.

Is this a issue at Hetzner or could it be that Knot isn't recording the changes correctly due to my setup?

Daniel Salzman
@salzmdan
You should also set journal-content: all to avoid such issues
Kristian Klausen
@klausenbusk
I just tested with kdig @127.0.0.1 domain.tld IXFR=<old serial> and the changes is indeed missing. I will try journal-content: all
Kristian Klausen
@klausenbusk
It seems to work perfectly, thanks! :)
Daniel Salzman
@salzmdan
Of course, it's Knot DNS :-D
Kristian Klausen
@klausenbusk
Hmm, dnskey-ttl doesn't seems to match SOA TTL in my case. SOA TTL is 600 but 3600 is used for the DNSKEY records?
Daniel Salzman
@salzmdan
@klausenbusk are you sure dnskey-ttl: 3600 isn't configured?
Kristian Klausen
@klausenbusk
I am, which is why I'm confused.
Perhaps I misread the documentation .. hmm
Daniel Salzman
@salzmdan
I have tested the automatics and it works. Just to be sure, do you have dnssec-signing enabled?
Kristian Klausen
@klausenbusk
So the TTL for the SOA record is 3600 but the SOA TTL is 600. I totally misunderstood the documentation :/ Sorry for the noise
Daniel Salzman
@salzmdan
Ok. Any idea how to better specify which TTL?
Kristian Klausen
@klausenbusk
I think I got confused by the fact that Wikipedia use "TTL, a.k.a. MINIMUM" for the last field. I hope you didn't waste too much time on this. Perhaps "zone SOA record TTL". I'm not sure how big of a issue it is, so perhaps it is fine as it is.
Daniel Salzman
@salzmdan
No problem. I just verified that there is no regression in Knot.