Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 08:45
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • 08:08
    GitLab | David Vasek pushed 1 commits to Knot DNS
  • Nov 14 15:05
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Nov 13 18:29
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Nov 13 17:51
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Nov 13 17:51
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Nov 13 11:10
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Nov 13 11:10
    GitLab | Libor Peltan pushed to Knot DNS
  • Nov 13 11:10
    Daniel Salzman merged merge request #1090 DS push: fix removing DS rrset in Knot DNS
  • Nov 13 11:10
    Daniel Salzman closed issue #661 ds-push does not replace the DS RRset on parent in Knot DNS
  • Nov 12 15:48
    JP Mens opened issue #661 ds-push does not replace the DS RRset on parent in Knot DNS
  • Nov 12 14:54
    Libor Peltan opened merge request #1090 DS push: fix removing DS rrset in Knot DNS
  • Nov 12 14:54
    GitLab | Libor Peltan pushed 1 commits to Knot DNS
  • Nov 12 14:15
    GitLab | Jan Hák pushed 1 commits to Knot DNS
  • Nov 12 13:38
    GitLab | Jan Hák pushed 1 commits to Knot DNS
  • Nov 12 13:15
    GitLab | Jan Hák pushed 2 commits to Knot DNS
  • Nov 12 12:17
    GitLab | Jan Hák pushed 1 commits to Knot DNS
  • Nov 11 20:50
    GitLab | Daniel Salzman pushed 1 commits to Knot DNS
  • Nov 11 20:50
    GitLab | Daniel Salzman pushed 2 commits to Knot DNS
  • Nov 11 19:11
    Daniel Salzman closed issue #660 ERROR: IDNA (string start/ends with forbidden hyphen) in Knot DNS
bleve
@bleve
Very true.
And I'm not saying slave should be busy looping with xfr
I'm just saying that not able to load zone should cause refetch.
Daniel Salzman
@salzmdan
Zone refresh should be scheduled anyway. We will reconsider that again. I just wanted to explain you that it's fragile. A fix for your case can be an issue for somebody else :-)
bleve
@bleve
Of course.
Daniel Salzman
@salzmdan
@bleve Anyway, thank you for your reporting ;-)
bleve
@bleve
@salzmdan my pleasure - I really hope more success for knot-dns - I really like how it works.
Daniel Salzman
@salzmdan
:+1:
bleve
@bleve
I'm now 90% dnssec :)
Daniel Salzman
@salzmdan
:chart_with_upwards_trend: :100:
bleve
@bleve
Well - if only I could get isps sign their reverse dns zones :)
bleve
@bleve
@salzmdan I did hit the issue with one domain again. Is there patch to try for 2.9.0?
Daniel Salzman
@salzmdan
Try out 2.9 branch. There are more patches there and it's almost finished 2.9.1
bleve
@bleve
Is the problem only in memory or should I retransfer all zones?
Daniel Salzman
@salzmdan
It should be in memory only. Please, try it first to see if our theory is correct.
bleve
@bleve
Ok. building package from 2.9.0
and patch from v2.9.0..
Daniel Salzman
@salzmdan
patch?
bleve
@bleve
rpm.
tarball + patch from git :)
Daniel Salzman
@salzmdan
Ok :-)
bleve
@bleve
Problem seem to happen after dyndns update
This time it was letsencrypt dns verification which broke
Daniel Salzman
@salzmdan
Really? Do you have any details? (dnsviz)
bleve
@bleve
Nope - I was too tired - it broke at 1 last night :)
I just retransferred zone to slaves and tried again and it worked
Daniel Salzman
@salzmdan
Ah, I thought it's fresh experience with 2.9
bleve
@bleve
fresh and fresh :)
10 hours ago.
Kristian Klausen
@klausenbusk
Is there any plans to support RFC8482?
I know I can use disable-any to disable ANY over UDP
Daniel Salzman
@salzmdan
No plan yet. But we could implement it. Which option do you like the most (https://tools.ietf.org/html/rfc8482#section-4)? I don't like any of them :-)
Kristian Klausen
@klausenbusk
bleve
@bleve
@salzmdan I'd second that RFC8482 request, and I agree with about section 4.2
Thank you again for your great work, building 2.9.1
Daniel Salzman
@salzmdan
You are welcome. I hope all reported issues are fixed.
bleve
@bleve
And 2.9.1 in production
bleve
@bleve
Hmh. Fix for ds-push in git, is that already tested?
Hmh. not in 2.9 branch
bleve
@bleve
Patch looks ok for me, adding to 2.9.1 production version.
Kristian Klausen
@klausenbusk

How do you guys track changes in the zone? I have the zonefile in Git and the following in knot.conf

    zonefile-sync: -1
    zonefile-load: difference-no-serial

But is there a better way?

Daniel Salzman
@salzmdan
In this case, the zone file is compared against current zone in the memory when the zone/server is reloaded. It's obvious that it cannot work when starting server. More robust configuration is with journal-content: all, when the zone contents are stored in the journal for comparison.
Kristian Klausen
@klausenbusk
What do you mean with: " It's obvious that it cannot work when starting server.". Knot start without any issues?
libor-peltan-cznic
@libor-peltan-cznic
When you have journal-content: changes (or none), zonefile-sync: -1 and zonefile-load: difference-no-serial, and you shut down the server and perform "cold start", it will always end up with the zone having the serial of the zonefile, which might be lower than before the server shut down.
As a consequence, slave servers will ignore new state of the zone, considering master being "outdated".
Kristian Klausen
@klausenbusk
@libor-peltan-cznic That not the behavior I'm seeing. After a "cold start" the SOA is correct adjusted. The zone file currently has a serial of 2019101400 and it is automatic adjusted. [foobar.tld.] zone file parsed, serial corrected 2019101400 -> 2019101430
I assume the SOA increase is in logged in the journal due to journal-content: changes as it is a change.
libor-peltan-cznic
@libor-peltan-cznic
Please check with kjournalprint -d path/to/your/journal foobar.tld., if the journal really contains only changes.
Kristian Klausen
@klausenbusk
2019101430 -> 2019101431  ---: 1      +++: 83     size: 7966     RRSIG NSEC DNSKEY
---------------------------------------------
2019101400 -> 2019101401  ---: 1      +++: 80     size: 7692     DNSKEY NSEC RRSIG
2019101401 -> 2019101402  ---: 56      +++: 112     size: 17848     RRSIG DNSKEY
2019101402 -> 2019101403  ---: 110      +++: 110     size: 23082     RRSIG
2019101403 -> 2019101404  ---: 111      +++: 111     size: 23266     DNSKEY RRSIG
2019101404 -> 2019101405  ---: 111      +++: 110     size: 23174     DNSKEY RRSIG
2019101405 -> 2019101406  ---: 56      +++: 2     size: 6336     RRSIG
2019101406 -> 2019101407  ---: 4      +++: 3     size: 682     DNSKEY RRSIG
2019101407 -> 2019101408  ---: 4      +++: 8     size: 1054     NSEC RRSIG TXT
2019101408 -> 2019101409  ---: 8      +++: 4     size: 1054     NSEC RRSIG TXT
2019101409 -> 2019101410  ---: 4      +++: 8     size: 1054     NSEC RRSIG TXT
2019101410 -> 2019101411  ---: 8      +++: 4     size: 1054     NSEC RRSIG TXT
2019101411 -> 2019101412  ---: 4      +++: 8     size: 1094     NSEC RRSIG TXT
2019101412 -> 2019101413  ---: 3      +++: 4     size: 742     RRSIG TXT
2019101413 -> 2019101414  ---: 4      +++: 3     size: 742     RRSIG TXT
2019101414 -> 2019101415  ---: 8      +++: 4     size: 1094     NSEC RRSIG TXT
2019101415 -> 2019101416  ---: 54      +++: 54     size: 11882     RRSIG
2019101416 -> 2019101417  ---: 3      +++: 3     size: 590     RRSIG
2019101417 -> 2019101418  ---: 3      +++: 3     size: 590     RRSIG
2019101418 -> 2019101419  ---: 3      +++: 4     size: 682     RRSIG DNSKEY
2019101419 -> 2019101420  ---: 4      +++: 11     size: 1353     NSEC RRSIG CDNSKEY CDS
2019101420 -> 2019101421  ---: 10      +++: 4     size: 1253     CDNSKEY CDS NSEC RRSIG
2019101421 -> 2019101422  ---: 3      +++: 2     size: 490     RRSIG
2019101422 -> 2019101423  ---: 4      +++: 3     size: 682     DNSKEY RRSIG
2019101423 -> 2019101424  ---: 54      +++: 54     size: 11882     RRSIG
2019101424 -> 2019101425  ---: 3      +++: 3     size: 590     RRSIG
2019101425 -> 2019101426  ---: 3      +++: 3     size: 590     RRSIG
2019101426 -> 2019101427  ---: 54      +++: 54     size: 11882     RRSIG
2019101427 -> 2019101428  ---: 3      +++: 3     size: 590     RRSIG
2019101428 -> 2019101429  ---: 3      +++: 3     size: 590     RRSIG
2019101429 -> 2019101431  ---: 4      +++: 8     size: 1054     RRSIG NSEC A
Occupied this zone (approx): 160 KiB
Occupied all zones together: 184 KiB
libor-peltan-cznic
@libor-peltan-cznic
Hm, let us check this please, later...