knot-dns-users

knot-dns-users@lists.nic.cz

3 participants
716 discussions

Warning - TCP ports binding in Knot DNS versions 3.0.0 and 3.0.1

by David Vasek

Hello Knot DNS users! We would like to inform you about a change in Knot DNS behaviour in versions 3.0.0 and 3.0.1. These two versions don't allow sharing of TCP ports between programs, including other knotd instances (SO_REUSEADDR isn't set). While this behaviour is better from point of view of security, the downside of it is that when restarting a knotd daemon, binding to a TCP port may fail after a restart if the restart is immediate. In such a case, an error is logged and Knot starts its operation on other configured ports only. To verify that all TCP ports have been bound successfully after Knot restart, please always check the log for possible errors. Such errors would be close to the initial message about Knot DNS starting. Since there was a complaint about this change, we plan to re-enable TCP ports reuse in future releases. We also ponder making knotd exit if it fails to bind to any of configured TCP ports. We would like hear from you whether such a behaviour is what you, users, want best. Please, let us know if you prefer this or a different solution. With regards, David Vašek CZ.NIC

4 roky, 4 měsíce

Knot DNS 3.0.1 release

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 3.0.1! It's recommended to update from 3.0.0 version if you serve DNSSEC signed zones with NSEC3. Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v3.0.1/NEWS Download: https://www.knot-dns.cz/download/ Documentation: https://www.knot-dns.cz/docs/3.0/html Support and sponsorship: https://www.knot-dns.cz/support Regards, Daniel

4 roky, 4 měsíce

Knot DNS 2.9.7 release

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 2.9.7! This is a bugfix version of previous stable branch. It's recommended to update from older 2.9.x versions if you serve DNSSEC signed zones with NSEC3. Knot DNS 3.0.1 will be released tomorrow. Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.9.7/NEWS Download: https://www.knot-dns.cz/download/ Documentation: https://www.knot-dns.cz/docs/2.9/html Support and sponsorship: https://www.knot-dns.cz/support Regards, Daniel

4 roky, 4 měsíce

Debugging high CPU / Load - normal?

by Jonathan Hewlett

Hi, We run around 50 knot servers around the world, with great success - thanks for the software! We are just a little curious about seemingly high CPU usage, and how best to interpret the results, if someone could advise? Specifically, we are seeing the majority of the cpu time in 'system' and not 'user', what would that suggest is happening perhaps? Any tuning help gratefully received! Our platform (sample) 24 Core CPU E5-2440 0 @ 2.40 64Gb RAM SSD knot-2.9.5, running on Centos 8.2 Currently receiving around 4k pps Server is authoritative for a 278 zones, the largest zone file being around 600Mb Output of top top - 20:50:38 up 6 days, 4:49, 2 users, load average: 13.47, 12.34, 11.83 Tasks: 321 total, 2 running, 318 sleeping, 0 stopped, 1 zombie %Cpu0 : 4.0 us, 34.1 sy, 0.0 ni, 60.3 id, 0.3 wa, 0.7 hi, 0.7 si, 0.0 st %Cpu1 : 4.3 us, 19.4 sy, 0.0 ni, 75.3 id, 0.0 wa, 0.3 hi, 0.7 si, 0.0 st %Cpu2 : 4.3 us, 33.8 sy, 0.0 ni, 60.9 id, 0.0 wa, 0.7 hi, 0.3 si, 0.0 st %Cpu3 : 5.0 us, 21.2 sy, 0.0 ni, 73.2 id, 0.0 wa, 0.3 hi, 0.3 si, 0.0 st %Cpu4 : 3.3 us, 34.9 sy, 0.0 ni, 61.5 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu5 : 3.0 us, 20.2 sy, 0.0 ni, 76.2 id, 0.0 wa, 0.3 hi, 0.3 si, 0.0 st %Cpu6 : 4.0 us, 35.2 sy, 0.0 ni, 60.4 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu7 : 5.0 us, 18.7 sy, 0.0 ni, 76.0 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu8 : 2.0 us, 35.0 sy, 0.0 ni, 62.3 id, 0.0 wa, 0.7 hi, 0.0 si, 0.0 st %Cpu9 : 2.0 us, 20.0 sy, 0.0 ni, 77.7 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu10 : 3.7 us, 34.4 sy, 0.0 ni, 61.2 id, 0.0 wa, 0.7 hi, 0.0 si, 0.0 st %Cpu11 : 3.3 us, 20.7 sy, 0.0 ni, 75.7 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu12 : 2.3 us, 34.6 sy, 0.0 ni, 62.1 id, 0.0 wa, 0.7 hi, 0.3 si, 0.0 st %Cpu13 : 3.3 us, 20.7 sy, 0.0 ni, 75.7 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu14 : 2.3 us, 33.6 sy, 0.0 ni, 59.7 id, 0.0 wa, 0.7 hi, 3.7 si, 0.0 st %Cpu15 : 3.3 us, 19.7 sy, 0.0 ni, 76.3 id, 0.0 wa, 0.3 hi, 0.3 si, 0.0 st %Cpu16 : 2.3 us, 34.0 sy, 0.0 ni, 58.7 id, 0.0 wa, 1.0 hi, 4.0 si, 0.0 st %Cpu17 : 2.3 us, 21.5 sy, 0.0 ni, 75.8 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st %Cpu18 : 3.3 us, 34.8 sy, 0.0 ni, 57.2 id, 0.0 wa, 0.7 hi, 4.0 si, 0.0 st %Cpu19 : 5.0 us, 19.3 sy, 0.0 ni, 75.1 id, 0.0 wa, 0.3 hi, 0.3 si, 0.0 st %Cpu20 : 2.7 us, 35.3 sy, 0.0 ni, 60.0 id, 0.0 wa, 0.7 hi, 1.3 si, 0.0 st %Cpu21 : 1.7 us, 20.5 sy, 0.0 ni, 77.2 id, 0.0 wa, 0.3 hi, 0.3 si, 0.0 st %Cpu22 : 4.7 us, 32.4 sy, 0.0 ni, 58.5 id, 0.0 wa, 0.7 hi, 3.7 si, 0.0 st %Cpu23 : 2.3 us, 19.0 sy, 0.0 ni, 78.3 id, 0.0 wa, 0.3 hi, 0.0 si, 0.0 st MiB Mem : 64107.4 total, 46764.9 free, 11733.6 used, 5608.8 buff/cache MiB Swap: 32248.0 total, 32248.0 free, 0.0 used. 51670.0 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 213370 knot 20 0 34.0g 9.6g 41784 S 644.9 15.3 1319:12 /usr/sbin/knotd Thanks again for this great product. Jonathan

4 roky, 4 měsíce

Catalog zone configuration/zone auto configuration bootstrapping

by Frank Matthieß

Hello all, i stuck a little bit with the configuration of the new catalog zone feature in knot dns 3.0.0. The catalog zone replication is running quite well, but bootstrapping this feature to replicate the config for zones wont work for me. The zone name of the catalog zone is "zone.catalog". The primary name server uses this config: > # Configuration export (Knot DNS 3.0.0) > zone: > - domain: "zone.catalog." > file: "%s" > notify: [ "ns1.frank.REDACTED.DOM", "ns2.frank.REDACTED.DOM" ] > acl: [ "ns1.frank.REDACTED.DOM", "ns2.frank.REDACTED.DOM" ] > catalog-role: "interpret" > catalog-template: "catalog-zone-template" > > - domain: "dom-siew9tho.invalid." The zone has this content: > [zone.catalog.] zone.catalog. 60 NS nshp.frank.REDACTED.DOM. > [zone.catalog.] zone.catalog. 60 SOA nshp.frank.REDACTED.DOM. hostmaster.REDACTED.DOM. 1601540072 16384 2048 1048576 2560 > [zone.catalog.] id-ies3eidiev4ooquahgoh.zone.catalog. 0 PTR dom-siew9tho.invalid. > [zone.catalog.] version.zone.catalog. 0 TXT "2" Adding the following config to the primary works: > conf-begin > conf-set zone.domain "dom-siew9tho.invalid." > conf-commit > zone-begin dom-siew9tho.invalid. > zone-set dom-siew9tho.invalid. @ 60 SOA nshp.frank.REDACTED.DOM. hostmaster.REDACTED.DOM. 1 16384 2048 1048576 2560 > zone-set dom-siew9tho.invalid. @ 60 NS nshp.REDACTED.DOM. > zone-commit dom-siew9tho.invalid. Query one of the secondaries (ns1) gives me: > error: (no such zone found) [dom-siew9tho.invalid.] The config of ns1: > # Configuration export (Knot DNS 3.0.0) > template: > - id: "catalog-zone-template" > storage: "/var/lib/knot/zones" > file: "%s" > semantic-checks: "on" > dnssec-signing: "off" > serial-policy: "unixtime" > kasp-db: "/var/lib/knot/kasp-db" > > zone: > - domain: "zone.catalog." > file: "%s" > master: "nshp.frank.REDACTED.DOM" > acl: "nshp.frank.REDACTED.DOM" > catalog-role: "interpret" > catalog-template: "catalog-zone-template" I'm sure i miss one or more parts and/or i have a serious misunderstanding of the bootstrapping setup for this feature. - frank -- Frank Matthieß Mail: frank.matthiess(a)virtion.de phone: +49 521 44 81 58 17 GnuPG: 9F81 BD57 C898 6059 86AA 0E9B 6B23 DE93 01BB 63D1 virtion GmbH Südring 11, DE 33647 Bielefeld Geschäftsführer: Michael Kutzner Handelsregister HRB 40374, Amtsgericht Bielefeld, USt-IdNr.: DE278312983

4 roky, 4 měsíce

copy key from one instance to another

by Ulrich Wisser

Hi! For a special project I need to sign the same zone on two servers with the same key. How can I create a key and import it in both instances? Or export an automatically generated key from one instance and import in the other instance? Kind regards from Stockholm /Ulrich

4 roky, 5 měsíců

termination of obsolete Knot DNS OBS repos

by Jakub Ružička

Following obsolete OBS package repositories will be terminated without mercy on Friday 18th September 2020: * [knot-dns](https://build.opensuse.org/project/show/home:CZ-NIC:knot-dns) * [knot-dns-latest](https://build.opensuse.org/package/show/home:CZ-NIC:knot-d… If you are using these repos, please refer to [Knot DNS download page](https://www.knot-dns.cz/download/) for links to current package repos for your favourite distribution. Jakub Ružička CZ.NIC packager

4 roky, 5 měsíců

Knot DNS 3.0.0 release

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 3.0.0! This version introduces lots of new features. You can read more about them on this blog post https://en.blog.nic.cz/2020/09/09/knot-dns-3-0-news/ Don't forget to check the updated benchmarks https://www.knot-dns.cz/benchmark/ Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v3.0.0/NEWS Migration: https://www.knot-dns.cz/docs/3.0/html/migration.html#upgrade-2-9-x-to-3-0-x Download: https://www.knot-dns.cz/download/ Documentation: https://www.knot-dns.cz/docs/3.0/html Support and sponsorship: https://www.knot-dns.cz/support Regards, Daniel

4 roky, 5 měsíců

Knot DNS 2.9.6 release

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 2.9.6! This is mostly a bug fix version with some small improvements. Just a notice, on September 9th we are going to release Knot DNS 3.0.0, which will become a new Current Latest version. Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.9.6/NEWS Source code: https://secure.nic.cz/files/knot-dns/knot-2.9.6.tar.xz https://secure.nic.cz/files/knot-dns/knot-2.9.6.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.9/html Support and funding: https://www.knot-dns.cz/support Regards, Daniel

4 roky, 5 měsíců

keymgr doesn't delete (remove) keys

by Chris

I'm currently on 2.6.5, and am moving everything to a new server I've created that's using the newest version. However, I've got a couple of zones I am trying to clean up before the move. In my effort to resign these zones, I'm retiring/removing keys associated with these zones prior to resigning them. But keymgr(8) isn't working as expected. eg; 12:25pm Fri, 21 # keymgr some.zone. set 09696 retire=20200821122736 remove=20200821122755 12:28pm Fri, 21 # keymgr some.zone. list iso ... 83ded1e7f4375657fe12ca666d4bbc6c33b7edea ksk=no zsk=yes tag=09696 algorithm=5 public-only=no created=2020-05-06T04:42:32 pre-active=2020-05-06T04:42:32 publish=2020-05-06T05:42:32 ready=1970-01-01T00:00:00 active=2020-05-06T18:42:32 retire-active=1970-01-01T00:00:00 retire=2020-08-21T12:27:36 post-active=1970-01-01T00:00:00 remove=2020-08-21T12:27:55 ... As you can see, it's 12:28 but the key was not removed. What am I (missing/misunderstanding? Thanks. --Chris

4 roky, 6 měsíců

← Newer
1
...
15
16
17
18
19
20
21
...
72
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users