knot-dns-users

knot-dns-users@lists.nic.cz

738 discussions

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 2.9.0! This powerful version is full of new features, improvements, and code cleanups. Please, look at the changelog. Also note that today Knot DNS 2.7 reached its End-of-life and in the following days the official repositories will be upgraded to reflect currently supported versions (current stable -> 2.9.0, previous stable -> 2.8.4). Special thanks go to Christian Petrasch, Manuel Domke, and Jürgen Geinitz for their continuous testing! Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.9.0/NEWS Benchmark: https://www.knot-dns.cz/benchmark/ Source code: https://secure.nic.cz/files/knot-dns/knot-2.9.0.tar.xz https://secure.nic.cz/files/knot-dns/knot-2.9.0.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.9/html Support and funding: https://www.knot-dns.cz/support Regards, Daniel

5 let, 11 měsíců

Knot DNS 2.8.4 release

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 2.8.4! Besides various fixes and improvements, this version brings new DS push mechanism for automatic DS record uploading to parent zone during KSK rollover. Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.8.4/NEWS Source code: https://secure.nic.cz/files/knot-dns/knot-2.8.4.tar.xz https://secure.nic.cz/files/knot-dns/knot-2.8.4.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.8/html Support and funding: https://www.knot-dns.cz/support Regards, Daniel

5 let, 11 měsíců

Quick Survey

by Daniel Salzman

Hello Knot DNS users, I would like to ask you if anybody uses request-edns-option configuration option? See https://www.knot-dns.cz/docs/2.8/singlehtml/index.html#request-edns-option for more info. Thank you, Daniel

6 let

Feature Request: expose knotc and keymgr API in a library

by Ray Hunter (v6ops)

Hi. Firstly, a big thank-you for knotd. I've been writing some code for automatic configuration of DNS delegations, including dnssec. It's been very straightforward with knot. The code is very clean, and the documentation extensive. Now my request: Your control programs seem to assume that the user is running knotc or keymgr and generating commands interactively or via a script. Would it be possible to expose all of the knotc and the keymgr API functions into a separate library, like libknotd-ctrl, plus a set of header files? At the moment I'm forking off external shell scripts from my program, and that works fine, but if I could call and link these control functions direct from my own code it would be great. It's probably possible already with some automake magic, but it's not easy for someone of my limited skills level. The code already exists, it'd just be some additional build steps AFAICS. -- regards, RayH <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campai…>

6 let

prometheus exporter

by Gert Doering

Hiya, trying to get our knot dns server (FreeBSD pkg, 2.8.1) to export prometheus statistics. I found https://github.com/ghedo/knot_exporter, which looks promising (and I found that knot-resolver has this all built in, but this doesn't help me :-/ ). So, I've installed the required python modules, and when I start the knot_exporter (with the right paths and everything) it complains to me: $ /tmp/knot_exporter --web-listen-port 4041 --knot-library-path ... Traceback (most recent call last): File "/tmp/knot_exporter", line 489, in <module> args.knot_socket_timeout, File "/usr/local/lib/python3.6/site-packages/prometheus_client/registry.py", line 24, in register names = self._get_names(collector) File "/usr/local/lib/python3.6/site-packages/prometheus_client/registry.py", line 64, in _get_names for metric in desc_func(): File "/tmp/knot_exporter", line 434, in collect for zone, zone_data in zone_stats["zone"].items(): KeyError: 'zone' so, I read the manual, and it says that this should be sufficient: template: - id: default storage: /usr/local/etc/dnsmgmt/data/CA/knot disable-any: true acl: [ acl_transfer, acl_notify ] global-module: mod-stats with or without mod-stats: - id: default request-protocol: on server-operation: on edns-presence: on flag-presence: on response-code: on reply-nodata: on query-type: on ... but it does not seem to make a difference. So - if one of you has a working knot-server knot.conf that exports data to prometheus, can you share it? thanks, Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

6 let

Specify wildcard subdomain static hints

by Balakrishnan B

I am trying to add wildcard static hints to catch all local domains like below. But does not seem to work. hints['nextcloud.local'] = '127.0.0.1' # This works fine hints['*.local'] = '127.0.0.1' hints['.local'] = '127.0.0.1' DNSMasq supports this like https://stackoverflow.com/a/22551303 Is there way to do this in knot? Thanks, Bala

6 let, 1 měsíc

Knot DNS 2.8.3 and 2.7.8 releases

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 2.8.3 and Knot DNS 2.7.8! The most important fix relates to excessive server load when maximum TCP clients limit is reached. It's also recommended to increase https://www.knot-dns.cz/docs/2.8/singlehtml/index.html#max-tcp-clients if TCP traffic is high. Changelogs: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.8.3/NEWS https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.7.8/NEWS Source code: https://secure.nic.cz/files/knot-dns/knot-2.8.3.tar.xz https://secure.nic.cz/files/knot-dns/knot-2.8.3.tar.xz.asc https://secure.nic.cz/files/knot-dns/knot-2.7.8.tar.xz https://secure.nic.cz/files/knot-dns/knot-2.7.8.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.8/html https://www.knot-dns.cz/docs/2.7/html Support and funding: https://www.knot-dns.cz/support Regards, Daniel

6 let, 1 měsíc

Knot DNS 2.8.2 release

by Daniel Salzman

Hello Knot DNS users, CZ.NIC has released Knot DNS 2.8.2! This version mainly fixes some Offline-KSK and geoip issues, and brings a few new features. Changelog: https://gitlab.labs.nic.cz/knot/knot-dns/raw/v2.8.2/NEWS Source code: https://secure.nic.cz/files/knot-dns/knot-2.8.2.tar.xz https://secure.nic.cz/files/knot-dns/knot-2.8.2.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.8/html Support and funding: https://www.knot-dns.cz/support Regards, Daniel

6 let, 3 měsíce

Problems with serial when using knot as standalone DNSSEC signer

by Sebastian Wiesinger

Hi, we're using knot as a bump-in-the-wire DNSSEC Signer. The setup is as follows: BIND9(unsigned) -> AXFR -> knot(signing) -> AXFR -> BIND9(signed) The zone starts out with a low serial like 10 or 11. knot has a serial-policy: unixtime for the zones. Problem is, whenever an update is pushed the serial number is decreased again from unixtime back to the original serial which prevents the zone from propagating to the slaves. Example (test zone): template: - id: slave-dnssec-ecdsap256 storage: "/var/lib/knot/slave" file: "%s.zone" zonefile-load: difference dnssec-signing: on dnssec-policy: ecdsap256 master: ns1_signer notify: ns1 acl: acl_ns1 zone: - domain: xn--78jubwhb.xn--q9jyb4c template: slave-dnssec-ecdsap256 serial-policy: unixtime Here is an example where first a manual "zone-sign" is done to update the serial to current unixtime (12 -> 1559298292) and after that the zone is transferred in again which results in a serial decrease (1559298292 -> 13). [xn--78jubwhb.xn--q9jyb4c.] control, received command 'zone-sign' [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, dropping previous signatures, re-signing zone [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, key, tag 49852, algorithm ECDSAP256SHA256, KSK, public, active [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, key, tag 55142, algorithm ECDSAP256SHA256, public, active [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, signing started [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, successfully signed [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, next signing at 2019-06-07T12:24:52 [xn--78jubwhb.xn--q9jyb4c.] zone file updated, serial 12 -> 1559298292 [xn--78jubwhb.xn--q9jyb4c.] notify, outgoing, remote 176.9.75.248@53, serial 1559298292 [xn--78jubwhb.xn--q9jyb4c.] AXFR, outgoing, remote 176.9.75.248@60025, started, serial 1559298292 [xn--78jubwhb.xn--q9jyb4c.] AXFR, outgoing, remote 176.9.75.248@60025, finished, 0.00 seconds, 1 messages, 1819 bytes [xn--78jubwhb.xn--q9jyb4c.] notify, incoming, remote 176.9.75.248@9104, received, serial 13 [xn--78jubwhb.xn--q9jyb4c.] refresh, remote 176.9.75.248@53, remote serial 13, zone is outdated [xn--78jubwhb.xn--q9jyb4c.] IXFR, incoming, remote 176.9.75.248@53, receiving AXFR-style IXFR [xn--78jubwhb.xn--q9jyb4c.] AXFR, incoming, remote 176.9.75.248@53, starting [xn--78jubwhb.xn--q9jyb4c.] AXFR, incoming, remote 176.9.75.248@53, finished, 0.00 seconds, 1 messages, 321 bytes [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, key, tag 49852, algorithm ECDSAP256SHA256, KSK, public, active [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, key, tag 55142, algorithm ECDSAP256SHA256, public, active [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, signing started [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, successfully signed [xn--78jubwhb.xn--q9jyb4c.] DNSSEC, next signing at 2019-06-07T12:25:21 [xn--78jubwhb.xn--q9jyb4c.] refresh, remote 176.9.75.248@53, zone updated, 0.10 seconds, serial 12 -> 13 [xn--78jubwhb.xn--q9jyb4c.] zone file updated, serial 1559298292 -> 13 [xn--78jubwhb.xn--q9jyb4c.] notify, outgoing, remote 176.9.75.248@53, serial 13 How to prevent this? We want knot to always use the current unixtime for the zone. Best Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant

6 let, 3 měsíce

Knot není dostupný na UDP

by Ondřej Budín

Dobrý den, zkouším rozjet Knot DNS, ovšem narazil jsem na problém - knotd mi neposlouchá na UDP portu. Upozornil mě na to nástroj http://dnsviz.net. Poradí mi někdo prosím, co by mohlo být špatně a jak z toho ven? Mám podezření na modul *noudp*, ovšem marně se snažím dohledat nějaké podrobnější informace, popisující jak vůbec moduly fungují a jak se s nimi pracuje. Knot jsem instaloval z repositáře https://deb.knot-dns.cz/knot-latest. knotd (Knot DNS), version 2.8.1; Debian 9 Děkuji. -- S pozdravem Ondřej Budín

6 let, 3 měsíce

← Newer
1
...
22
23
24
25
26
27
28
...
74
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users