knot-dns-users

knot-dns-users@lists.nic.cz

734 discussions

knot 2.3.0-3: Automatic DNSSEC signing: Current limitations and creating trusted-keys { ... }

by georg＠riseup.net

Hi all, I'm running {knot,knot-dnsutils} 2.3.0-3~bpo8+1 out of Debian jessie-backports, and enabled automatic DNSSEC signing, which works great! I've got two question, as per the subject: - According to [1], "KSK rollover is not implemented.". Does this mean, if the key was created and exists, then currently knot doesn't change / rollover the KSK? Is it safe to assume, that as long one is using this version, the key stays the same? - I'm running Unbound to do resolving and forwarding some forward and corresponding reverse zones to knot. To make DNSSEC work, I've created a trusted-keys { ... } file with all the KSK created and used by / with knot. Right now, I've created this file manually, using $ keymgr zone key show ... and $ cat $name_of_zone.json and putting it all together. Right now, is there a tool / utility / command which does this already? TIA and all the best, Georg [1] https://www.knot-dns.cz/docs/2.x/html/configuration.html#limitations

8 let, 8 měsíců

What is stored in Knot's zone timer database?

by Anand Buddhdev

Dear Knot devs, When Knot writes out the zone timer database, what pieces of information about a zone are stored? Regards, Anand

8 let, 8 měsíců

is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

by Toralf Förster

As a lazy slacker I do wonder about such a knot-in-a-nutshell-for-tor-exit-relay-operator-dummies doc ? ;) -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7

8 let, 8 měsíců

Multi-value options in "template" and "zone" sections

by Anand Buddhdev

Hi, This is mainly a question for the Knot developers. Suppose I have: template: - id: default acl: acl1 zone: - domain: zone acl: acl2 Does "zone" get "acl2" or "acl1, acl2" applied to it? Regards, Anand

8 let, 8 měsíců

Knot DNS 2.3.1 release

by Ondřej Surý

Hi fellow Knot DNS users and other mailing list lurkers, CZ.NIC just released a new version of Knot DNS. There are some bug fixes and improvements as usual. We fixed missing glue records in some responses, and there were some other minor nits. The most notable improvement was a speed-up of conf-commit and conf-diff operations when using zonedb. Users with hundred thousands zones and more will be amazed (we hope). There's also new EDNS Client Subnet API in libknot soon to be used in our sibling project Knot Resolver. On the new features front, kdig now can print TLS hierarchy for DNS over TLS, the knotc now contains zone-purge command and we have new mod-whoami module and new dnstap logging options contributed by Robert Edmonds. We would also like to invite everyone to migrate from Knot DNS 1.6.x to the current stable Knot DNS 2.x.x release. And that's it! Thank you for using Knot DNS. And we are really looking forward to your feedback. Full changelog: https://gitlab.labs.nic.cz/labs/knot/raw/v2.3.1/NEWS Sources: https://secure.nic.cz/files/knot-dns/knot-2.3.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-dns/knot-2.3.1.tar.xz.asc Documentation: https://www.knot-dns.cz/docs/2.x/html/ Regards, -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ --------------------------------------------

8 let, 8 měsíců

Where can I found the module of Geoip

by hou guanghua

Dear<https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users> sir, In the discussion issue, the feature "view" as bind will be supported next version. Where can I found the source code of module Geoip? Regards, Guanghua

8 let, 8 měsíců

Knot 2 on CentOS 6

by Anand Buddhdev

I would like to thank Jan Včelák for submitting the gnutls30 package into EPEL 6. This allows one to build Knot 2 for RHEL/CentOS 6 without having to hunt down any dependencies. We still run CentOS 6 and it's useful to be able to upgrade to Knot 2 on our servers. Thanks Jan! Regards, Anand

8 let, 9 měsíců

configuring dnstap in knot 2.2.1

by Lowell Mower

Hello: I've compiled knot 2.2.1 and configured with the --enable-dnstap flag but continue to get errors when starting knot and configuring it to use dnstap to write to a file see below: * * * * * * * * * * * * * * * * * * * * * * * * ./configure: knot 2.2.1 Target: linux-gnu x86_64 Compiler: gcc -std=gnu99 CFLAGS: -g -O2 -Wall -Werror=format-security -Werror=implicit -fpredictive-commoning LIBS: -lcap-ng -ldl -lpthread -lm LibURCU: -lurcu GnuTLS: -lgnutls -lnettle -I/usr/include/p11-kit-1 Jansson: -ljansson Libedit: -ledit -I/usr/include/editline LMDB: embedded Sanitizer: LibFuzzer: no Prefix: /usr/local Run dir: ${prefix}/var/run/knot Storage dir: ${prefix}/var/lib/knot Config dir: ${prefix}/etc/knot Configuration DB mapsize: 500 MiB Timers DB mapsize: 100 MiB Knot DNS libraries: yes Knot DNS daemon: yes Knot DNS utils: yes Knot DNS documentation: yes Use SO_REUSEPORT: yes Fast zone parser: no Utilities with IDN: no Systemd integration: no Dnstap support: yes Code coverage: no Bash completions: no PKCS 11 support: no Continue with 'make' command * * * * * * * * * * * * * * * * * * * * * * * * /etc/knot.conf server: listen: 100.88.99.132 nsid: knot-2.2.1-dnsproxy-0.1.0 log: - target: syslog any: info remote: - id: authcore address: 127.0.0.1@53535 mod-dnsproxy: - id: sdt remote: authcore template: - id: default global-module: mod-dnsproxy/sdt mod-dnstap: - id: capture_all sink: /tmp/dnstap.tap template: - id: default global-module: mod-dnstap/capture_all * * * * * * * * * * * * * * * * * * * * * * * * knotc -c /etc/knot.conf reload error: config, file '/etc/knot.conf', line 21, item 'mod-dnstap', value '' (invalid item) error: failed to load configuration file '/etc/knot.conf' (invalid item) * * * * * * * * * * * * * * * * * * * * * * * * I've tried various configurations and have been using: https://www.knot-dns.cz/docs/2.x/html/configuration.html#dnstap-dnstap-enab… as a guide. What am I missing?

8 let, 10 měsíců

DNS Cookies support

by Ulrich Wisser

Hi everybody! Today I wrote some code to test support for DNS Cookies. But unfortunately I couldn't find any servers supporting DNS Cookies. Of course this is most likely an error in my code. I couldn't find anything in the documentation, so my question is, does knot 2.3.0 support DNS Cookies? Could someone please point me to a server supporting DNS Cookies? What would be a good test? Right now I do send a query with a cookie and see if I get a cookie in return. Kind Regards Ulrich -- Ulrich Wisser ulrich(a)wisser.se

8 let, 10 měsíců

Re: [knot-dns-users] Error with secondaries: IXFR failed to start (not enough memory)

by daniel.salzman＠nic.cz

On 2016-08-22 19:55, Hugo Salgado wrote: > Hi Daniel. > Yes, I changed the storage directory to other location with right > permissions, and now the logs said: > > 2016-08-22T17:52:21 info: [manojitos.cl] zone loader, semantic check, > completed > 2016-08-22T17:52:21 info: [manojitos.cl] loaded, serial 2016010416 -> > 2016010417 > 2016-08-22T17:52:21 info: [manojitos.cl] NOTIFY, outgoing, > 200.1.123.7@53: serial 2016010417 > 2016-08-22T17:52:22 info: [manojitos.cl] IXFR, outgoing, > 200.1.123.7@16933: incomplete history, fallback to AXFR > 2016-08-22T17:52:22 info: [manojitos.cl] AXFR, outgoing, > 200.1.123.7@16933: started, serial 2016010417 > 2016-08-22T17:52:22 info: [manojitos.cl] AXFR, outgoing, > 200.1.123.7@16933: finished, 0.00 seconds, 1 messages, 3820 bytes > > So there's no error. > > Thanks a lot. Can I suggest to improve the previous error log? Maybe > if it can say "bad permission" instead of "not enough memory" could > be better to administrators :) > Of course, the message is very confusing. Best, Daniel > Best, > > Hugo > > > On 08/22/2016 01:22 PM, daniel.salzman(a)nic.cz wrote: >> Hi, >> >> You have the storage directory under /etc. I suspect the server is not >> allowed to create a zone journal file there. The journal is important >> for IXFR. >> Could you verify that? In such a case you can configure proper >> zone.file location >> but different zone.storage directory. >> >> Daniel >> >> On 2016-08-22 16:18, Hugo Salgado wrote: >>> Hi Daniel. Here I'm attaching my .conf. >>> >>> Thanks a lot! >>> >>> Hugo >>> >>> On 08/22/2016 05:46 AM, Daniel Salzman wrote: >>>> Hi Hugo, >>>> >>>> I can't reproduce your problem. Could you send me your configuration >>>> file >>>> please? Don't forget to mangle sensitive information, like TSIG key. >>>> >>>> Thank you, >>>> Daniel >>>> >>>> On 08/19/2016 07:57 PM, Hugo Salgado wrote: >>>>> Hi. >>>>> I have a KNOT master with a small zone (32 records), which is >>>>> logging an >>>>> error after the secondary (BIND) tries to update the zone. AFAIK, >>>>> Bind >>>>> tries with IXFR first, but my master says: >>>>> >>>>> 2016-08-19T16:32:12 error: [manojitos.cl] IXFR, outgoing, >>>>> 200.1.123.7@29095: failed to start (not enough memory) >>>>> >>>>> After that the secondary retries with AXFR, and that works: >>>>> >>>>> 2016-08-19T16:32:12 info: [manojitos.cl] AXFR, outgoing, >>>>> 200.1.123.7@13644: started, serial 2016011013 >>>>> 2016-08-19T16:32:12 info: [manojitos.cl] AXFR, outgoing, >>>>> 200.1.123.7@13644: finished, 0.00 seconds, 1 messages, 2573 bytes >>>>> >>>>> The error is the same the first time I provision the zone in the >>>>> secondary as in following updates. Is there a bug in the error >>>>> message, >>>>> or should I worry for some memory requirement in my server (or >>>>> service)? >>>>> >>>>> I'm with Knot 2.3.0 on a FreeBSD 10.3-release-p7. The secondary is >>>>> not >>>>> under my administration, but I was told is Bind with an up-to-date >>>>> version. >>>>> >>>>> Thanks! >>>>> >>>>> Hugo >>>>> >>>>> _______________________________________________ >>>>> knot-dns-users mailing list >>>>> knot-dns-users(a)lists.nic.cz >>>>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users >>>>

8 let, 10 měsíců

← Newer
1
...
43
44
45
46
47
48
49
...
74
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users