Hi,
> How would one go about converting from PowerDNS to KnotDNS on an active
> realtime AnyCast DNS network with maximum seamless efficiency or minimal temporary
> disruption of services to existing DNS users?
>
If it's truly anycast it should only be easier, I would simply:
- stop announcing the anycasted prefix at node #1
- once you see no queries anymore: convert and test
- after finishing: switch on routing
- repeat untill node #last
Unless you have bizarre performance complications, above would be more safe than converting an active node.
Did I maybe misunderstand the question? Or did you mean:
"how to convert from pdns with a transactional SQL backend to a conventional DNS setup with Knot" ..?
Leo
Hello All,
I've decided to use Knot DNS as secondary nameserver for my local zone.
I have several subnets connected via VPN and they have their own
nameservers. So, there are records in my zone
zu-gw.vpn.mithril. 3600 IN A 172.19.0.6
zu.mithril. 3600 IN NS zu-gw.vpn.mithril.
and I want to resolve domain in zu.mithril:
BIND (master):
# dig @tessa.mithril melissa.zu.mithril
; <<>> DiG 9.8.3-P4 <<>> @tessa.mithril melissa.zu.mithril
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7626
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;melissa.zu.mithril. IN A
;; ANSWER SECTION:
melissa.zu.mithril. 0 IN A 172.19.3.1
;; AUTHORITY SECTION:
zu.mithril. 3600 IN NS zu-gw.vpn.mithril.
;; ADDITIONAL SECTION:
zu-gw.vpn.mithril. 3600 IN A 172.19.0.6
;; Query time: 143 msec
;; SERVER: 172.19.37.1#53(172.19.37.1)
;; WHEN: Wed Jan 14 19:24:27 2015
;; MSG SIZE rcvd: 92
KNOT (secondary):
# dig @mira.mithril melissa.zu.mithril
; <<>> DiG 9.8.3-P4 <<>> @mira.mithril melissa.zu.mithril
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10182
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;melissa.zu.mithril. IN A
;; AUTHORITY SECTION:
zu.mithril. 3600 IN NS zu-gw.vpn.mithril.
;; ADDITIONAL SECTION:
zu-gw.vpn.mithril. 3600 IN A 172.19.0.6
;; Query time: 0 msec
;; SERVER: 172.19.38.2#53(172.19.38.2)
;; WHEN: Wed Jan 14 19:24:51 2015
;; MSG SIZE rcvd: 76
I understand that it's happening because of recursion in bind, but how
can I solve this problem in knot?
--
With best regards,
Eugene Bolshakoff
How would one go about converting from PowerDNS to KnotDNS on an active realtime AnyCast DNS network with maximum seamless efficiency or minimal temporary disruption of services to existing DNS users?
Hi Knot developers,
I've now installed version 1.6.1 on some servers, and I'm observing some
journal related issues, and I have questions about them. First off,
here's one issue:
2014-12-15T06:00:56 info: [203.in-addr.arpa] NOTIFY, incoming,
193.0.0.198@53535: received serial 3006121318
2014-12-15T06:00:56 info: [203.in-addr.arpa] refresh, outgoing,
193.0.0.198@53: master has newer serial 3006121317 -> 3006121318
2014-12-15T06:00:56 info: [203.in-addr.arpa] IXFR, incoming,
193.0.0.198@53: starting
2014-12-15T06:00:57 warning: [203.in-addr.arpa] IXFR, incoming,
193.0.0.198@53: failed to write changes to journal (not enough space
provided)
2014-12-15T06:00:58 notice: [203.in-addr.arpa] IXFR, incoming,
193.0.0.198@53: fallback to AXFR
2014-12-15T06:00:58 info: [203.in-addr.arpa] AXFR, incoming,
193.0.0.198@53: starting
2014-12-15T06:00:59 info: [203.in-addr.arpa] AXFR, incoming,
193.0.0.198@53: finished, serial 3006121317 -> 3006121318, 0.65 seconds,
171 messages, 7960312 bytes
So it looks like the IXFR is too big, and won't fit into the journal,
and Knot is falling back to AXFR. When I requested this IXFR by hand, I got:
$ dig ixfr=3006121317 203.in-addr.arpa @193.0.0.198
...
...
;; XFR size: 121779 records (messages 170, bytes 7963389)
The size of the IXFR in bytes is below the configured file size limit
(10M), but I suspect that 7963389 bytes probably take up more room in
the journal, so Knot can't write into it, and is falling back to AXFR.
Are you able to tell me (approximately of course), how much disk space
is required for a given number of bytes of IXFR? This will help me tune
the setting of ixfr-fslimit to avoid this unnecessary fallback to AXFR.
Hi Knot developers,
I have another question about journals. I've noticed that for one zone,
the journal size is 9M (with my configured limit at 10M).
Now, I see this each time in the logs:
2014-12-15T07:56:02 notice: [103.in-addr.arpa] journal is full, flushing
2014-12-15T08:13:09 notice: [103.in-addr.arpa] journal is full, flushing
2014-12-15T08:16:35 notice: [103.in-addr.arpa] journal is full, flushing
2014-12-15T08:20:27 notice: [103.in-addr.arpa] journal is full, flushing
It looks like once a journal is close to the maximum size, then it just
remains at that size, with the result that each time an IXFR comes in,
and overflows the journal, Knot wants to flush the changes to disk
immediately. Does Knot discard old records from the journal at this point?
Anand
Knot DNS depends on zlib to calculate Adler-32 checksums. A comment in
crc.h states that it “should be removed”. I want to use knsupdate on
OpenWRT and would also like to remove the dependency.
Unfortunately, there is no single library that provides only Adler-32
checksums and every examined software either relies on zlib or its
bundled implementation of varying quality and speed. Other projects seem
to use CRC32C because there is an instruction to calculate it in the
SSE4.2 instruction set. But again there is no library that only
implements only CRC32C checksums. Switching to CRC32C would also make
the journal format incompatible.
I'm inclined to just copy the reference implementation from RFC 1950 for
my purposes but wanted to check with the upstream maintainers whether
there are any plans or ideas.
It would also be nice if the configure script would have an option to
not include and compile unused functionality from libknot and
libzscanner to minimize binaries sizes.
- Matthias-Christian
In your documentation you say:
Single-Type Signing Scheme is not supported.
I only want to sign with a single key in some cases, i.e.
there is no value in having the split as updating my parent is easy.
Olafur
I am looking around for an rpm deployment since I have a "hardened" box
that I wanted to install this on.
Was going to try to build my own, but it looks like libucru is not
readily available for the this distribution either.
help or links?
Thanks,
Lynch