Hi,
we've recently corrected two issues: the server crashed when trying to
reload configuration with duplicate zones and zone transfers scheduling
was broken, causing sometimes (but very rarely) some zones not to be
synced with master properly, so we are releasing the fixed version right
away.
Sources of this version are here:
http://public.nic.cz/files/knot-dns/knot-1.1.2-rc1.tar.gz
GPG signature:
http://public.nic.cz/files/knot-dns/knot-1.1.2-rc1.tar.gz.asc
Final v1.1.2 will be released in a week.
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello,
final release 1.1.1 of Knot DNS was just released. We just fixed one
small bug since last week's release candidate. Now should be stable.
Enjoy and stay tuned for version 1.2, which should be out in late
November and will bring the long desired support for Dynamic Updates and
some other improvements!
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello,
I have setup a KNOT dns server but I'm having troubles with the UDP
queries. The server is not answering to the UDP queries but it is
answering to queries in TCP.
The server is running on a CentOS release 6.3 (Final) and the
configuration file is the following.
*************knot.conf***********
system {
identity "Yet.another.server";
nsid "Yet.another.server";
storage "/opt/knot_run/knot-minimal";
pidfile "/opt/knot_run/knot.pid";
user root;
}
interfaces {
ipv4 { address 127.0.0.1@53; }
ipv4 { address 193.137.197.25@53; }
}
remotes {
ns-test01 { address 193.136.192.86@53; }
ns-test02 { address 193.136.192.87@53; }
ns-test03 { address 193.137.196.30@53; }
ns-test04 { address 193.137.196.31@53; }
}
zones {
zonetest-01.dns.pt {
file "/opt/knot_run/zones/zonetest01";
xfr-in ns-test01;
notify-in ns-test01;
}
zonetest-06.dns.pt {
file "/opt/knot_run/zones/zonetest06";
}
}
log {
file "/opt/knot_run/log/knot.log" { any all; }
}
**********************************
The output of the log file is
********knot.log******************
2012-09-17T10:25:40.208574+01:00 Stopping server...
2012-09-17T10:25:40.210677+01:00 Server finished.
2012-09-17T10:25:40.211260+01:00 Shut down.
2012-09-17T10:25:40.230967+01:00 Binding to interface 127.0.0.1 port 53.
2012-09-17T10:25:40.231283+01:00 Binding to interface 193.137.197.25
port 53.
2012-09-17T10:25:40.232162+01:00 Loading 2 compiled zones...
2012-09-17T10:25:40.233783+01:00 Loaded zone 'zonetest-01.dns.pt.'
2012-09-17T10:25:40.237553+01:00 Loaded zone 'zonetest-06.dns.pt.'
2012-09-17T10:25:40.238983+01:00 Loaded 2 out of 2 zones.
2012-09-17T10:25:40.239044+01:00 Configured 2 interfaces and 2 zones.
2012-09-17T10:25:40.239078+01:00
2012-09-17T10:25:40.239111+01:00 Starting server...
2012-09-17T10:25:40.240688+01:00 Server started as a daemon, PID = 8599
2012-09-17T10:25:40.240772+01:00 PID stored in /opt/knot_run/knot.pid
*********************************
And an example of the query's
*********************************
[root@ns-test06 ~]# dig @127.0.0.1 zonetest-06.dns.pt +tcp
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> @127.0.0.1
zonetest-06.dns.pt +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30969
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;zonetest-06.dns.pt. IN A
;; ANSWER SECTION:
zonetest-06.dns.pt. 3600 IN A 193.137.196.42
;; AUTHORITY SECTION:
zonetest-06.dns.pt. 3600 IN NS ns-test01.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test02.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test03.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test04.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test06.dns.pt.
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 17 10:25:49 2012
;; MSG SIZE rcvd: 202
[root@ns-test06 ~]# dig @127.0.0.1 zonetest-06.dns.pt
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> @127.0.0.1
zonetest-06.dns.pt
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
*********************************
Can anyone help me with this problem?
Best regards,
--
Eduardo Duarte
SIT-DNS
DNS.PT - https://www.dns.pt/
FCCN - http://www.fccn.pt/
Greetings. This seems a bit odd. I have a zone file with:
=====
$TTL 6
test79.example.com. IN SOA foo.example.com. dns.test79.example.com. ( 201209150 5m 1m 2w 5m )
test79.example.com. IN NS foo.example.com.
test79.example.com. IN TYPE79 \# 4 deadface
=====
Trying to compile it gives:
=====
Parsing file '/home/dns/Files/foo.conf', origin 'test79.example.com.' ...
/home/dns/Files/foo.conf:4: error: bad unknown RDATA
Parser finished with error, not dumping the zone!
error: Compilation of 'test79.example.com.' failed, knot-zcompile return code was '1'
=====
This zone file works fine in BIND, NSD, and PowerDNS. It seems that either Knot cannot use the standard mechanism for defining unknown RRtypes (RFC 3597), or it maybe has a different syntax. Clues are appreciated.
--Paul Hoffman
Hi!
I run Knot with option
apn@knot-test:/home/apn>grep user /usr/local/etc/knot/knot.conf
user bind.dns;
apn@knot-test:/home/apn>ps uaxww | grep knot
bind 9925 0.0 0.8 33760 8736 ?? Ss 4:03PM 0:00.07
/usr/local/sbin/knotd -d -c /usr/local/etc/knot/knot.conf
apn@knot-test:/home/apn>knotc -V
Knot DNS, version 1.1.0-rc2
apn@knot-test:/home/apn>uname -a
FreeBSD knot-test.local 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3
07:46:30 UTC 2012
root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Everything is fine except for one: I can't control Knot via knotc
under my account and have to raise my privileges.
apn@knot-test:/home/apn>knotc running
2012-09-03T17:33:20.801730+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:33:20.802876+04:00 Server PID not found, probably not running.
2012-09-03T17:33:20.803099+04:00 [warning] PID file is stale.
apn@knot-test:/home/apn>knotc reload
2012-09-03T17:57:01.706820+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:01.707934+04:00 [warning] Server PID not found,
probably not running.
apn@knot-test:/home/apn>knotc refresh
2012-09-03T17:57:11.314605+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:11.315736+04:00 [warning] Server PID not found,
probably not running.
I believe that is because of using of kill(2) in pid_running(). So I'm
wondering how unprivileged user can send commands to Knot?
Thanks in advance.
--
AP
Hi,
second Release Candidate of Knot DNS 1.1 is out now. We slightly
improved and fixed the user manual, fixed two minor bugs:
- generating journal for IXFR when the zone contains IPSECKEY and APL
records in binary format,
- possible leak on server shutdown with a pending transfer
and fixed the behaviour of slave server using TSIG. It did not sign SOA
queries to master, causing it to fail the zone version check when
talking to Bind with allow-query configured to use TSIG key.
Source files are available here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz
GPG signature:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz.asc
Packages will be updated soon at the usual place on http://www.knot-dns.cz.
Please provide us with any feedback before the final 1.1 release next week.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
we've just released a Release Candidate of Knot DNS 1.1. The new version
brings a lot of enhancements and bugfixes which improve stability and
interoperability of Knot DNS. It also contains a complete User manual
for easier deployment. The manual can be either built from the sources
('make pdf' or 'make html'), or accessed online via Knot DNS website
(http://www.knot-dns.cz).
Here are some highlights of changes in the new version:
- Improved speed of incoming IXFR even more.
- Optimized loading of many zones.
- Option to disable authoritative ANY answers as a mitigation to recent
DDoS reflection attacks.
- Fixed some problems and leaks cased if an IXFR transfer failed (e.g.
because of malformed data).
- Improved malformed packet parsing and handling.
- Fixed answering in some special cases.
We also implemented an option to generate zone differences from zone
reload and using them for IXFR journal. Thus Knot DNS may serve as IXFR
primary master (until now, it needed to obtain the differences by a
transfer from some other master). However, this feature is only
experimental, so use it with care. We do not guarantee that the results
will be always good or that it won't compromise the stability of the server.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0-rc…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc1.tar.gz
GPG signature:
Packages will be available soon on http://www.knot-dns.cz.
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org