Hello,
Yesterday I replaced one of my authoritative servers with knot 1.0.5
(previously powerdns). I am already delighted by the simplicity of knot,
so thank you for a nice piece of software.
I tried some configurations and noticed that I was unable to correctly
run as an unprivileged user. It seems that the problem is:
- start knotd as root.root
- create empty pidfile (owned by root.root)
- drop privileges to user 'knot.knot'
- write pid to pidfile (and fail doing so)
- log error:
2012-06-11T22:23:06+02:00 julie knot[31184]: [warning] Failed to create
PID file '/var/lib/knot/knot.pid'.
2012-06-11T22:23:06+02:00 julie knot[31184]: Server started as a daemon,
PID = 31184
2012-06-11T22:23:06+02:00 julie knot[31184]: [warning] Server running
without PID file.
When stopping knotd later on, the following is logged, and knotd does
not stop running.
2012-06-11T22:23:38+02:00 julie knot[31210]: [warning] Server PID not
found, probably not running.
I guess that either the pid file need to be chowned to the unprivileged
user before privileges are dropped, or the pid needs to be written to
the file earlier. Note that the file *is* created (despite the error
messages saying something else), but it is empty.
Kind regards,
Tom
Dear team,
I found that Knot DNS v1.0.6(from tarball) fails to serve
RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case.
-----[ knot.conf ]------------------------------------------
system {
storage "/proj/knot-dns/var";
}
zones {
32/27.2.0.192.in-addr.arpa {
file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa";
}
}
-----[ zone data ]------------------------------------------
$TTL 1d
$ORIGIN 32/27.2.0.192.in-addr.arpa
@ IN SOA ns.example1.jp. hostmaster.example1.jp. (
2012070401
20m
15m
4w
15m )
NS ns.example1.jp.
-----[ The result ]-----------------------------------------
kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa
[sudo] password for kohi:
2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32').
2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'.
kohi@lars[2]%
------------------------------------------------------------
Thanks in advance.
Koh-ichi Ito
Hi all,
we have created page for Knot DNS on Google+ [1]. We will try
to use that channel for communicating short interesting stuff
from the development. You will not be bored, we promise :)
1. https://plus.google.com/u/0/111568815130451558383/posts
Feel free to join the channel and/or spread the word around.
Ondrej
--
Ondřej Surý -- Chief Science Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury@nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
Hi,
another bugfix release of Knot DNS is out. This one corrects behaviour
with wildcard CNAMEs, when DNSSEC is requested (some NSECs/NSEC3s were
missing) and fixes some potential problems from incorrect use of RCU
synchronisation.
The sources are available here:
http://public.nic.cz/files/knot-dns/knot-1.0.6.tar.gz
GPG signature: http://public.nic.cz/files/knot-dns/knot-1.0.6.tar.gz.asc
Packages available at www.knot-dns.cz will be updated soon as well.
We are planning another release soon, with a lot of improvements and
small fixes in answers. Also we found out that the IXFR is still quite
slow with too many changes (more than 50 000 RRs changed) and are
working on that as well.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
yesterday's release contained an ugly bug that caused Knot not to create
journal files, which lead to IXFR being non-functional at all. We are
very sorry for this and immediately released a hotfix marked as 1.0.5.
Please, download the fixed version here:
http://public.nic.cz/files/knot-dns/knot-1.0.5.tar.gz
GPG signature: http://public.nic.cz/files/knot-dns/knot-1.0.5.tar.gz.asc
Packages will be updated soon as well.
With regards and apologies,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hi,
While knot seems to work fine for me given my testing sofar I would like to see the full documentation. In the man pages there is this reference:
The full documentation for Knot is maintained as a Texinfo manual. If the
info and Knot programs are properly installed at your site, the command
info Knot
should give you access to the complete manual.
I know what info is, but where is the actual texinfo file? I cannot find it in the distribution.
Regards,
Johan
Hello,
after some time, we are finally releasing version 1.0.4 of Knot DNS.
However, we hope the improvements we made are worth the waiting. First
of all, we sped up incoming IXFR processing A LOT. Also memory
consumption of the processing is slightly improved.
Besides, we addressed some bugs reported by our users and made some
other improvements. To name a few:
- Parallel loading of zones to the server.
- Support for TLSA (RR type 52).
- knotc checkzone (as a dry-run of zone compile).
- knotc refresh for forcing Knot to update all zones from master servers.
- Copying OPCODE and RD bit from query to NOTIMPL responses.
- Fixed crash when NS or MX points to an alias.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.0.4/en…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.0.4.tar.gz
Packages will be available soon on http://www.knot-dns.cz
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labshttp://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email:lubos.slovak@nic.cz
WWW:http://labs.nic.cz http://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign athttp://thinkBeforePrinting.org
Hi,
After moving one of my authoritative nameservers from bind to nsd, I
thought why not migrate another one to knot, it seems nice... :-)
So, I started writing a small script to output the knot conf bits I needed
only to find out that I can't find a way to do includes, like I do with
bind or nsd.
What's the usual way to do that kind of things ?
Is it possible to have more than one keys, remotes and zones sections ?
Regards,
--
Mathieu Arnold
Dear users,
we have just released a hotfixed version of Knot DNS. These last changes
address several issues:
- The last release slowed down the compilation a lot, due to some
changes in underlying code. This has been improved, so that the
compilation should be as fast as before.
- It turned out that Knot DNS was applying ENDS0 UDP payload limit also
to TCP queries - we are sorry for such a bug, it should be OK now.
- Besides, a missing include for FreeBSD was added and a potential crash
with many concurrent transfers was fixed too.
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.0.3.tar.gz
Packages will be available soon on http://www.knot-dns.cz
Next version is due to be released in a short time, featuring support
for new RR type TLSA (52).
Enjoy!
Lubos
Hello, list!
I encountered a problem when I tried to start Knot on FreeBSD 8.0.
When I tried start from rc.d script, Knotc freezed for 5 minutes until I
killed it.
When I tried "knotc start" nothing happened.
And when I tried start directly knotd, the following was happened:
dnssec-slave2# knotd -c /srvs/knot/etc/knot.conf
Reading configuration '/srvs/knot/etc/knot.conf' ...
Assertion failed: (knot_node_new_node(knot_dname_node(dname)) != NULL),
function xfrin_switch_node_in_dname_table, file libknot/updates/xfr-in.c,
line 2264.
Abort
--
AP
