Hello,
I have setup a KNOT dns server but I'm having troubles with the UDP
queries. The server is not answering to the UDP queries but it is
answering to queries in TCP.
The server is running on a CentOS release 6.3 (Final) and the
configuration file is the following.
*************knot.conf***********
system {
identity "Yet.another.server";
nsid "Yet.another.server";
storage "/opt/knot_run/knot-minimal";
pidfile "/opt/knot_run/knot.pid";
user root;
}
interfaces {
ipv4 { address 127.0.0.1@53; }
ipv4 { address 193.137.197.25@53; }
}
remotes {
ns-test01 { address 193.136.192.86@53; }
ns-test02 { address 193.136.192.87@53; }
ns-test03 { address 193.137.196.30@53; }
ns-test04 { address 193.137.196.31@53; }
}
zones {
zonetest-01.dns.pt {
file "/opt/knot_run/zones/zonetest01";
xfr-in ns-test01;
notify-in ns-test01;
}
zonetest-06.dns.pt {
file "/opt/knot_run/zones/zonetest06";
}
}
log {
file "/opt/knot_run/log/knot.log" { any all; }
}
**********************************
The output of the log file is
********knot.log******************
2012-09-17T10:25:40.208574+01:00 Stopping server...
2012-09-17T10:25:40.210677+01:00 Server finished.
2012-09-17T10:25:40.211260+01:00 Shut down.
2012-09-17T10:25:40.230967+01:00 Binding to interface 127.0.0.1 port 53.
2012-09-17T10:25:40.231283+01:00 Binding to interface 193.137.197.25
port 53.
2012-09-17T10:25:40.232162+01:00 Loading 2 compiled zones...
2012-09-17T10:25:40.233783+01:00 Loaded zone 'zonetest-01.dns.pt.'
2012-09-17T10:25:40.237553+01:00 Loaded zone 'zonetest-06.dns.pt.'
2012-09-17T10:25:40.238983+01:00 Loaded 2 out of 2 zones.
2012-09-17T10:25:40.239044+01:00 Configured 2 interfaces and 2 zones.
2012-09-17T10:25:40.239078+01:00
2012-09-17T10:25:40.239111+01:00 Starting server...
2012-09-17T10:25:40.240688+01:00 Server started as a daemon, PID = 8599
2012-09-17T10:25:40.240772+01:00 PID stored in /opt/knot_run/knot.pid
*********************************
And an example of the query's
*********************************
[root@ns-test06 ~]# dig @127.0.0.1 zonetest-06.dns.pt +tcp
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> @127.0.0.1
zonetest-06.dns.pt +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30969
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;zonetest-06.dns.pt. IN A
;; ANSWER SECTION:
zonetest-06.dns.pt. 3600 IN A 193.137.196.42
;; AUTHORITY SECTION:
zonetest-06.dns.pt. 3600 IN NS ns-test01.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test02.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test03.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test04.dns.pt.
zonetest-06.dns.pt. 3600 IN NS ns-test06.dns.pt.
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 17 10:25:49 2012
;; MSG SIZE rcvd: 202
[root@ns-test06 ~]# dig @127.0.0.1 zonetest-06.dns.pt
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> @127.0.0.1
zonetest-06.dns.pt
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
*********************************
Can anyone help me with this problem?
Best regards,
--
Eduardo Duarte
SIT-DNS
DNS.PT - https://www.dns.pt/
FCCN - http://www.fccn.pt/
Greetings. This seems a bit odd. I have a zone file with:
=====
$TTL 6
test79.example.com. IN SOA foo.example.com. dns.test79.example.com. ( 201209150 5m 1m 2w 5m )
test79.example.com. IN NS foo.example.com.
test79.example.com. IN TYPE79 \# 4 deadface
=====
Trying to compile it gives:
=====
Parsing file '/home/dns/Files/foo.conf', origin 'test79.example.com.' ...
/home/dns/Files/foo.conf:4: error: bad unknown RDATA
Parser finished with error, not dumping the zone!
error: Compilation of 'test79.example.com.' failed, knot-zcompile return code was '1'
=====
This zone file works fine in BIND, NSD, and PowerDNS. It seems that either Knot cannot use the standard mechanism for defining unknown RRtypes (RFC 3597), or it maybe has a different syntax. Clues are appreciated.
--Paul Hoffman
Hi!
I run Knot with option
apn@knot-test:/home/apn>grep user /usr/local/etc/knot/knot.conf
user bind.dns;
apn@knot-test:/home/apn>ps uaxww | grep knot
bind 9925 0.0 0.8 33760 8736 ?? Ss 4:03PM 0:00.07
/usr/local/sbin/knotd -d -c /usr/local/etc/knot/knot.conf
apn@knot-test:/home/apn>knotc -V
Knot DNS, version 1.1.0-rc2
apn@knot-test:/home/apn>uname -a
FreeBSD knot-test.local 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3
07:46:30 UTC 2012
root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
Everything is fine except for one: I can't control Knot via knotc
under my account and have to raise my privileges.
apn@knot-test:/home/apn>knotc running
2012-09-03T17:33:20.801730+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:33:20.802876+04:00 Server PID not found, probably not running.
2012-09-03T17:33:20.803099+04:00 [warning] PID file is stale.
apn@knot-test:/home/apn>knotc reload
2012-09-03T17:57:01.706820+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:01.707934+04:00 [warning] Server PID not found,
probably not running.
apn@knot-test:/home/apn>knotc refresh
2012-09-03T17:57:11.314605+04:00 Using '/usr/local/etc/knot/knot.conf'
as default configuration.
2012-09-03T17:57:11.315736+04:00 [warning] Server PID not found,
probably not running.
I believe that is because of using of kill(2) in pid_running(). So I'm
wondering how unprivileged user can send commands to Knot?
Thanks in advance.
--
AP
Hi,
second Release Candidate of Knot DNS 1.1 is out now. We slightly
improved and fixed the user manual, fixed two minor bugs:
- generating journal for IXFR when the zone contains IPSECKEY and APL
records in binary format,
- possible leak on server shutdown with a pending transfer
and fixed the behaviour of slave server using TSIG. It did not sign SOA
queries to master, causing it to fail the zone version check when
talking to Bind with allow-query configured to use TSIG key.
Source files are available here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz
GPG signature:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz.asc
Packages will be updated soon at the usual place on http://www.knot-dns.cz.
Please provide us with any feedback before the final 1.1 release next week.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
we've just released a Release Candidate of Knot DNS 1.1. The new version
brings a lot of enhancements and bugfixes which improve stability and
interoperability of Knot DNS. It also contains a complete User manual
for easier deployment. The manual can be either built from the sources
('make pdf' or 'make html'), or accessed online via Knot DNS website
(http://www.knot-dns.cz).
Here are some highlights of changes in the new version:
- Improved speed of incoming IXFR even more.
- Optimized loading of many zones.
- Option to disable authoritative ANY answers as a mitigation to recent
DDoS reflection attacks.
- Fixed some problems and leaks cased if an IXFR transfer failed (e.g.
because of malformed data).
- Improved malformed packet parsing and handling.
- Fixed answering in some special cases.
We also implemented an option to generate zone differences from zone
reload and using them for IXFR journal. Thus Knot DNS may serve as IXFR
primary master (until now, it needed to obtain the differences by a
transfer from some other master). However, this feature is only
experimental, so use it with care. We do not guarantee that the results
will be always good or that it won't compromise the stability of the server.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0-rc…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc1.tar.gz
GPG signature:
Packages will be available soon on http://www.knot-dns.cz.
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello list,
I found an article
http://blog.nic.cz/2012/07/19/zavazna-vzdalena-zranitelnost-v-dns-serveru-n…
which mentions "list of non-standard DNS queries" for test purposes.
Is it possible to obtain this list and related tools? I looked into latest
Knot sources tarball and I found nothing :-)
I'm developer of BIND 9 plugin and I want to explore and re-use mentioned
tests for configurations with this plugin
(https://fedorahosted.org/bind-dyndb-ldap/).
I'm not a member of knot-dns-users list, please add me to Cc in reply.
Thanks for your time.
--
Petr Spacek
Red Hat Czech
Hi,
I am having difficulties running knot on an dualstack host. I want Knot
to listen on all IPv4 and all IPv6 interfaces. I am using this
interfaces section in config file:
interfaces {
allv4 { address 0.0.0.0; }
allv6 { address [::]; }
}
Using this config, Knot listens only on v4 address and gives an error
binding the v6 address:
2012-07-27T13:21:44.646094+02:00 Binding to interface 0.0.0.0 port 53.
2012-07-27T13:21:44.646197+02:00 [error] Cannot bind to socket (98).
2012-07-27T13:21:44.646233+02:00 [error] Could not bind to TCP interface
:: port 53.
2012-07-27T13:21:44.646240+02:00 Binding to interface :: port 53.
Changing interface order the other way around results in listening on v6
only with same error, yet also v4 connections are accepted, probably due
to IPV6_V6ONLY socket option not being turned on by Knot.
When I tried changing listening port on either line, problem
disappeared. I am using Debian package, version 1.0.6-1~bpo60+1.
Cheers,
Ondřej Caletka
Hello,
I'm new to KNOT and I'm trying to install it on a CentOS 6.3 (Final)
minimal install, I already updated openssl to the newest version and
install all the pre-requirements but when I run make command I get the
following error:
*************************
BINDIR=\"/usr/local/sbin\" -g -O2 -fpredictive-commoning
-I/usr/local/include -mmmx -msse -msse2 -msse3 -MT journal.lo -MD -MP
-MF .deps/journal.Tpo -c knot/server/journal.c -fPIC -DPIC -o
.libs/journal.o
In file included from knot/server/journal.c:26:
./common/crc.h:30:18: error: zlib.h: No such file or directory
In file included from knot/server/journal.c:26:
./common/crc.h: In function 'crc_init':
./common/crc.h:49: warning: implicit declaration of function 'adler32'
make[2]: *** [journal.lo] Error 1
make[2]: Leaving directory `/root/knot-1.0.6/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/knot-1.0.6/src'
make: *** [all-recursive] Error 1
*************************
Can any of you guys help me?
Best regards,
--
Eduardo Duarte
SIT-DNS
DNS.PT - https://www.dns.pt/
FCCN - http://www.fccn.pt/
Sorry, didn't send it to the list before..
L.
-------- Original Message --------
Subject: Re: [knot-dns-users] Fail to serve RFC 2317-ish zone
Date: Wed, 04 Jul 2012 15:12:59 +0200
From: Lubos Slovak <lubos.slovak(a)nic.cz>
To: Koh-ichi Ito <kohi(a)kkdlabs.jp>
Hi there,
thanks for the report! It's true that Knot DNS actually imposes quite
rigid rules to domain names. We will probably change that in future. But
we forgot about the RFC 2317 case, so thanks once more for the notice.
Will add support for / in domain names in the next release - that should
suffice.
Regards,
Lubos
On 07/04/2012 12:48 PM, Koh-ichi Ito wrote:
> Dear team,
>
> I found that Knot DNS v1.0.6(from tarball) fails to serve
> RFC 2317-ish zone, 32/27.2.0.192.in-addr.arpa, in this case.
>
> -----[ knot.conf ]------------------------------------------
> system {
> storage "/proj/knot-dns/var";
> }
> zones {
> 32/27.2.0.192.in-addr.arpa {
> file "/proj/dns/etc/namedb/32_27.2.0.192.in-addr.arpa";
> }
> }
>
> -----[ zone data ]------------------------------------------
> $TTL 1d
> $ORIGIN 32/27.2.0.192.in-addr.arpa
> @ IN SOA ns.example1.jp. hostmaster.example1.jp. (
> 2012070401
> 20m
> 15m
> 4w
> 15m )
> NS ns.example1.jp.
>
> -----[ The result ]-----------------------------------------
> kohi@lars[1]% /usr/bin/sudo /proj/knot-1.0.6/sbin/knotc -c /proj/knot-dns/etc/knot-2317.conf checkzone 32/27.2.0.192.in-addr.arpa
> [sudo] password for kohi:
> 2012-07-04T19:47:33.287327+09:00 [error] Config '/proj/knot-dns/etc/knot-2317.conf' - syntax error on line 5 (current token '32').
> 2012-07-04T19:47:33.287980+09:00 [error] Failed to parse configuration '/proj/knot-dns/etc/knot-2317.conf'.
> kohi@lars[2]%
> ------------------------------------------------------------
>
> Thanks in advance.
>
> Koh-ichi Ito
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
