Ondrej-san
Thank you for information.
I'm sorry for the previous question.
Again in this case you only have to mask the TLS related Socket file.
Also thank you for teaching the method of the systemd file.
The problem was solved by the method taught.
With my setting, there is only this way.
I'd like to take this as a procedure for the time being.
Thanks.
On 2017/01/19 00:01:05, Ondřej Surý <ondrej.sury@nic.cz> wrote:
Horigome-san,
this is still the same issue as https://gitlab.labs.nic.cz/knot/resolver/issues/115.
kresd in Debian and Ubuntu is socket activated under systemd. If you want to override this, do:
sudo systemctl mask kresd.socket
sudo systemctl mask kresd-control.socket
then create:
/etc/systemd/system/kresd.service
and put something like:
--cut here--
[Unit]
Description=Knot DNS Resolver daemon
Documentation=man:kresd(8)
## This is a socket-activated service:
RefuseManualStart=false
[Service]
Type=notify
WorkingDirectory=/run/knot-resolver/cache
EnvironmentFile=-/etc/default/kresd
ExecStart=/usr/sbin/kresd $KRESD_ARGS
User=root
Restart=on-failure
[Install]
WantedBy=sockets.target
--cut here--
into it.
Then edit /etc/knot-resolver/kresd.conf and add:
user('knot-resolver','knot-resolver')
after any net or net.listen statements, but before any cache.* statements.
Finally issue:
sudo systemctl daemon-reload
sudo systemctl restart kresd
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
> From: "Horigome Yoshihito"
> To: "knot-dns-users"
> Sent: Wednesday, 18 January, 2017 14:29:26
> Subject: Re: [knot-dns-users] Knot Resolver 1.2.0-rc1 (Release Candidate 1) release
> Hello, all
>
> In the environment of Ubuntu 16.04.1, I installed knot resolver from the
> repository, but daemon does not start.
>
> kometch@dns02:~$ sudo systemctl restart kresd.service
> Failed to restart kresd.service: Operation refused, unit kresd.service may be
> requested by dependency only.
> See system logs and 'systemctl status kresd.service' for details.
>
> If you modify the following location in the systemctl file, it will be launched.
>
> kometch@dns02:~$ sudo systemctl cat kresd.service
> # /lib/systemd/system/kresd.service
> [Unit]
> Description=Knot DNS Resolver daemon
> Documentation=man:kresd(8)
> ## This is a socket-activated service:
> RefuseManualStart=true <==false?>
>
> [Service]
> Type=notify
> WorkingDirectory=/run/knot-resolver/cache
> EnvironmentFile=-/etc/default/kresd
> ExecStart=/usr/sbin/kresd $KRESD_ARGS
> User=knot-resolver <==root?>
> Restart=on-failure
>
> [Install]
> WantedBy=sockets.target
>
> There are no messages of particular interest in log.
> In this case how should I do?
>
> Thanks.
>
>
>
>
> On 2017/01/18 02:54:16, Ondřej Surý wrote: Dear Knot
> Resolver users,
>
> CZ.NIC is proud to release a new release candidate of Knot Resolver.
> The team has worked very hard to bring:
>
> - reworked DNSSEC Validation, that fixes several know problems
> with less standard DNS configurations, and it is also a solid
> base for further improvements
> - optional EDNS(0) Padding support for DNS over TLS
> - support for debugging DNSSEC with CD bit
> - DNS over TLS is now able to create ephemeral certs on the runtime
> (Thanks Daniel Kahn Gilmore for contributing to DNS over TLS
> implementation in Knot Resolver.)
> - configurable minimum and maximum TTL (default 6 days)
> - configurable pseudo-random reordering of RR sets
> - new module 'version' that can call home and report new versions
> and security vulnerabilities to the log file
>
> This release also fixes bugs, most notable ones:
>
> - The resolver was setting AD flag when running in a forwarding
> mode. Thanks Stéphane Bortzmeyer for reporting this issue!
> - We now correctly return RCODE=NOTIMPL on meta-queries and
> non IN class queries
> - Fix crash in hints module when hints file was empty
> - Fix non-lowercase hints
>
> We also have a new LRU implementation under the hood.
>
> That's it! Thank you for using Knot Resolver. And if you are
> not using it yet, please give it a try.
>
> Full changelog:
> https://gitlab.labs.nic.cz/knot/resolver/raw/v1.2.0-rc1/NEWS
>
> Sources:
> https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz
>
> GPG signature:
> https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.0-rc1.tar.xz.asc
>
> Documentation:
> http://knot-resolver.readthedocs.io/en/latest/
>
> --
> Ondřej Surý -- Technical Fellow
> --------------------------------------------
> CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
> Milesovska 5, 130 00 Praha 3, Czech Republic
> mailto:ondrej.sury@nic.cz https://nic.cz/
> --------------------------------------------
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users@lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users@lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users