Hi,

Could you try enabling https://www.knot-dns.cz/docs/latest/singlehtml/index.html#no-edns ?

Daniel

On 1/30/25 17:01, Артём Палецкий wrote:
> Hello!
>
> I have an issue.
>
> Knot is configured as a secondary server, and when receiving a zone, a "trailing data" error occurs, preventing the zone from being loaded from the primary server.
>
> ```
> Jan 30 11:03:40 hostname knotd[5407]: info: [domain.com <http://domain.com>.] refresh, remote 50788646-db98-4caa-b26e-95b30a470796, address 1.2.3.4@53, failed (trailing data)
> ```
>
> The same warning appears when using the `kdig` utility:
>
> ```bash
> kdig @1.2.3.4 <http://1.2.3.4> domain.com <http://domain.com> AXFR > /tmp/domain.com <http://domain.com>
> ;; WARNING: malformed reply packet (trailing data)
> ;; WARNING: malformed reply packet (trailing data)
> ```
>
> The issue occurs specifically with large zones. If the zone requires 2 messages to be received (e.g., `Received 32720 B (2 messages, 442 records)`), one warning appears. If it requires 3 messages (e.g., `Received 49083 B (3 messages, 878 records)`), two warnings appear.
>
> However, if I place this zone (`/tmp/domain.com <http://domain.com>`) into `/var/lib/knot` and then execute:
>
> ```bash
> knotc reload
> knotc zone-refresh domain.com <http://domain.com>
> ```
>
> Knot successfully loads the zone.
>
> Unfortunately, due to confidentiality, I cannot share the contents of the zone. Additionally, I do not have precise information about the software installed on the primary server. However, if BIND is used as the secondary server, there are no issues. A regular `dig` command also does not return any errors.
>
> Is there any way to make Knot ignore the "trailing data" error and successfully load the zone?
>
> Thank you for your help!
>
> --