knot-resolver-users Březen 2026

knot-resolver-users@lists.nic.cz

4 participants
4 discussions

Re: is there a way to force DNS64 synthesis for specific domains that have native AAAA records?

by Vladimír Čunát

On 12/01/2026 00.11, * wrote: > However, I cannot use it in my production environment as this returns > NODATA globally (all views) for security.ubuntu.com. > I have several views not using dns64 for which the AAAA record should > be the existing original answer. While on Lua level it's not ergonomic, tags are supported in these APIs, so you can do a tiny change, e.g.: lua: policy-script: | assert(C.kr_rule_local_data_ins( kres.rrset(kres.str2dname('security.ubuntu.com.'), kres.type.AAAA, nil, C.KR_RULE_TTL_DEFAULT), nil, policy.get_tagset({'myTag'}), C.KR_RULE_OPTS_DEFAULT ) == 0) and then you just need to add myTag to the views where you want to apply this rule (in YAML). You can read more about tags and views in the docs, around page https://www.knot-resolver.cz/documentation/latest/config-policy-new.html

1 měsíc, 3 týdny

Knot Resolver 6.20: persistent SERVFAIL after temporary authority unreachability

by m.maslowski12＠gmail.com

Hi, I reported an issue in Knot Resolver 6.20 that is causing some problems for me. After a short outage of authoritative servers, the resolver returns SERVFAIL + EDE 22 (No Reachable Authority) and keeps this state for a few minutes even after connectivity is restored. Also, after switching to TCP, it does not go back to UDP. You can find the full description and steps to reproduce here: → https://gitlab.nic.cz/knot/knot-resolver/-/issues/949 Has anyone else seen this issue ? Do you have any better workaround than clearing the cache ?

3 měsíce, 1 týden

Checking for updated Root KSK

by Ulrich Wisser

Hi, I am trying to make a small tutorial for different resolvers on how to check that the Root KSK is updated. How can I check that for Knot resolver? Kind regards from sunny Stockholm Ulrich

3 měsíce, 1 týden

log-bogus does not work in 6.2.0 ?

by Jiri Masek

Hi, I am testing new version of knot-resolver - 6.2.0 and it seem that log-bogus option is not working. When I set: logging: level: info dnssec: # Log DNSSEC failures log-bogus: true And issue query to www.dnssec-failed.org it does not log error. On old recursor where I have 6.0.15 it does log: Mar 16 14:37:02 resolver1 kresd[3453]: [dnssec] validation failure: dnssec-failed.org. DNSKEY Is there somethink I missed? Or it is a bug? If I get it, only thing changed should be this (in 6.0.17): /logging/dnssec-bogus -> /dnssec/log-bogus Regards, Jiri Masek

3 měsíce, 2 týdny

2026

2025

2024

2023

2022

2021

2020

2019

2018

knot-resolver-users Březen 2026