Knot Resolver issueshttps://gitlab.nic.cz/knot/knot-resolver/-/issues2021-11-25T18:34:58+01:00https://gitlab.nic.cz/knot/knot-resolver/-/issues/184test dnstap module2021-11-25T18:34:58+01:00Petr Špačektest dnstap modulehttps://gitlab.nic.cz/knot/knot-resolver/-/issues/183test daf module ("DNS application firewall")2021-11-25T16:42:44+01:00Petr Špačektest daf module ("DNS application firewall")https://gitlab.nic.cz/knot/knot-resolver/-/issues/180OPT record is not sent on validation failures2019-06-25T17:27:09+02:00Petr ŠpačekOPT record is not sent on validation failures`kresd` a36b705aba556b1a20bf7ca0a234a3ae37df60e0 does not reply with OPT record (EDNS) when it is sending SERVFAIL caused by DNSSEC validation failure.
This breaks rules specified in https://tools.ietf.org/html/rfc6840#section-5.6 becau...`kresd` a36b705aba556b1a20bf7ca0a234a3ae37df60e0 does not reply with OPT record (EDNS) when it is sending SERVFAIL caused by DNSSEC validation failure.
This breaks rules specified in https://tools.ietf.org/html/rfc6840#section-5.6 because DO bit must be reflected back to the requestor. Also, it might potentially cause problems with EDNS version negotiation if the failed query is a first request sent by the client to `kresd`.
As far as I can tell `unbound-1.6.0-6.fc25.x86_64` replies with OPT record and DO bit set accordingly even on validation failures.2019 Q1Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/149RRSIG which is not valid yet causes repeated queries to authoritative servers2022-01-26T16:48:59+01:00Petr ŠpačekRRSIG which is not valid yet causes repeated queries to authoritative serversThis behavior can be seen in test `sets/resolver/world_cz_rhybar.rpl` version deckard@0b25a1c090d301355ffe658ceb25155aa8e657ce.
The snippet causing the problem is:
~~~
val-override-date: 20170201163631
rhybar.cz. 18000 IN RRSIG DS 10 2 ...This behavior can be seen in test `sets/resolver/world_cz_rhybar.rpl` version deckard@0b25a1c090d301355ffe658ceb25155aa8e657ce.
The snippet causing the problem is:
~~~
val-override-date: 20170201163631
rhybar.cz. 18000 IN RRSIG DS 10 2 18000 20170214061134 20170201163953 58211 cz. CGwqHhSb6b8JsjztqPeRDKBC/Sp4O0Igc4r53T+SheWdMwgNwvbXiFD6 krt0FGf1QU/JCkH5L5oYHFeaPXljftB2d0JbzLnA+iaI9Jy1aRmUqvTN /PiDVPYI/SRFvCfk2FLMK5LzMfjPjooiSNv9b1zZKJd8cykq8/jgijXy 5Xk=
~~~
I.e. inception time of the RRSIG < current time.
The log looks like this:
~~~
[system] interactive mode
> [ 0][plan] plan 'rhybar.cz.' type 'A'
[47197][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[47197][resl] => using root hints
[17823][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[17823][resl] => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: 'RhyBaR.Cz.' type: 'A' proto: 'udp'
[17823][iter] <= using glue for 'b.ns.nic.cz.': '194.0.13.1'
[17823][iter] <= using glue for 'b.ns.nic.cz.': '2001:678:10::1'
[17823][iter] <= using glue for 'a.ns.nic.cz.': '194.0.12.1'
[17823][iter] <= using glue for 'a.ns.nic.cz.': '2001:678:f::1'
[17823][iter] <= using glue for 'd.ns.nic.cz.': '193.29.206.1'
[17823][iter] <= using glue for 'd.ns.nic.cz.': '2001:678:1::1'
[17823][iter] <= using glue for 'c.ns.nic.cz.': '194.0.14.1'
[17823][iter] <= using glue for 'c.ns.nic.cz.': '2001:678:11::1'
[17823][iter] <= referral response, follow
[17823][resl] <= server: '2001:dc3::35' rtt: 120 ms
[20634][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[20634][resl] => querying: '2001:678:1::1' score: 10 zone cut: 'cz.' m12n: 'rhybaR.CZ.' type: 'A' proto: 'udp'
[20634][iter] <= rcode: NOERROR
[20634][ pc ] => answer cached for TTL=600
[20634][resl] <= server: '2001:678:1::1' rtt: 8 ms
[ 0][resl] finished: 4, queries: 1, mempool: 32800 B
[ 0][plan] plan 'rhybar.cz.' type 'A'
[59360][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[59360][resl] => using root hints
[32239][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[32239][plan] plan '.' type 'DNSKEY'
[36271][iter] '.' type 'DNSKEY' id was assigned, parent id 32239
[36271][resl] => querying: '2001:dc3::35' score: 120 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[36271][iter] <= rcode: NOERROR
[36271][vldr] <= parent: updating DNSKEY
[36271][vldr] <= answer valid, OK
[36271][resl] <= server: '2001:dc3::35' rtt: 1 ms
[13287][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[13287][resl] => querying: '2001:dc3::35' score: 65 zone cut: '.' m12n: 'rHybAr.Cz.' type: 'A' proto: 'udp'
[13287][iter] <= using glue for 'b.ns.nic.cz.': '194.0.13.1'
[13287][iter] <= using glue for 'b.ns.nic.cz.': '2001:678:10::1'
[13287][iter] <= using glue for 'a.ns.nic.cz.': '194.0.12.1'
[13287][iter] <= using glue for 'a.ns.nic.cz.': '2001:678:f::1'
[13287][iter] <= using glue for 'd.ns.nic.cz.': '193.29.206.1'
[13287][iter] <= using glue for 'd.ns.nic.cz.': '2001:678:1::1'
[13287][iter] <= using glue for 'c.ns.nic.cz.': '194.0.14.1'
[13287][iter] <= using glue for 'c.ns.nic.cz.': '2001:678:11::1'
[13287][iter] <= referral response, follow
[13287][vldr] <= DS: OK
[13287][vldr] <= answer valid, OK
[13287][resl] <= server: '2001:dc3::35' rtt: 4 ms
[ 3864][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[ 3864][plan] plan 'cz.' type 'DNSKEY'
[33358][iter] 'cz.' type 'DNSKEY' id was assigned, parent id 3864
[33358][resl] => querying: '2001:678:11::1' score: 10 zone cut: 'cz.' m12n: 'Cz.' type: 'DNSKEY' proto: 'udp'
[33358][iter] <= rcode: NOERROR
[33358][vldr] <= parent: updating DNSKEY
[33358][vldr] <= answer valid, OK
[33358][resl] <= server: '2001:678:11::1' rtt: 1 ms
[ 2393][iter] 'rhybar.cz.' type 'A' id was assigned, parent id 0
[ 2393][resl] => querying: '2001:678:10::1' score: 10 zone cut: 'cz.' m12n: 'rHyBAR.cz.' type: 'A' proto: 'udp'
[ 2393][iter] <= rcode: NOERROR
[ 2393][vldr] >< cut changed, needs revalidation
[ 2393][resl] <= server: '2001:678:10::1' rtt: 2 ms
[ 2393][plan] plan 'rhybar.cz.' type 'DS'
[50926][iter] 'rhybar.cz.' type 'DS' id was assigned, parent id 2393
[50926][resl] => querying: '2001:678:f::1' score: 10 zone cut: 'cz.' m12n: 'RhybAR.CZ.' type: 'DS' proto: 'udp'
[50926][iter] <= rcode: NOERROR
[50926][vldr] >< no RRSIGs found
[50926][plan] plan 'rhybar.cz.' type 'RRSIG'
[50926][resl] <= server: '2001:678:f::1' rtt: 1 ms
[55962][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[55962][resl] => querying: '2001:678:1::1' score: 11 zone cut: 'cz.' m12n: 'rHyBAr.CZ.' type: 'RRSIG' proto: 'udp'
[55962][iter] <= rcode: SERVFAIL
[55962][resl] <= server: '2001:678:1::1' rtt: 0 ms
[29630][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[29630][resl] => querying: '193.29.206.1' score: 10 zone cut: 'cz.' m12n: 'RHYBAR.CZ.' type: 'RRSIG' proto: 'udp'
[29630][iter] <= rcode: SERVFAIL
[29630][resl] <= server: '193.29.206.1' rtt: 0 ms
[64954][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[64954][resl] => querying: '2001:678:11::1' score: 11 zone cut: 'cz.' m12n: 'rHYBAR.Cz.' type: 'RRSIG' proto: 'udp'
[64954][iter] <= rcode: SERVFAIL
[64954][resl] <= server: '2001:678:11::1' rtt: 0 ms
[56185][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[56185][resl] => querying: '194.0.14.1' score: 10 zone cut: 'cz.' m12n: 'rhYbAR.CZ.' type: 'RRSIG' proto: 'udp'
[56185][iter] <= rcode: SERVFAIL
[56185][resl] => server: '194.0.14.1' flagged as 'bad'
[61332][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[61332][resl] => querying: '2001:678:11::1' score: 111 zone cut: 'cz.' m12n: 'rHYBar.cZ.' type: 'RRSIG' proto: 'udp'
[61332][iter] <= rcode: SERVFAIL
[61332][resl] <= server: '2001:678:11::1' rtt: 0 ms
[34917][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[34917][resl] => querying: '2001:678:10::1' score: 11 zone cut: 'cz.' m12n: 'RHYBAR.cZ.' type: 'RRSIG' proto: 'udp'
[34917][iter] <= rcode: SERVFAIL
[34917][resl] <= server: '2001:678:10::1' rtt: 0 ms
[58600][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[58600][resl] => querying: '2001:678:11::1' score: 161 zone cut: 'cz.' m12n: 'RHYbaR.Cz.' type: 'RRSIG' proto: 'udp'
[58600][iter] <= rcode: SERVFAIL
[58600][resl] <= server: '2001:678:11::1' rtt: 0 ms
[ 9072][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 9072][resl] => querying: '194.0.13.1' score: 10 zone cut: 'cz.' m12n: 'RHyBAR.Cz.' type: 'RRSIG' proto: 'udp'
[ 9072][iter] <= rcode: SERVFAIL
[ 9072][resl] => server: '194.0.13.1' flagged as 'bad'
[19862][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[19862][resl] => querying: '2001:678:f::1' score: 11 zone cut: 'cz.' m12n: 'RhyBAr.CZ.' type: 'RRSIG' proto: 'udp'
[19862][iter] <= rcode: SERVFAIL
[19862][resl] <= server: '2001:678:f::1' rtt: 0 ms
[61142][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[61142][resl] => querying: '2001:678:11::1' score: 186 zone cut: 'cz.' m12n: 'RhYbaR.CZ.' type: 'RRSIG' proto: 'udp'
[61142][iter] <= rcode: SERVFAIL
[61142][resl] <= server: '2001:678:11::1' rtt: 1 ms
[ 7135][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 7135][resl] => querying: '194.0.12.1' score: 10 zone cut: 'cz.' m12n: 'RHYBAR.cZ.' type: 'RRSIG' proto: 'udp'
[ 7135][iter] <= rcode: SERVFAIL
[ 7135][resl] <= server: '194.0.12.1' rtt: 2 ms
[63972][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[63972][resl] => querying: '2001:678:1::1' score: 111 zone cut: 'cz.' m12n: 'RHyBAR.CZ.' type: 'RRSIG' proto: 'udp'
[63972][iter] <= rcode: SERVFAIL
[63972][resl] => server: '2001:678:1::1' flagged as 'bad'
[ 3009][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 3009][resl] => querying: '2001:678:11::1' score: 198 zone cut: 'cz.' m12n: 'rhybAR.Cz.' type: 'RRSIG' proto: 'udp'
[ 3009][iter] <= rcode: SERVFAIL
[ 3009][resl] <= server: '2001:678:11::1' rtt: 1 ms
[54605][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[54605][resl] => querying: '193.29.206.1' score: 111 zone cut: 'cz.' m12n: 'rhYBar.cZ.' type: 'RRSIG' proto: 'udp'
[54605][iter] <= rcode: SERVFAIL
[54605][resl] <= server: '193.29.206.1' rtt: 0 ms
[30581][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[30581][resl] => querying: '2001:678:10::1' score: 111 zone cut: 'cz.' m12n: 'RHYBAr.Cz.' type: 'RRSIG' proto: 'udp'
[30581][iter] <= rcode: SERVFAIL
[30581][resl] <= server: '2001:678:10::1' rtt: 0 ms
[65398][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[65398][resl] => querying: '2001:678:10::1' score: 161 zone cut: 'cz.' m12n: 'rhyBAR.CZ.' type: 'RRSIG' proto: 'udp'
[65398][iter] <= rcode: SERVFAIL
[65398][resl] => server: '2001:678:10::1' flagged as 'bad'
[49369][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[49369][resl] => querying: '2001:678:f::1' score: 111 zone cut: 'cz.' m12n: 'RHybAr.Cz.' type: 'RRSIG' proto: 'udp'
[49369][iter] <= rcode: SERVFAIL
[49369][resl] <= server: '2001:678:f::1' rtt: 0 ms
[31469][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[31469][resl] => querying: '194.0.12.1' score: 111 zone cut: 'cz.' m12n: 'RhybAr.Cz.' type: 'RRSIG' proto: 'udp'
[31469][iter] <= rcode: SERVFAIL
[31469][resl] <= server: '194.0.12.1' rtt: 0 ms
[39202][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[39202][resl] => querying: '193.29.206.1' score: 161 zone cut: 'cz.' m12n: 'rHYbar.Cz.' type: 'RRSIG' proto: 'udp'
[39202][iter] <= rcode: SERVFAIL
[39202][resl] <= server: '193.29.206.1' rtt: 0 ms
[ 797][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 797][resl] => querying: '2001:678:f::1' score: 161 zone cut: 'cz.' m12n: 'RhYbar.CZ.' type: 'RRSIG' proto: 'udp'
[ 797][iter] <= rcode: SERVFAIL
[ 797][resl] => server: '2001:678:f::1' flagged as 'bad'
[18355][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[18355][resl] => querying: '194.0.12.1' score: 161 zone cut: 'cz.' m12n: 'RHYBar.Cz.' type: 'RRSIG' proto: 'udp'
[18355][iter] <= rcode: SERVFAIL
[18355][resl] <= server: '194.0.12.1' rtt: 0 ms
[57235][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[57235][resl] => querying: '193.29.206.1' score: 186 zone cut: 'cz.' m12n: 'rHYbAR.Cz.' type: 'RRSIG' proto: 'udp'
[57235][iter] <= rcode: SERVFAIL
[57235][resl] <= server: '193.29.206.1' rtt: 0 ms
[21285][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[21285][resl] => querying: '194.0.12.1' score: 186 zone cut: 'cz.' m12n: 'rHYbar.Cz.' type: 'RRSIG' proto: 'udp'
[21285][iter] <= rcode: SERVFAIL
[21285][resl] <= server: '194.0.12.1' rtt: 0 ms
[57096][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[57096][resl] => querying: '193.29.206.1' score: 198 zone cut: 'cz.' m12n: 'rHYbaR.cZ.' type: 'RRSIG' proto: 'udp'
[57096][iter] <= rcode: SERVFAIL
[57096][resl] => server: '193.29.206.1' flagged as 'bad'
[41167][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[41167][resl] => querying: '194.0.12.1' score: 198 zone cut: 'cz.' m12n: 'rhYBaR.cZ.' type: 'RRSIG' proto: 'udp'
[41167][iter] <= rcode: SERVFAIL
[41167][resl] <= server: '194.0.12.1' rtt: 0 ms
[25510][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[25510][resl] => querying: '2001:678:11::1' score: 204 zone cut: 'cz.' m12n: 'RHYbaR.CZ.' type: 'RRSIG' proto: 'udp'
[25510][iter] <= rcode: SERVFAIL
[25510][resl] <= server: '2001:678:11::1' rtt: 0 ms
[ 2294][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 2294][resl] => querying: '194.0.12.1' score: 204 zone cut: 'cz.' m12n: 'RHYbar.cZ.' type: 'RRSIG' proto: 'udp'
[ 2294][iter] <= rcode: SERVFAIL
[ 2294][resl] <= server: '194.0.12.1' rtt: 0 ms
[14118][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[14118][resl] => querying: '2001:678:11::1' score: 207 zone cut: 'cz.' m12n: 'RhybaR.cz.' type: 'RRSIG' proto: 'udp'
[14118][iter] <= rcode: SERVFAIL
[14118][resl] => server: '2001:678:11::1' flagged as 'bad'
[61824][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[61824][resl] => querying: '194.0.12.1' score: 207 zone cut: 'cz.' m12n: 'RHybar.CZ.' type: 'RRSIG' proto: 'udp'
[61824][iter] <= rcode: SERVFAIL
[61824][resl] <= server: '194.0.12.1' rtt: 0 ms
[44971][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[44971][resl] => querying: '194.0.12.1' score: 209 zone cut: 'cz.' m12n: 'rhYBAr.CZ.' type: 'RRSIG' proto: 'udp'
[44971][iter] <= rcode: SERVFAIL
[44971][resl] <= server: '194.0.12.1' rtt: 0 ms
[44587][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[44587][resl] => querying: '194.0.12.1' score: 210 zone cut: 'cz.' m12n: 'rHybaR.Cz.' type: 'RRSIG' proto: 'udp'
[44587][iter] <= rcode: SERVFAIL
[44587][resl] <= server: '194.0.12.1' rtt: 0 ms
[58970][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[58970][resl] => querying: '194.0.12.1' score: 210 zone cut: 'cz.' m12n: 'rHYbAR.cZ.' type: 'RRSIG' proto: 'udp'
[58970][iter] <= rcode: SERVFAIL
[58970][resl] => server: '194.0.12.1' flagged as 'bad'
[54018][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[54018][resl] => no valid NS left
[50926][resl] => resuming yielded answer
[50926][vldr] >< no RRSIGs found
[50926][plan] plan 'rhybar.cz.' type 'RRSIG'
[22397][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[22397][resl] => querying: '2001:678:1::1' score: 2850 zone cut: 'cz.' m12n: 'RhyBar.cz.' type: 'RRSIG' proto: 'udp'
[22397][iter] <= rcode: SERVFAIL
[22397][resl] <= server: '2001:678:1::1' rtt: 0 ms
[14742][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[14742][resl] => querying: '2001:678:1::1' score: 1530 zone cut: 'cz.' m12n: 'rhYBar.CZ.' type: 'RRSIG' proto: 'udp'
[14742][iter] <= rcode: SERVFAIL
[14742][resl] <= server: '2001:678:1::1' rtt: 0 ms
[ 7717][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 7717][resl] => querying: '2001:678:1::1' score: 870 zone cut: 'cz.' m12n: 'RHYbaR.Cz.' type: 'RRSIG' proto: 'udp'
[ 7717][iter] <= rcode: SERVFAIL
[ 7717][resl] <= server: '2001:678:1::1' rtt: 0 ms
[33888][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[33888][resl] => querying: '2001:678:1::1' score: 540 zone cut: 'cz.' m12n: 'RhYbAR.Cz.' type: 'RRSIG' proto: 'udp'
[33888][iter] <= rcode: SERVFAIL
[33888][resl] => server: '2001:678:1::1' flagged as 'bad'
[29686][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[29686][resl] => querying: '193.29.206.1' score: 2850 zone cut: 'cz.' m12n: 'rHyBaR.Cz.' type: 'RRSIG' proto: 'udp'
[29686][iter] <= rcode: SERVFAIL
[29686][resl] <= server: '193.29.206.1' rtt: 0 ms
[ 1054][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 1054][resl] => querying: '193.29.206.1' score: 1530 zone cut: 'cz.' m12n: 'rHYbar.CZ.' type: 'RRSIG' proto: 'udp'
[ 1054][iter] <= rcode: SERVFAIL
[ 1054][resl] <= server: '193.29.206.1' rtt: 0 ms
[46440][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[46440][resl] => querying: '193.29.206.1' score: 870 zone cut: 'cz.' m12n: 'rhYbAR.cZ.' type: 'RRSIG' proto: 'udp'
[46440][iter] <= rcode: SERVFAIL
[46440][resl] <= server: '193.29.206.1' rtt: 1 ms
[13696][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[13696][resl] => querying: '193.29.206.1' score: 540 zone cut: 'cz.' m12n: 'rhYBaR.cz.' type: 'RRSIG' proto: 'udp'
[13696][iter] <= rcode: SERVFAIL
[13696][resl] => server: '193.29.206.1' flagged as 'bad'
[35270][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[35270][resl] => querying: '2001:678:11::1' score: 2850 zone cut: 'cz.' m12n: 'RhybAr.Cz.' type: 'RRSIG' proto: 'udp'
[35270][iter] <= rcode: SERVFAIL
[35270][resl] <= server: '2001:678:11::1' rtt: 2 ms
[55121][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[55121][resl] => querying: '2001:678:11::1' score: 1530 zone cut: 'cz.' m12n: 'RhyBar.cZ.' type: 'RRSIG' proto: 'udp'
[55121][iter] <= rcode: SERVFAIL
[55121][resl] <= server: '2001:678:11::1' rtt: 1 ms
[64339][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[64339][resl] => querying: '2001:678:11::1' score: 870 zone cut: 'cz.' m12n: 'rhYBaR.cz.' type: 'RRSIG' proto: 'udp'
[64339][iter] <= rcode: SERVFAIL
[64339][resl] <= server: '2001:678:11::1' rtt: 1 ms
[ 1399][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 1399][resl] => querying: '2001:678:11::1' score: 540 zone cut: 'cz.' m12n: 'RHyBaR.CZ.' type: 'RRSIG' proto: 'udp'
[ 1399][iter] <= rcode: SERVFAIL
[ 1399][resl] => server: '2001:678:11::1' flagged as 'bad'
[58393][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[58393][resl] => querying: '194.0.14.1' score: 2850 zone cut: 'cz.' m12n: 'RHYBaR.CZ.' type: 'RRSIG' proto: 'udp'
[58393][iter] <= rcode: SERVFAIL
[58393][resl] <= server: '194.0.14.1' rtt: 0 ms
[ 2155][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 2155][resl] => querying: '194.0.14.1' score: 1530 zone cut: 'cz.' m12n: 'RHYBaR.cz.' type: 'RRSIG' proto: 'udp'
[ 2155][iter] <= rcode: SERVFAIL
[ 2155][resl] <= server: '194.0.14.1' rtt: 0 ms
[ 9269][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 9269][resl] => querying: '194.0.14.1' score: 870 zone cut: 'cz.' m12n: 'rhYBar.CZ.' type: 'RRSIG' proto: 'udp'
[ 9269][iter] <= rcode: SERVFAIL
[ 9269][resl] <= server: '194.0.14.1' rtt: 0 ms
[58896][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[58896][resl] => querying: '194.0.14.1' score: 540 zone cut: 'cz.' m12n: 'rhyBAR.cz.' type: 'RRSIG' proto: 'udp'
[58896][iter] <= rcode: SERVFAIL
[58896][resl] => server: '194.0.14.1' flagged as 'bad'
[17007][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[17007][resl] => querying: '2001:678:10::1' score: 2850 zone cut: 'cz.' m12n: 'rhyBAr.cz.' type: 'RRSIG' proto: 'udp'
[17007][iter] <= rcode: SERVFAIL
[17007][resl] <= server: '2001:678:10::1' rtt: 1 ms
[32824][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[32824][resl] => querying: '2001:678:10::1' score: 1530 zone cut: 'cz.' m12n: 'rhYbar.cZ.' type: 'RRSIG' proto: 'udp'
[32824][iter] <= rcode: SERVFAIL
[32824][resl] <= server: '2001:678:10::1' rtt: 1 ms
[ 9351][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[ 9351][resl] => querying: '2001:678:10::1' score: 870 zone cut: 'cz.' m12n: 'RHYBar.CZ.' type: 'RRSIG' proto: 'udp'
[ 9351][iter] <= rcode: SERVFAIL
[ 9351][resl] <= server: '2001:678:10::1' rtt: 1 ms
[40368][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[40368][resl] => querying: '2001:678:10::1' score: 540 zone cut: 'cz.' m12n: 'RhYBAr.cZ.' type: 'RRSIG' proto: 'udp'
[40368][iter] <= rcode: SERVFAIL
[40368][resl] => server: '2001:678:10::1' flagged as 'bad'
[63445][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[63445][resl] => querying: '194.0.13.1' score: 2850 zone cut: 'cz.' m12n: 'rhYBAR.cz.' type: 'RRSIG' proto: 'udp'
[63445][iter] <= rcode: SERVFAIL
[63445][resl] <= server: '194.0.13.1' rtt: 0 ms
[46542][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[46542][resl] => querying: '194.0.13.1' score: 1530 zone cut: 'cz.' m12n: 'rhYBAR.CZ.' type: 'RRSIG' proto: 'udp'
[46542][iter] <= rcode: SERVFAIL
[46542][resl] <= server: '194.0.13.1' rtt: 0 ms
[37841][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[37841][resl] => querying: '194.0.13.1' score: 870 zone cut: 'cz.' m12n: 'RHyBAr.cZ.' type: 'RRSIG' proto: 'udp'
[37841][iter] <= rcode: SERVFAIL
[37841][resl] <= server: '194.0.13.1' rtt: 0 ms
[52508][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[52508][resl] => querying: '194.0.13.1' score: 540 zone cut: 'cz.' m12n: 'RHYBAr.cz.' type: 'RRSIG' proto: 'udp'
[52508][iter] <= rcode: SERVFAIL
[52508][resl] => server: '194.0.13.1' flagged as 'bad'
[52048][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[52048][resl] => querying: '2001:678:f::1' score: 2850 zone cut: 'cz.' m12n: 'rHyBAr.cz.' type: 'RRSIG' proto: 'udp'
[52048][iter] <= rcode: SERVFAIL
[52048][resl] <= server: '2001:678:f::1' rtt: 1 ms
[46719][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[46719][resl] => querying: '2001:678:f::1' score: 1530 zone cut: 'cz.' m12n: 'rHybAR.cZ.' type: 'RRSIG' proto: 'udp'
[46719][iter] <= rcode: SERVFAIL
[46719][resl] <= server: '2001:678:f::1' rtt: 1 ms
[48235][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[48235][resl] => querying: '2001:678:f::1' score: 870 zone cut: 'cz.' m12n: 'RhYbAR.CZ.' type: 'RRSIG' proto: 'udp'
[48235][iter] <= rcode: SERVFAIL
[48235][resl] <= server: '2001:678:f::1' rtt: 1 ms
[12078][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[12078][resl] => querying: '2001:678:f::1' score: 540 zone cut: 'cz.' m12n: 'rhYBar.cz.' type: 'RRSIG' proto: 'udp'
[12078][iter] <= rcode: SERVFAIL
[12078][resl] => server: '2001:678:f::1' flagged as 'bad'
[35022][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[35022][resl] => querying: '194.0.12.1' score: 2850 zone cut: 'cz.' m12n: 'rhyBAR.cz.' type: 'RRSIG' proto: 'udp'
[35022][iter] <= rcode: SERVFAIL
[35022][resl] <= server: '194.0.12.1' rtt: 0 ms
[62994][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[62994][resl] => querying: '194.0.12.1' score: 1530 zone cut: 'cz.' m12n: 'RhybaR.cz.' type: 'RRSIG' proto: 'udp'
[62994][iter] <= rcode: SERVFAIL
[62994][resl] <= server: '194.0.12.1' rtt: 0 ms
[20803][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[20803][resl] => querying: '194.0.12.1' score: 870 zone cut: 'cz.' m12n: 'rhYbAR.cz.' type: 'RRSIG' proto: 'udp'
[20803][iter] <= rcode: SERVFAIL
[20803][resl] <= server: '194.0.12.1' rtt: 1 ms
[15772][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[15772][resl] => querying: '194.0.12.1' score: 540 zone cut: 'cz.' m12n: 'rHYBAR.cz.' type: 'RRSIG' proto: 'udp'
[15772][iter] <= rcode: SERVFAIL
[15772][resl] => server: '194.0.12.1' flagged as 'bad'
[10068][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 50926
[10068][resl] => no valid NS left
[33517][iter] 'rhybar.cz.' type 'DS' id was assigned, parent id 2393
[33517][resl] => querying: '2001:678:1::1' score: 2850 zone cut: 'cz.' m12n: 'RhyBAr.Cz.' type: 'DS' proto: 'udp'
[33517][resl] <= server: '2001:678:1::1' rtt: 3 ms
[ 2393][plan] plan 'rhybar.cz.' type 'DS'
[35505][iter] 'rhybar.cz.' type 'DS' id was assigned, parent id 2393
[35505][resl] => querying: '2001:678:1::1' score: 1430 zone cut: 'cz.' m12n: 'rhyBar.Cz.' type: 'DS' proto: 'udp'
[35505][iter] <= rcode: NOERROR
[35505][vldr] >< no RRSIGs found
[35505][plan] plan 'rhybar.cz.' type 'RRSIG'
[35505][resl] <= server: '2001:678:1::1' rtt: 3 ms
[35330][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[35330][resl] => querying: '2001:678:1::1' score: 720 zone cut: 'cz.' m12n: 'RhyBAR.cZ.' type: 'RRSIG' proto: 'udp'
[35330][iter] <= rcode: SERVFAIL
[35330][resl] <= server: '2001:678:1::1' rtt: 1 ms
[24098][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[24098][resl] => querying: '2001:678:1::1' score: 465 zone cut: 'cz.' m12n: 'RHybAR.CZ.' type: 'RRSIG' proto: 'udp'
[24098][iter] <= rcode: SERVFAIL
[24098][resl] <= server: '2001:678:1::1' rtt: 1 ms
[35423][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[35423][resl] => querying: '2001:678:1::1' score: 338 zone cut: 'cz.' m12n: 'rhybar.CZ.' type: 'RRSIG' proto: 'udp'
[35423][iter] <= rcode: SERVFAIL
[35423][resl] <= server: '2001:678:1::1' rtt: 1 ms
[11771][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[11771][resl] => querying: '2001:678:1::1' score: 274 zone cut: 'cz.' m12n: 'rhyBaR.cZ.' type: 'RRSIG' proto: 'udp'
[11771][iter] <= rcode: SERVFAIL
[11771][resl] => server: '2001:678:1::1' flagged as 'bad'
[15810][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[15810][resl] => querying: '193.29.206.1' score: 2850 zone cut: 'cz.' m12n: 'rhYbAr.cz.' type: 'RRSIG' proto: 'udp'
[15810][iter] <= rcode: SERVFAIL
[15810][resl] <= server: '193.29.206.1' rtt: 1 ms
[49853][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[49853][resl] => querying: '193.29.206.1' score: 1530 zone cut: 'cz.' m12n: 'rhybaR.cz.' type: 'RRSIG' proto: 'udp'
[49853][iter] <= rcode: SERVFAIL
[49853][resl] <= server: '193.29.206.1' rtt: 1 ms
[24189][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[24189][resl] => querying: '193.29.206.1' score: 870 zone cut: 'cz.' m12n: 'RHYBAR.cZ.' type: 'RRSIG' proto: 'udp'
[24189][iter] <= rcode: SERVFAIL
[24189][resl] <= server: '193.29.206.1' rtt: 1 ms
[57228][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[57228][resl] => querying: '193.29.206.1' score: 540 zone cut: 'cz.' m12n: 'rhyBAr.cZ.' type: 'RRSIG' proto: 'udp'
[57228][iter] <= rcode: SERVFAIL
[57228][resl] => server: '193.29.206.1' flagged as 'bad'
[23175][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[23175][resl] => querying: '2001:678:11::1' score: 2850 zone cut: 'cz.' m12n: 'rhybaR.Cz.' type: 'RRSIG' proto: 'udp'
[23175][iter] <= rcode: SERVFAIL
[23175][resl] <= server: '2001:678:11::1' rtt: 1 ms
[61373][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[61373][resl] => querying: '2001:678:11::1' score: 1530 zone cut: 'cz.' m12n: 'rhybAr.cZ.' type: 'RRSIG' proto: 'udp'
[61373][iter] <= rcode: SERVFAIL
[61373][resl] <= server: '2001:678:11::1' rtt: 1 ms
[21023][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[21023][resl] => querying: '2001:678:11::1' score: 870 zone cut: 'cz.' m12n: 'RHybar.cz.' type: 'RRSIG' proto: 'udp'
[21023][iter] <= rcode: SERVFAIL
[21023][resl] <= server: '2001:678:11::1' rtt: 1 ms
[31568][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[31568][resl] => querying: '2001:678:11::1' score: 540 zone cut: 'cz.' m12n: 'rhyBAr.Cz.' type: 'RRSIG' proto: 'udp'
[31568][iter] <= rcode: SERVFAIL
[31568][resl] => server: '2001:678:11::1' flagged as 'bad'
[28128][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[28128][resl] => querying: '194.0.14.1' score: 2850 zone cut: 'cz.' m12n: 'RHYBAR.CZ.' type: 'RRSIG' proto: 'udp'
[28128][iter] <= rcode: SERVFAIL
[28128][resl] <= server: '194.0.14.1' rtt: 1 ms
[ 4056][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[ 4056][resl] => querying: '194.0.14.1' score: 1530 zone cut: 'cz.' m12n: 'rHYbaR.Cz.' type: 'RRSIG' proto: 'udp'
[ 4056][iter] <= rcode: SERVFAIL
[ 4056][resl] <= server: '194.0.14.1' rtt: 1 ms
[16486][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[16486][resl] => querying: '194.0.14.1' score: 870 zone cut: 'cz.' m12n: 'RHybAr.Cz.' type: 'RRSIG' proto: 'udp'
[16486][iter] <= rcode: SERVFAIL
[16486][resl] <= server: '194.0.14.1' rtt: 1 ms
[21693][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[21693][resl] => querying: '194.0.14.1' score: 540 zone cut: 'cz.' m12n: 'RHyBAR.cZ.' type: 'RRSIG' proto: 'udp'
[21693][iter] <= rcode: SERVFAIL
[21693][resl] => server: '194.0.14.1' flagged as 'bad'
[ 295][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[ 295][resl] => querying: '2001:678:10::1' score: 2850 zone cut: 'cz.' m12n: 'rhyBAr.Cz.' type: 'RRSIG' proto: 'udp'
[ 295][iter] <= rcode: SERVFAIL
[ 295][resl] <= server: '2001:678:10::1' rtt: 1 ms
[ 3172][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[ 3172][resl] => querying: '2001:678:10::1' score: 1530 zone cut: 'cz.' m12n: 'RHYBar.Cz.' type: 'RRSIG' proto: 'udp'
[ 3172][iter] <= rcode: SERVFAIL
[ 3172][resl] <= server: '2001:678:10::1' rtt: 1 ms
[37768][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[37768][resl] => querying: '2001:678:10::1' score: 870 zone cut: 'cz.' m12n: 'rhYbar.cz.' type: 'RRSIG' proto: 'udp'
[37768][iter] <= rcode: SERVFAIL
[37768][resl] <= server: '2001:678:10::1' rtt: 1 ms
[50310][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[50310][resl] => querying: '2001:678:10::1' score: 540 zone cut: 'cz.' m12n: 'rhYbAr.cZ.' type: 'RRSIG' proto: 'udp'
[50310][iter] <= rcode: SERVFAIL
[50310][resl] => server: '2001:678:10::1' flagged as 'bad'
[62561][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[62561][resl] => querying: '194.0.13.1' score: 2850 zone cut: 'cz.' m12n: 'rhYbAr.cz.' type: 'RRSIG' proto: 'udp'
[62561][iter] <= rcode: SERVFAIL
[62561][resl] <= server: '194.0.13.1' rtt: 2 ms
[24185][iter] 'rhybar.cz.' type 'RRSIG' id was assigned, parent id 35505
[ 0][resl] finished: 8, queries: 5, mempool: 65600 B
~~~
Please note line
~~~
=> querying: '2001:678:11::1' score: 186 zone cut: 'cz.' m12n: 'RhYbaR.CZ.' type: 'RRSIG' proto: 'udp'
~~~
which repeats several times for each authoritative server.
Affected kresd version: 1.2.1, c664f0075a4cb62af84b122eaf53a82d520e7299https://gitlab.nic.cz/knot/knot-resolver/-/issues/135handle NS cycles better2018-12-21T13:36:37+01:00Vladimír Čunátvladimir.cunat@nic.czhandle NS cycles betterTheir DNS isn't perfect, but we should still handle it better.
```
[11379][ pc ] => satisfied from cache
[11379][iter] <= rcode: NOERROR
[31443][iter] 'etisalatdata.net.' type 'A' id was assigned, parent id 0
[31443][plan] pl...Their DNS isn't perfect, but we should still handle it better.
```
[11379][ pc ] => satisfied from cache
[11379][iter] <= rcode: NOERROR
[31443][iter] 'etisalatdata.net.' type 'A' id was assigned, parent id 0
[31443][plan] plan 'ns2.nile-online.net.' type 'A'
[ 4790][iter] 'ns2.nile-online.net.' type 'A' id was assigned, parent id 31443
[33237][iter] 'ns2.nile-online.net.' type 'A' id was assigned, parent id 31443
[33237][plan] plan 'ns2.etisalatdata.net.' type 'AAAA'
[62268][iter] 'ns2.etisalatdata.net.' type 'AAAA' id was assigned, parent id 33237
[62268][ pc ] => satisfied from cache
[62268][iter] <= rcode: NOERROR
[14782][iter] 'ns2.nile-online.net.' type 'A' id was assigned, parent id 31443
[14782][plan] plan 'ns2.etisalatdata.net.' type 'A'
[56688][iter] 'ns2.etisalatdata.net.' type 'A' id was assigned, parent id 14782
[46579][iter] 'ns2.etisalatdata.net.' type 'A' id was assigned, parent id 14782
[46579][plan] plan 'ns1.nile-online.net.' type 'AAAA'
[50812][iter] 'ns1.nile-online.net.' type 'AAAA' id was assigned, parent id 46579
[58454][iter] 'ns1.nile-online.net.' type 'AAAA' id was assigned, parent id 46579
[58454][plan] plan 'ns2.etisalatdata.net.' type 'AAAA'
[....]
```
```
$ kdig @k.gtld-servers.net. NS etisalatdata.net
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 27195
;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 2; ADDITIONAL: 2
;; QUESTION SECTION:
;; etisalatdata.net. IN NS
;; AUTHORITY SECTION:
etisalatdata.net. 172800 IN NS ns1.nile-online.net.
etisalatdata.net. 172800 IN NS ns2.nile-online.net.
;; ADDITIONAL SECTION:
ns1.nile-online.net. 172800 IN A 62.140.73.1
ns2.nile-online.net. 172800 IN A 62.140.73.2
;; Received 114 B
;; Time 2017-01-23 18:05:47 CET
;; From 192.52.178.30@53(UDP) in 303.4 ms
```
```
$ kdig @k.gtld-servers.net. NS nile-online.net
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 2544
;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 2; ADDITIONAL: 2
;; QUESTION SECTION:
;; nile-online.net. IN NS
;; AUTHORITY SECTION:
nile-online.net. 172800 IN NS ns1.etisalatdata.net.
nile-online.net. 172800 IN NS ns2.etisalatdata.net.
;; ADDITIONAL SECTION:
ns1.etisalatdata.net. 172800 IN A 62.140.73.1
ns2.etisalatdata.net. 172800 IN A 62.140.73.2
;; Received 114 B
;; Time 2017-01-23 18:18:16 CET
;; From 192.52.178.30@53(UDP) in 303.1 ms
```
... which basically creates a cycle when trying to resolve the authoritative data for NS.
```
$ kdig @ns1.nile-online.net. NS etisalatdata.net
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 64588
;; Flags: qr aa rd; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 2
;; QUESTION SECTION:
;; etisalatdata.net. IN NS
;; ANSWER SECTION:
etisalatdata.net. 86400 IN NS ns1.etisalatdata.net.
etisalatdata.net. 86400 IN NS ns2.etisalatdata.net.
;; ADDITIONAL SECTION:
ns1.etisalatdata.net. 86400 IN A 62.140.73.1
ns2.etisalatdata.net. 86400 IN A 62.140.73.2
;; Received 102 B
;; Time 2017-01-23 18:06:08 CET
;; From 62.140.73.1@53(UDP) in 96.6 ms
```
```
$ kdig @ns1.etisalatdata.net. NS etisalatdata.net
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 23335
;; Flags: qr aa rd; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 2
;; QUESTION SECTION:
;; etisalatdata.net. IN NS
;; ANSWER SECTION:
etisalatdata.net. 86400 IN NS ns2.etisalatdata.net.
etisalatdata.net. 86400 IN NS ns1.etisalatdata.net.
;; ADDITIONAL SECTION:
ns1.etisalatdata.net. 86400 IN A 62.140.73.1
ns2.etisalatdata.net. 86400 IN A 62.140.73.2
;; Received 102 B
;; Time 2017-01-23 18:09:18 CET
;; From 62.140.73.1@53(UDP) in 96.9 ms
```2018 Q3https://gitlab.nic.cz/knot/knot-resolver/-/issues/769failure to start the manager2023-07-04T12:35:27+02:00Vaclav Sraierfailure to start the managerHappens just about once in a while in our CI, nothing regular. Don't know how to reproduce. Rerunning the job always fixes the issue.
```
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 428ms:INFO:knot_resolver_man...Happens just about once in a while in our CI, nothing regular. Don't know how to reproduce. Rerunning the job always fixes the issue.
```
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 428ms:INFO:knot_resolver_manager.server:Loading initial configuration from /etc/knot-resolver/config.yml
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 437ms:INFO:knot_resolver_manager.server:Validating initial configuration...
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 439ms:WARNING:knot_resolver_manager.log:Changing logging level to 'INFO'
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 440ms:INFO:knot_resolver_manager.kresd_controller:Starting service manager auto-selection...
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 440ms:INFO:knot_resolver_manager.kresd_controller:Available subprocess controllers are ('supervisord',)
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 440ms:INFO:knot_resolver_manager.kresd_controller:Selected controller 'supervisord'
Oct 10 11:56:00 runner-114-project-147-concurrent-1-799966 env[5260]: 441ms:INFO:knot_resolver_manager.kresd_controller.supervisord:Supervisord is already running, we will just update its config...
Oct 10 11:56:05 runner-114-project-147-concurrent-1-799966 systemd[1]: knot-resolver.service: Main process exited, code=exited, status=1/FAILURE
Oct 10 11:56:05 runner-114-project-147-concurrent-1-799966 systemd[1]: knot-resolver.service: Failed with result 'exit-code'.
Oct 10 11:56:05 runner-114-project-147-concurrent-1-799966 systemd[1]: Failed to start Knot Resolver Manager.
```https://gitlab.nic.cz/knot/knot-resolver/-/issues/746daemon/http: returning status 400 to handshake with dnscrypt-proxy2022-06-23T09:39:55+02:00Oto Šťávadaemon/http: returning status 400 to handshake with dnscrypt-proxyWhen [`dnscrypt-proxy`](https://github.com/DNSCrypt/dnscrypt-proxy) attempts a handshake with `kresd`, status code 400 is returned.
On Gitter, user `jlongua` reported getting this log message:
```
Jun 16 13:41:55 draco.plan9-ns2.com dn...When [`dnscrypt-proxy`](https://github.com/DNSCrypt/dnscrypt-proxy) attempts a handshake with `kresd`, status code 400 is returned.
On Gitter, user `jlongua` reported getting this log message:
```
Jun 16 13:41:55 draco.plan9-ns2.com dnscrypt-proxy[5775]: [2022-06-16 13:41:55] [ERROR] Webserver returned code 400
```
When I try it locally with a simple Docker image of dnscrypt-proxy, I get this:
```
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] dnscrypt-proxy 2.1.1
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] Network connectivity detected
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] Now listening to 0.0.0.0:53 [UDP]
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] Now listening to 0.0.0.0:53 [TCP]
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] Source [relays] loaded
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] Source [public-resolvers] loaded
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] Firefox workaround initialized
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [ERROR] 400 Bad Request
dnscrypt-proxy-dnsdist-1 | [2022-06-17 06:58:33] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
```Oto ŠťávaOto Šťávahttps://gitlab.nic.cz/knot/knot-resolver/-/issues/727DNS64: PTR synthesis yields SERVFAIL for some cache contents2022-03-21T11:03:34+01:00Ondřej CaletkaDNS64: PTR synthesis yields SERVFAIL for some cache contentsSummary
-------
When cache is cold, PTR synthesis of DNS64 module works well. When cache gets populated by quering without DNS64 synthesis on, PTR synthesis stops working and SERVFAIL is returned instead.
Steps to reproduce
-----------...Summary
-------
When cache is cold, PTR synthesis of DNS64 module works well. When cache gets populated by quering without DNS64 synthesis on, PTR synthesis stops working and SERVFAIL is returned instead.
Steps to reproduce
------------------
```
# cat /etc/knot-resolver/kresd.conf
-- SPDX-License-Identifier: CC0-1.0
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
-- Network interface configuration
net.listen('127.0.0.1', 53, { kind = 'dns' })
net.listen('127.0.0.1', 853, { kind = 'tls' })
--net.listen('127.0.0.1', 443, { kind = 'doh2' })
net.listen('::1', 53, { kind = 'dns', freebind = true })
net.listen('::1', 853, { kind = 'tls', freebind = true })
--net.listen('::1', 443, { kind = 'doh2' })
-- Load useful modules
modules = {
'hints > iterate', -- Allow loading /etc/hosts or custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
'dns64',
'view',
}
-- Disable DNS64 for IPv4
view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
-- Cache size
cache.size = 100 * MB
```
First query over IPv6 works as expected:
```
# kdig @::1 -x 64:ff9b::101:101 +noall +answer
1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. 60 IN CNAME 1.1.1.1.in-addr.arpa.
1.1.1.1.in-addr.arpa. 1265 IN PTR one.one.one.one.
```
Query over IPv4, where DNS64 is disabled, also works properly with `NXDOMAIN`:
```
# kdig @127.0.0.1 -x 64:ff9b::101:101
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 41713
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 1; ADDITIONAL: 0
;; QUESTION SECTION:
;; 1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
ip6.arpa. 3600 IN SOA b.ip6-servers.arpa. nstld.iana.org. 2021111921 1800 900 604800 3600
```
After this query, PTR synthesis does not work anymore and yields `SERVFAIL`:
```
# kdig @::1 -x 64:ff9b::101:101
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 25807
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; 1.0.1.0.1.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR
```
Clearing the cache restores correct behavior for a while.https://gitlab.nic.cz/knot/knot-resolver/-/issues/723manager: race condition with watchdog while starting workers2022-03-04T12:17:09+01:00Vaclav Sraiermanager: race condition with watchdog while starting workersHow to reproduce:
1. disable worker count limit
2. set worker count to 1000
3. run the manager
4. watch the world burn (like really, these steps will trash your system)
5. manager crashes (on my machine after starting 183 instances of k...How to reproduce:
1. disable worker count limit
2. set worker count to 1000
3. run the manager
4. watch the world burn (like really, these steps will trash your system)
5. manager crashes (on my machine after starting 183 instances of kresd)
I am guessing, that the same behavior could be reproduced by hammering manager with worker count change requests. But I haven't tested that.Vaclav SraierVaclav Sraierhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/722server selection: practical issues with some Microsoft domains2022-03-14T11:17:15+01:00Vladimír Čunátvladimir.cunat@nic.czserver selection: practical issues with some Microsoft domains With some Microsoft domains (outlook.com, office.com, office365.com) a small part of the nameservers is non-responsive, but kresd (sometimes) does not gracefully fall back to the other servers.
The same issue can surely happen with som... With some Microsoft domains (outlook.com, office.com, office365.com) a small part of the nameservers is non-responsive, but kresd (sometimes) does not gracefully fall back to the other servers.
The same issue can surely happen with someone else's names as well, but this set seems far the most commonly encountered in practice. It might be related to the NS server names being served by the same partially broken set.https://gitlab.nic.cz/knot/knot-resolver/-/issues/673trust_anchors.set_insecure may miss some names2021-05-21T01:52:53+02:00Vladimír Čunátvladimir.cunat@nic.cztrust_anchors.set_insecure may miss some namesIf the same authoritative server IPs serve names both above and below the configured negative trust anchors, the downgrade to insecure may not happen in some cases.If the same authoritative server IPs serve names both above and below the configured negative trust anchors, the downgrade to insecure may not happen in some cases.Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/671TLS_FORWARD can get stuck on broken addresses (v5.3.0)2021-03-24T16:09:15+01:00Vladimír Čunátvladimir.cunat@nic.czTLS_FORWARD can get stuck on broken addresses (v5.3.0)With normal TLS-forwarding config, e.g.:
```lua
policy.add(policy.all(policy.TLS_FORWARD({
{ '8.8.8.8', hostname='dns.google' },
{ '8.8.4.4', hostname='dns.google' },
{ '2001:4860:4860::8888', hostname='dns.google' },
{ '2001:4860:48...With normal TLS-forwarding config, e.g.:
```lua
policy.add(policy.all(policy.TLS_FORWARD({
{ '8.8.8.8', hostname='dns.google' },
{ '8.8.4.4', hostname='dns.google' },
{ '2001:4860:4860::8888', hostname='dns.google' },
{ '2001:4860:4860::8844', hostname='dns.google' },
})))
```
but part of addresses disabled, e.g.
```bash
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
```
some queries get stuck in a very long "loop" of attempting connection to the non-working IPs, even though half of them works. Example log snippet: [tls_forward.log](/uploads/a5716360f9a3e6879160ff0766e37add/tls_forward.log)
_!1143 doesn't trigger here; it wasn't meant for forwarding and individual addresses might be broken for other reasons anyway._5.3.1https://gitlab.nic.cz/knot/knot-resolver/-/issues/657policy: actions don't populate OPT when they should2021-11-23T19:52:44+01:00Vladimír Čunátvladimir.cunat@nic.czpolicy: actions don't populate OPT when they should[RFC 6891](https://tools.ietf.org/html/rfc6891#section-6.1.1):
> If an OPT record is present in a received request, compliant responders MUST include an OPT record in their respective responses.
Original report: https://forum.turris.cz...[RFC 6891](https://tools.ietf.org/html/rfc6891#section-6.1.1):
> If an OPT record is present in a received request, compliant responders MUST include an OPT record in their respective responses.
Original report: https://forum.turris.cz/t/kresd-response-missing-opt-pseudo-rr/14437
It causes practical issues with systemd-resolved (see the report).https://gitlab.nic.cz/knot/knot-resolver/-/issues/645FORMERR does not trigger EDNS fallback2021-10-11T13:06:06+02:00Petr ŠpačekFORMERR does not trigger EDNS fallbackVersion: 5.2.0
Domain `spam.molax.co.kr.` qtype `A` does not work with EDNS. Auth servers correctly return FORMERR but kresd 5.2.0 does not fallback to non-EDNS and SERVFAILs request from client.
[spam.molax.co.kr.A.log](/uploads/edde7...Version: 5.2.0
Domain `spam.molax.co.kr.` qtype `A` does not work with EDNS. Auth servers correctly return FORMERR but kresd 5.2.0 does not fallback to non-EDNS and SERVFAILs request from client.
[spam.molax.co.kr.A.log](/uploads/edde70e988fcf6ab810e693802c8896d/spam.molax.co.kr.A.log)
We need to:
- fix kresd
- investigate why test https://gitlab.nic.cz/knot/deckard/-/blob/master/sets/resolver/iter_formerr.rpl did not detect this and fix it!https://gitlab.nic.cz/knot/knot-resolver/-/issues/622map() command mangles return values2020-11-24T18:34:20+01:00Petr Špačekmap() command mangles return valuesAffected version: 5.1.3 and most likely all older versions as well
Problem
=======
In short current `map()` command is broken for arrays of return values different with length != 1 and also for certain data types.
Example with three re...Affected version: 5.1.3 and most likely all older versions as well
Problem
=======
In short current `map()` command is broken for arrays of return values different with length != 1 and also for certain data types.
Example with three return values. This is wildly inconsistent even between consecutive executions on the same `kresd -f4` instances:
```
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 1, 2, 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 1, 2, 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 1, 2, 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 1, 2, 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 1, 2, 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 3
[4] => 3
> map('1, 2, 3')
[1] => 1
[2] => 3
[3] => 3
[4] => 3
```
Example with nil - it gets turned into empty tables _but not for all four instances_:
```
> map('nil')
[1] => {
}
[2] => {
}
[3] => {
}
```
Example with errors - errors are incorrectly turned into strings so the map() caller cannot distinguish them from real string return values:
```
> map('error("test")')
[1] => test
[2] => test
[3] => test
[4] => test
```
In short it is utterly broken.
Proposal
========
`map()` is mostly broken and also undocumented so we change it more or less freely. Here is how I would do it:
- Follower instances will use `pcall` to determine if a the single call inside map() succeeded or not and send results back to leader
- map() running on leader instance will receive full outputs from `pcall` on followers and check if all calls succeeded. If not `map()` will throw out an error.
- Leader will check if number of return values from each instance is exactly one (from each follower) - if not map() on leader will throw out an error.
- if no error occured map() will return two tables:
- first table with results from each instance in format `{return value from first instance}, return value from second instance, return value from third instance, ...}` - order of return values is not defined and cannot be relied on
- second table with corresponding names of control sockets (? maybe we can skip this and add it later?)
- Usage if map() caller wants to receive multiple return values: `map('{expression to be evaluated}')` will produce table of tables {{return values from first instance}, {return values from second instance}, ...}, {name of first instance, name of second instance, ...}
- Usage if map() caller wants to also receive errors:
- Caller can either wrap intended expression in pcall: `map('{pcall(expression to be evaluated)}')`
- or we can define a table format which will be used by errors thrown from map()
This approach also allows to handle variable number of return values and also `nil` values in a safe manner. Let's define two helper functions:
```
function tab_pack(...)
local tab = {...}
tab.n = select('#', ...)
return tab
end
function tab_unpack(tab)
return unpack(tab, 1, tab.n)
end
```
Now map() caller can do: `map('tab_pack(nil,2,nil)')` and receive results like:
```
> map('tab_pack(nil,2,nil)')
[1] => {
[2] => 2
[n] => 3
}
[2] => {
[2] => 2
[n] => 3
}
```
The auto-generated table field `n` tells the caller that original result contained 3 values so the caller can iterate over [1],[2],[3] and safely find that first and third return value were nil.5.2.0https://gitlab.nic.cz/knot/knot-resolver/-/issues/614failure: forwarding + signatures + CNAME to sibling2020-10-23T10:03:46+02:00Vladimír Čunátvladimir.cunat@nic.czfailure: forwarding + signatures + CNAME to siblingMaybe there are some additional conditions needed to trigger the problem.
Example log:
<details><pre>
[44705.16][resl] => id: '14071' querying: '193.17.47.1#00053' score: 21 zone cut: 'dns-oarc.net.' qname: 'Rate.dnS-OaRc.NET.' qtype:...Maybe there are some additional conditions needed to trigger the problem.
Example log:
<details><pre>
[44705.16][resl] => id: '14071' querying: '193.17.47.1#00053' score: 21 zone cut: 'dns-oarc.net.' qname: 'Rate.dnS-OaRc.NET.' qtype: 'A' proto: 'udp'
[44705.16][iter] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 14071
;; Flags: qr rd ra cd QUERY: 1; ANSWER: 4; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused
;; QUESTION SECTION
rate.dns-oarc.net. A
;; ANSWER SECTION
rate.dns-oarc.net. 120 CNAME dev.dns-oarc.net.
rate.dns-oarc.net. 120 RRSIG CNAME 8 3 120 20201028101102 20200928091102 12093 dns-oarc.net. Rttx3oznjSpRgoKZPNi1vYY3fP8KDq+y82p9cs+upwXHdpx/sB8pS4LvHlME53fJ5wqf8vmcAY07kJU4z4PKFam6Qj0a7De2zX3+JEFhZhUGV4UGxgbgX1lZTfS/bRPBmO/vxwCproIiIgWxgZLOvJb4kyCtscD8QWWxn2Tijvk=
dev.dns-oarc.net. 300 A 77.72.225.245
dev.dns-oarc.net. 300 RRSIG A 8 3 300 20201026021701 20200928021701 25608 dev.dns-oarc.net. faVj+wxFlFAjg2PQm9Dj4zjA2Ad57cXKv62YFVZ1x0zAUaBXnN+95YEfHwuBanu9P7REBKyaL47NmRo9BPOIzwxTbD610lUEWjx9OkMzmZwJOr5EddraB523q2BLToqJX344NBPNywtMUuYKPQQlBKzFN+Av/gstXGUCfyccU2E=
;; ADDITIONAL SECTION
[44705.16][iter] <= rcode: NOERROR
[44705.16][vldr] >< bogus signatures: dev.dns-oarc.net. A (3 matching RRSIGs, 0 expired, 0 not yet valid, 3 invalid signer, 0 invalid label count, 0 invalid key, 0 invalid crypto, 0 invalid NSEC)
[44705.16][vldr] >< cut changed (new signer), needs revalidation
[44705.16][resl] <= server: '185.43.135.1' rtt: 135 ms
[44705.16][plan] plan 'rate.dns-oarc.net.' type 'DS' uid [44705.17]
[44705.17][iter] 'rate.dns-oarc.net.' type 'DS' new uid was assigned .18, parent uid .16
[44705.18][cach] => skipping exact packet: rank 025 (min. 030), new TTL -501
[44705.18][cach] => trying zone: ., NSEC, hash 0
[44705.18][cach] => NSEC sname: range search miss (!covers)
[44705.18][cach] => skipping zone: ., NSEC, hash 0;new TTL -123456789, ret -2
[ ][nsre] score 21 for 185.43.135.1#00053; cached RTT: 120
[ ][nsre] score 21 for 193.17.47.1#00053; cached RTT: 11
[44705.18][resl] => id: '45855' querying: '185.43.135.1#00053' score: 21 zone cut: 'dev.dns-oarc.net.' qname: 'rAtE.dNs-oArC.nET.' qtype: 'DS' proto: 'udp'
[44705.18][resl] => id: '45855' querying: '193.17.47.1#00053' score: 21 zone cut: 'dev.dns-oarc.net.' qname: 'rAtE.dNs-oArC.nET.' qtype: 'DS' proto: 'udp'
[44705.18][iter] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 45855
;; Flags: qr rd ra cd QUERY: 1; ANSWER: 4; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused
;; QUESTION SECTION
rate.dns-oarc.net. DS
;; ANSWER SECTION
rate.dns-oarc.net. 120 CNAME dev.dns-oarc.net.
rate.dns-oarc.net. 120 RRSIG CNAME 8 3 120 20201028101102 20200928091102 12093 dns-oarc.net. Rttx3oznjSpRgoKZPNi1vYY3fP8KDq+y82p9cs+upwXHdpx/sB8pS4LvHlME53fJ5wqf8vmcAY07kJU4z4PKFam6Qj0a7De2zX3+JEFhZhUGV4UGxgbgX1lZTfS/bRPBmO/vxwCproIiIgWxgZLOvJb4kyCtscD8QWWxn2Tijvk=
dev.dns-oarc.net. 300 DS 65191 8 2 7202E542EC7177402116BE5EABB2366EAA1EEE8196A03934B2870A11DF174102
dev.dns-oarc.net. 300 RRSIG DS 8 3 300 20201028101102 20200928091102 12093 dns-oarc.net. jwebuweys5NQ5g/QYmltaYRxs7s1pvWXtvS/yH3JounDaBklEseOvfumUv9VdxbxT7a/U/rwWDg3CNtXlOO+4W8WpQp94Tz0wSAwT/UcA5hh38hPXnqJ/nH3gvRmEUi8iEMwl2c615IZ9YX4zNXh07oNfPeWTgzjKu6nHNF8bKA=
;; ADDITIONAL SECTION
[44705.18][iter] <= rcode: NOERROR
[44705.18][vldr] <= no useful RR in authoritative answer
[44705.18][cach] => stashed packet: rank 025, TTL 120, DS rate.dns-oarc.net. (472 B)
[44705.00][resl] request failed, answering with empty SERVFAIL
[44705.18][resl] finished: 8, queries: 5, mempool: 49200 B
</pre></details>Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/597garbage collector does not handle cache overflow2020-09-10T18:03:36+02:00Petr Špačekgarbage collector does not handle cache overflowGC exits if it fails to delete some records from cache _because the cache is overfull_. In other words the GC exits when resolver needs it most.
```
Usage: 95.80%
Cache analyzed in 0.01 secs, 7764 records, limit category is 54.
854 reco...GC exits if it fails to delete some records from cache _because the cache is overfull_. In other words the GC exits when resolver needs it most.
```
Usage: 95.80%
Cache analyzed in 0.01 secs, 7764 records, limit category is 54.
854 records to be deleted using 0.15 MBytes of temporary memory, 0 records skipped due to memory limit.
Warning: skipping deletion because of error (not enough space provided)
Warning: skipping deletion because of error (not enough space provided)
Warning: skipping deletion because of error (not enough space provided)
Warning: skipping deletion because of error (not enough space provided)
Warning: skipping deletion because of error (not enough space provided)
Warning: skipping deletion because of error (not enough space provided)
Error: transaction failed (not enough space provided)
Deleted 200 records (0 already gone) types TYPE29154 TYPE59527 TYPE44187 TYPE36047 TYPE45693 TYPE21714 TYPE50204 TYPE51332 TYPE44444 TYPE29269 TYPE3130 TYPE46908 TYPE42383 TYPE45769 TYPE44996 TYPE52982 TYPE3964 TYPE27428 TYPE48741 TYPE41612 TYPE6865 TYPE27634 TYPE11442 TYPE59684 TYPE7524 TYPE35361 TYPE54929 TYPE35156 TYPE41909 TYPE47722 TYPE39628 TYPE41358 TYPE34831 TYPE14502 TYPE44987 TYPE31613 TYPE54239 TYPE48620 TYPE38013 TYPE18764 TYPE14055 TYPE44216 TYPE59777 TYPE44082 TYPE54725 TYPE22458 TYPE24155 TYPE28478 TYPE54779 TYPE36220 TYPE51461 TYPE25536 TYPE52075 TYPE34900 TYPE56540 TYPE20833 TYPE53735 TYPE36127 TYPE1196 TYPE41734 TYPE52917 TYPE47446 TYPE2667 TYPE46684 TYPE53393 TYPE51980 TYPE48422 TYPE8606 TYPE60457 TYPE17578 TYPE42928 TYPE2558 TYPE50788 TYPE56583 TYPE53266 TYPE7786 TYPE23574 TYPE42124 TYPE30050 TYPE48447 TYPE2899 TYPE56431 TYPE2027 TYPE10014 TYPE30069 TYPE10495 TYPE8553 TYPE27614 TYPE30114 TYPE1749 TYPE30103 TYPE39247 TYPE52317 TYPE12223 TYPE15458 TYPE29030 TYPE14759 TYPE18893 TYPE54959 TYPE23394 TYPE34964 TYPE50367 TYPE49032 TYPE3520 TYPE47228 TYPE45727 TYPE53351 TYPE10951 TYPE48483 TYPE55134 TYPE15948 TYPE11818 TYPE41057 TYPE27592 TYPE39439 TYPE44299 TYPE20265 TYPE37406 TYPE49793 TYPE37190 TYPE34190 TYPE52182 TYPE51724 TYPE37423 TYPE40471 TYPE33384 TYPE26887 TYPE24555 TYPE9772 TYPE40292 TYPE1881 TYPE28454 TYPE16893 TYPE12828 TYPE35800 TYPE48615 TYPE23795 TYPE17868 TYPE52707 TYPE29353 TYPE15356 TYPE17423 TYPE43681 TYPE29103 TYPE6193 TYPE10192 TYPE1533 TYPE52733 TYPE25324 TYPE18661 TYPE8028 TYPE15130 TYPE1390 TYPE20894 TYPE46928 TYPE20775 TYPE34785 TYPE35033 TYPE25865 TYPE29467 TYPE35999 TYPE19689 TYPE36486 TYPE26812 TYPE47835 TYPE12544 TYPE59178 TYPE40217 TYPE48360 TYPE6498 TYPE27278 TYPE20611 TYPE33166 TYPE26178 TYPE29607 TYPE41861 TYPE46627 TYPE46523 TYPE39303 TYPE31506 TYPE29641 TYPE57230 TYPE45646 TYPE18200 TYPE15259 TYPE9469 TYPE38975 TYPE35866 TYPE56761 TYPE7671 TYPE2275 TYPE8828 TYPE38107 TYPE40836 TYPE28134 TYPE46671 TYPE32355 TYPE38288 TYPE42284 TYPE26703
It took 0.00 secs, 1 transactions (not enough space provided)
Error (not enough space provided)
```
Version: kresd 5.1.2Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/595garbage collector does not handle on-line cache resize2020-11-24T16:05:11+01:00Petr Špačekgarbage collector does not handle on-line cache resizeCache resize underneath running GC leads to fatal error:
```
Error starting DB transaction (MDB_MAP_RESIZED: Database contents grew beyond environment mapsize).
Error (MDB_MAP_RESIZED: Database contents grew beyond environment mapsize)
```Cache resize underneath running GC leads to fatal error:
```
Error starting DB transaction (MDB_MAP_RESIZED: Database contents grew beyond environment mapsize).
Error (MDB_MAP_RESIZED: Database contents grew beyond environment mapsize)
```Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/585[graphite] Prevents kresd to start if graphite server is not available2020-06-29T17:05:09+02:00Fre[graphite] Prevents kresd to start if graphite server is not availablekresd fails to start up when the graphite server is not available:
`kresd[2281]: [system] error while loading config: /usr/lib/knot-resolver/kres_modules/graphite.lua:102: socket:connect: No route to host (workdir '/var/lib/knot-resolve...kresd fails to start up when the graphite server is not available:
`kresd[2281]: [system] error while loading config: /usr/lib/knot-resolver/kres_modules/graphite.lua:102: socket:connect: No route to host (workdir '/var/lib/knot-resolver')`
This should be a warning, not a critical error preventing start up of kresd.
This is Knot Resolver 5.1.1 running on Debian Buster.https://gitlab.nic.cz/knot/knot-resolver/-/issues/582fix locking around cache preallocation2020-06-25T14:52:04+02:00Petr Špačekfix locking around cache preallocation Caveats in [LMDB docs](http://www.lmdb.tech/doc/index.html) suggest that our cache preallocation might break LMDB locking:
> Do not have open an LMDB database twice in the same process at the same time. Not even from a plain open() ca... Caveats in [LMDB docs](http://www.lmdb.tech/doc/index.html) suggest that our cache preallocation might break LMDB locking:
> Do not have open an LMDB database twice in the same process at the same time. Not even from a plain open() call - close()ing it breaks flock() advisory locking.