Knot Resolver issueshttps://gitlab.nic.cz/knot/knot-resolver/-/issues2017-08-22T13:33:40+02:00https://gitlab.nic.cz/knot/knot-resolver/-/issues/68memory bug in cache unit tests2017-08-22T13:33:40+02:00Marek Vavrusamemory bug in cache unit tests```
==37349==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200000bb38 at pc 0x000101ad78d2 bp 0x7fff5e2a15d0 sp 0x7fff5e2a0d90
WRITE of size 8 at 0x61200000bb38 thread T0
#0 0x101ad78d1 in wrap_memcpy (libclang_rt.as...```
==37349==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200000bb38 at pc 0x000101ad78d2 bp 0x7fff5e2a15d0 sp 0x7fff5e2a0d90
WRITE of size 8 at 0x61200000bb38 thread T0
#0 0x101ad78d1 in wrap_memcpy (libclang_rt.asan_osx_dynamic.dylib+0x408d1)
#1 0x101a2b718 in mdb_txn_renew0 mdb.c:2715
#2 0x101a2bde3 in mdb_txn_begin mdb.c:2850
#3 0x101a199b7 in txn_begin db_lmdb.c:265
#4 0x101996967 in kr_cache_txn_begin cache.c:134
#5 0x10196095f in test_clear (test_cache+0x10000295f)
#6 0x101a8cfb0 in _run_test (libcmocka.0.dylib+0x3fb0)
#7 0x101a8d77c in _run_group_tests (libcmocka.0.dylib+0x477c)
#8 0x10195f438 in main (test_cache+0x100001438)
#9 0x7fff8f4b45ac in start (libdyld.dylib+0x35ac)
#10 0x0 (<unknown module>)
0x61200000bb38 is located 248 bytes inside of 258-byte region [0x61200000ba40,0x61200000bb42)
freed by thread T0 here:
#0 0x101adfb89 in wrap_free (libclang_rt.asan_osx_dynamic.dylib+0x48b89)
#1 0x101996ac8 in kr_cache_txn_commit cache.c:157
#2 0x10196085b in test_fill (test_cache+0x10000285b)
#3 0x101a8cfb0 in _run_test (libcmocka.0.dylib+0x3fb0)
#4 0x101a8d77c in _run_group_tests (libcmocka.0.dylib+0x477c)
#5 0x10195f438 in main (test_cache+0x100001438)
#6 0x7fff8f4b45ac in start (libdyld.dylib+0x35ac)
#7 0x0 (<unknown module>)
previously allocated by thread T0 here:
#0 0x101adff27 in wrap_calloc (libclang_rt.asan_osx_dynamic.dylib+0x48f27)
#1 0x101a436f4 in mdb_env_open (libknot.2.dylib+0x2f6f4)
#2 0x101a197b8 in init db_lmdb.c:156
#3 0x1019966a7 in kr_cache_open cache.c:108
#4 0x10195fef9 in test_open_conventional_api (test_cache+0x100001ef9)
#5 0x101a8cfb0 in _run_test (libcmocka.0.dylib+0x3fb0)
#6 0x101a8d6f6 in _run_group_tests (libcmocka.0.dylib+0x46f6)
#7 0x10195f438 in main (test_cache+0x100001438)
#8 0x7fff8f4b45ac in start (libdyld.dylib+0x35ac)
#9 0x0 (<unknown module>)
```
It crashes at the end, looks like improper use in the test case.Grigorii DemidovGrigorii Demidovhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/90rtt value for nameserver includes timeouts for all previous addresses2017-08-22T13:33:40+02:00Ondřej Surýrtt value for nameserver includes timeouts for all previous addressesWhile debugging the DROP + TC issue, I found out that effective RTT for address set via `kr_nsrep_update_rtt` in `kr_resolve_produce()` is calculated as a sum of timeouts for all previous addresses. Thus if there's 4 address in total an...While debugging the DROP + TC issue, I found out that effective RTT for address set via `kr_nsrep_update_rtt` in `kr_resolve_produce()` is calculated as a sum of timeouts for all previous addresses. Thus if there's 4 address in total and only the last responds, the score fed to kr_nsrep_update_rtt will be 3*KR_CONN_RETRY + + real RTT (f.e. 901) instead of just the real RTT for the address (f.e. 1).
It can be seen here:
```
**[nsrep] updating reputation for 194.0.12.1 from 0 to 90**
[resl] <= server: '194.0.12.1' rtt: 90 ms
[resl] => querying: '193.29.206.1' score: 10 zone cut: 'cz.' m12n: 'TurRIs.cZ.' type: 'DNSKEY'
[resl] optional: '194.0.14.1' score: 10 zone cut: 'cz.' m12n: 'TurRIs.cZ.' type: 'DNSKEY'
[resl] optional: '194.0.13.1' score: 10 zone cut: 'cz.' m12n: 'TurRIs.cZ.' type: 'DNSKEY'
[resl] optional: '194.0.12.1' score: 10 zone cut: 'cz.' m12n: 'TurRIs.cZ.' type: 'DNSKEY'
[iter] <= truncated response, failover to TCP
**[nsrep] updating reputation for 194.0.12.1 from 90 to 90**
[resl] <= server: '194.0.12.1' rtt: 91 ms
[resl] kr_resolve_consume requery over TCP
[resl] => retrying over TCP, electing (d.ns.nic.cz.)
[resl] => querying: '193.29.206.1' score: 10 zone cut: 'cz.' m12n: 'tuRRIs.Cz.' type: 'DNSKEY'
[resl] => querying: '194.0.14.1' score: 10 zone cut: 'cz.' m12n: 'TURriS.cZ.' type: 'DNSKEY'
[resl] optional: '194.0.13.1' score: 10 zone cut: 'cz.' m12n: 'TURriS.cZ.' type: 'DNSKEY'
[resl] optional: '194.0.12.1' score: 10 zone cut: 'cz.' m12n: 'TURriS.cZ.' type: 'DNSKEY'
[iter] <= truncated response, failover to TCP
**[nsrep] updating reputation for 194.0.12.1 from 90 to 75**
[resl] <= server: '194.0.12.1' rtt: 61 ms
[resl] kr_resolve_consume requery over TCP
[resl] => retrying over TCP, electing (c.ns.nic.cz.)
[resl] => querying: '194.0.14.1' score: 10 zone cut: 'cz.' m12n: 'TURRIs.cz.' type: 'DNSKEY'
[resl] => querying: '194.0.13.1' score: 10 zone cut: 'cz.' m12n: 'tURrIS.cz.' type: 'DNSKEY'
[resl] optional: '194.0.12.1' score: 10 zone cut: 'cz.' m12n: 'tURrIS.cz.' type: 'DNSKEY'
[iter] <= truncated response, failover to TCP
**[nsrep] updating reputation for 194.0.12.1 from 75 to 53**
[resl] <= server: '194.0.12.1' rtt: 31 ms
[resl] kr_resolve_consume requery over TCP
[resl] => retrying over TCP, electing (b.ns.nic.cz.)
[resl] => querying: '194.0.13.1' score: 10 zone cut: 'cz.' m12n: 'tuRRIS.Cz.' type: 'DNSKEY'
[resl] => querying: '194.0.12.1' score: 53 zone cut: 'cz.' m12n: 'TurRIs.Cz.' type: 'DNSKEY'
[iter] <= truncated response, failover to TCP
**[nsrep] updating reputation for 194.0.12.1 from 53 to 32**
[resl] <= server: '194.0.12.1' rtt: 1 ms
```https://gitlab.nic.cz/knot/knot-resolver/-/issues/67duplicated non-existence proof with +dnssec2017-08-22T13:33:40+02:00Marek Vavrusaduplicated non-existence proof with +dnssecWhen the answer comes from the upstream, it's good.
```bash
$ kdig @127.0.0.1 -p 6667 A notexists.org
...
;; AUTHORITY SECTION:
org. 684 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2011985870 1800 900 604800 86400
org...When the answer comes from the upstream, it's good.
```bash
$ kdig @127.0.0.1 -p 6667 A notexists.org
...
;; AUTHORITY SECTION:
org. 684 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2011985870 1800 900 604800 86400
org. 684 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2011985870 1800 900 604800 86400
org. 684 IN RRSIG SOA 7 1 900 20160531233745 20160510223745 52860 org. LbwYB0WF9A1e3+t+OAqbrBArFGqoXXHsTN3MCzT5AM0rALYqc4+5dL1F MPgMTsTr5SqHgptPrbIwzumUdmJ9aFwBOXfFvATSrZr7k6lixTnx++zq Wv9P51ggVPb060Jdjb5yXwHpGXuqFsJ/Zvh0TVvkT5qmNKOvobaMel7+ cYc=
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86184 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86184 IN RRSIG NSEC3 7 2 86400 20160531233745 20160510223745 52860 org. VRmFqGWjHW21CSn8LS0XcqhDvdvNzS88//QOSNJXYB8IQXpi6w5PyzEr 1IRsZ7akeeGA8oFuIIosnnbkHHATNcFKIIZiDhfqlqUciYoQolxonu6K /d5+yX8l3DSU4ezpzZQr/SrkO1sNitzezDihgsxhXBFpd7+dwYqErKkh WzI=
sgkmag4eddlk9u0gdg4rijrgaablvuce.org. 86184 IN NSEC3 1 1 1 D399EAAB SGL6846A77U7AF5TJ7UL5GHNNP64MF8L
sgkmag4eddlk9u0gdg4rijrgaablvuce.org. 86184 IN RRSIG NSEC3 7 2 86400 20160530150327 20160509140327 52860 org. 1WpIKnpy0/rdrK9zNxKAYHvqdSGphjX1HFl9+TAFN1gqOPfErGGz6vPP YHuFDrSrfcziUw+Mu7udX/He9UHRMntV07w2TnNlOntJIG74dHDWo919 f1ZM0ZVXNQFEFOdFwnJM/wF6z75mpSSPekbNvHpBHfHYWTDs7LCuBTt0 bPg=
vaittv1g2ies9s3920soaumh73klnhs5.org. 86184 IN NSEC3 1 1 1 D399EAAB VAJSHJ9G9U88NEFMNIS1LOG48CM6L9LO NS DS RRSIG
vaittv1g2ies9s3920soaumh73klnhs5.org. 86184 IN RRSIG NSEC3 7 2 86400 20160530150327 20160509140327 52860 org. I/Aa7E+iKFaeez8Tt65npGcQMqqGB8sJkdQzZdCvH3UHsChq3aJ7ksd6 aJh+lbvxqbB9XHtLKF7NY4i3Vcr5l5/jc4N9UysrGY3zJ3Q3VeUk6X6G ireOcEdCQ7MFVS0Zw+6rW7S5Via8va0nQj57HJs5n4YIy7SYZURixJI0 j5A=
```
When I query with +dnssec again, it doubles. I think this was introduced with the wildcard non-existence proof patch.
```bash
$ kdig @127.0.0.1 -p 6667 A notexists.org +dnssec
...
;; AUTHORITY SECTION:
org. 631 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2011985870 1800 900 604800 86400
org. 631 IN RRSIG SOA 7 1 900 20160531233745 20160510223745 52860 org. LbwYB0WF9A1e3+t+OAqbrBArFGqoXXHsTN3MCzT5AM0rALYqc4+5dL1F MPgMTsTr5SqHgptPrbIwzumUdmJ9aFwBOXfFvATSrZr7k6lixTnx++zq Wv9P51ggVPb060Jdjb5yXwHpGXuqFsJ/Zvh0TVvkT5qmNKOvobaMel7+ cYc=
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86131 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86131 IN RRSIG NSEC3 7 2 86400 20160531233745 20160510223745 52860 org. VRmFqGWjHW21CSn8LS0XcqhDvdvNzS88//QOSNJXYB8IQXpi6w5PyzEr 1IRsZ7akeeGA8oFuIIosnnbkHHATNcFKIIZiDhfqlqUciYoQolxonu6K /d5+yX8l3DSU4ezpzZQr/SrkO1sNitzezDihgsxhXBFpd7+dwYqErKkh WzI=
sgkmag4eddlk9u0gdg4rijrgaablvuce.org. 86131 IN NSEC3 1 1 1 D399EAAB SGL6846A77U7AF5TJ7UL5GHNNP64MF8L
sgkmag4eddlk9u0gdg4rijrgaablvuce.org. 86131 IN RRSIG NSEC3 7 2 86400 20160530150327 20160509140327 52860 org. 1WpIKnpy0/rdrK9zNxKAYHvqdSGphjX1HFl9+TAFN1gqOPfErGGz6vPP YHuFDrSrfcziUw+Mu7udX/He9UHRMntV07w2TnNlOntJIG74dHDWo919 f1ZM0ZVXNQFEFOdFwnJM/wF6z75mpSSPekbNvHpBHfHYWTDs7LCuBTt0 bPg=
vaittv1g2ies9s3920soaumh73klnhs5.org. 86131 IN NSEC3 1 1 1 D399EAAB VAJSHJ9G9U88NEFMNIS1LOG48CM6L9LO NS DS RRSIG
vaittv1g2ies9s3920soaumh73klnhs5.org. 86131 IN RRSIG NSEC3 7 2 86400 20160530150327 20160509140327 52860 org. I/Aa7E+iKFaeez8Tt65npGcQMqqGB8sJkdQzZdCvH3UHsChq3aJ7ksd6 aJh+lbvxqbB9XHtLKF7NY4i3Vcr5l5/jc4N9UysrGY3zJ3Q3VeUk6X6G ireOcEdCQ7MFVS0Zw+6rW7S5Via8va0nQj57HJs5n4YIy7SYZURixJI0 j5A=
org. 631 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2011985870 1800 900 604800 86400
org. 631 IN RRSIG SOA 7 1 900 20160531233745 20160510223745 52860 org. LbwYB0WF9A1e3+t+OAqbrBArFGqoXXHsTN3MCzT5AM0rALYqc4+5dL1F MPgMTsTr5SqHgptPrbIwzumUdmJ9aFwBOXfFvATSrZr7k6lixTnx++zq Wv9P51ggVPb060Jdjb5yXwHpGXuqFsJ/Zvh0TVvkT5qmNKOvobaMel7+ cYc=
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86131 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86131 IN RRSIG NSEC3 7 2 86400 20160531233745 20160510223745 52860 org. VRmFqGWjHW21CSn8LS0XcqhDvdvNzS88//QOSNJXYB8IQXpi6w5PyzEr 1IRsZ7akeeGA8oFuIIosnnbkHHATNcFKIIZiDhfqlqUciYoQolxonu6K /d5+yX8l3DSU4ezpzZQr/SrkO1sNitzezDihgsxhXBFpd7+dwYqErKkh WzI=
sgkmag4eddlk9u0gdg4rijrgaablvuce.org. 86131 IN NSEC3 1 1 1 D399EAAB SGL6846A77U7AF5TJ7UL5GHNNP64MF8L
sgkmag4eddlk9u0gdg4rijrgaablvuce.org. 86131 IN RRSIG NSEC3 7 2 86400 20160530150327 20160509140327 52860 org. 1WpIKnpy0/rdrK9zNxKAYHvqdSGphjX1HFl9+TAFN1gqOPfErGGz6vPP YHuFDrSrfcziUw+Mu7udX/He9UHRMntV07w2TnNlOntJIG74dHDWo919 f1ZM0ZVXNQFEFOdFwnJM/wF6z75mpSSPekbNvHpBHfHYWTDs7LCuBTt0 bPg=
vaittv1g2ies9s3920soaumh73klnhs5.org. 86131 IN NSEC3 1 1 1 D399EAAB VAJSHJ9G9U88NEFMNIS1LOG48CM6L9LO NS DS RRSIG
vaittv1g2ies9s3920soaumh73klnhs5.org. 86131 IN RRSIG NSEC3 7 2 86400 20160530150327 20160509140327 52860 org. I/Aa7E+iKFaeez8Tt65npGcQMqqGB8sJkdQzZdCvH3UHsChq3aJ7ksd6 aJh+lbvxqbB9XHtLKF7NY4i3Vcr5l5/jc4N9UysrGY3zJ3Q3VeUk6X6G ireOcEdCQ7MFVS0Zw+6rW7S5Via8va0nQj57HJs5n4YIy7SYZURixJI0 j5A=
```Grigorii DemidovGrigorii Demidovhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/89When you install the knot-resolver, init will occupy the port.2017-08-22T13:33:40+02:00Horigome YoshihitoWhen you install the knot-resolver, init will occupy the port.Hi, all
When was introduced the following in the environment knot-resolver, the port 53 init is now ready to be occupied.
version
```
$ sudo kresd --version
Knot DNS Resolver, version 1.1.0
```
env
```
$ hostnamectl
Sta...Hi, all
When was introduced the following in the environment knot-resolver, the port 53 init is now ready to be occupied.
version
```
$ sudo kresd --version
Knot DNS Resolver, version 1.1.0
```
env
```
$ hostnamectl
Static hostname: dns02.kometch.local
Icon name: computer
Machine ID: 3b25a16e9bf3f76dc79aa03c571c77e3
Boot ID: f1f44e1e4bab4d73adcd1e8d4dadde92
Operating System: Ubuntu 16.04.1 LTS
Kernel: Linux 3.10.102-2-pine64-longsleep
Architecture: arm64
```
issue
```
$ sudo netstat -antp | grep init
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1/init
tcp6 0 0 ::1:53 :::* LISTEN 1/init
tcp6 0 0 :::853 :::* LISTEN 1/init
```
```
$ sudo kresd
[string "config"]:5: bind to 127.0.0.1#53 error: Address already in use
[system] worker failed: No such file or directory
```
For from the very beginning the installation is port election, it will also fail to start the knot-resolver.
Is this a known problem?
Best regards .https://gitlab.nic.cz/knot/knot-resolver/-/issues/66tcp-ooo kresd stuck at feeds.feedburner.com.2017-08-22T13:33:40+02:00Ondřej Surýtcp-ooo kresd stuck at feeds.feedburner.com.Original report from gitter:
> Maxime Hadjinlian @maximeh 11:56
> Hi there
> I have started using kresd-resolver (the package from Debian) to play around a little bit
> I have a "strange" issues, there's a few dns query that are stuc...Original report from gitter:
> Maxime Hadjinlian @maximeh 11:56
> Hi there
> I have started using kresd-resolver (the package from Debian) to play around a little bit
> I have a "strange" issues, there's a few dns query that are stuck.
> I have a knot-resolver daemon running on my machine, I have a scripts that does a bunch of requests, some requests get stuck, if I shutdown kresd, they keep going
> I don't know how I could debug that, so any help is really appreciated
> I did not have that problem with the earlier version
>
> Maxime Hadjinlian @maximeh 12:13
> Here's the log from the failing request: http://pastebin.com/jeF7n3eT
> The program at the other ends get stuck on the requests to feeds.feedburner.com, if I quit kresd, it goes on.
And the data from pastebin for reference:
```
[plan] plan 'feeds.feedburner.com.' type 'A'
[resl] => NS is provably without DS, going insecure
[resl] => querying: '216.239.38.10' score: 10 zone cut: 'feedburner.com.' m12n: 'fEedS.fEeDBuRNEr.com.' type: 'A'
[resl] optional: '216.239.36.10' score: 10 zone cut: 'feedburner.com.' m12n: 'fEedS.fEeDBuRNEr.com.' type: 'A'
[resl] optional: '216.239.34.10' score: 10 zone cut: 'feedburner.com.' m12n: 'fEedS.fEeDBuRNEr.com.' type: 'A'
[resl] optional: '216.239.32.10' score: 10 zone cut: 'feedburner.com.' m12n: 'fEedS.fEeDBuRNEr.com.' type: 'A'
[plan] plan 'feeds.feedburner.com.' type 'AAAA'
[resl] => NS is provably without DS, going insecure
[resl] => querying: '216.239.38.10' score: 10 zone cut: 'feedburner.com.' m12n: 'FEEds.FEEdburner.cOM.' type: 'AAAA'
[resl] optional: '216.239.36.10' score: 10 zone cut: 'feedburner.com.' m12n: 'FEEds.FEEdburner.cOM.' type: 'AAAA'
[resl] optional: '216.239.34.10' score: 10 zone cut: 'feedburner.com.' m12n: 'FEEds.FEEdburner.cOM.' type: 'AAAA'
[resl] optional: '216.239.32.10' score: 10 zone cut: 'feedburner.com.' m12n: 'FEEds.FEEdburner.cOM.' type: 'AAAA'
[iter] <= rcode: NOERROR
[resl] <= server: '216.239.38.10' rtt: 32 ms
[resl] finished: 4, queries: 1, mempool: 32800 B
[plan] plan 'feeds.feedburner.com.' type 'A'
[ rc ] => satisfied from cache
[iter] <= rcode: NOERROR
[iter] <= cname chain, following
[plan] plan 'www4.l.google.com.' type 'A'
[resl] => NS is provably without DS, going insecure
[resl] => querying: '216.239.38.10' score: 10 zone cut: 'l.google.com.' m12n: 'WWW4.l.GooGLe.cOm.' type: 'A'
[resl] optional: '216.239.36.10' score: 10 zone cut: 'l.google.com.' m12n: 'WWW4.l.GooGLe.cOm.' type: 'A'
[resl] optional: '216.239.34.10' score: 10 zone cut: 'l.google.com.' m12n: 'WWW4.l.GooGLe.cOm.' type: 'A'
[resl] optional: '216.239.32.10' score: 10 zone cut: 'l.google.com.' m12n: 'WWW4.l.GooGLe.cOm.' type: 'A'
[iter] <= rcode: NOERROR
[resl] <= server: '216.239.38.10' rtt: 34 ms
[resl] finished: 4, queries: 1, mempool: 16400 B
[iter] <= rcode: NOERROR
[resl] <= server: '216.239.38.10' rtt: 32 ms
[resl] finished: 4, queries: 2, mempool: 163904 B
```
Local test reveals when the record is not in cache:
```
$ dig IN AAAA feeds.feedburner.com. @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 1059
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; feeds.feedburner.com. IN AAAA
;; ANSWER SECTION:
feeds.feedburner.com. 300 IN CNAME www4.l.google.com.
www4.l.google.com. 300 IN AAAA 2a00:1450:4001:80a::200e
www4.l.google.com. 300 IN AAAA 2a00:1450:4001:80a::200e
;; Received 150 B
;; Time 2016-05-10 13:44:59 CEST
;; From 127.0.0.1@53(UDP) in 171.1 ms
```
https://gitlab.nic.cz/knot/knot-resolver/-/issues/65Resolving darujspravne.cz2017-08-22T13:33:40+02:00Martin VicianResolving darujspravne.czI cannot resolve [darujspravne.cz](http://darujspravne.cz) with knot-resolver.
One of their DNS servers (ns3.jetcloud.biz) returns wrong answer which causes no answer from knot-resolver.
Bind and unbound can handle this situation.
...I cannot resolve [darujspravne.cz](http://darujspravne.cz) with knot-resolver.
One of their DNS servers (ns3.jetcloud.biz) returns wrong answer which causes no answer from knot-resolver.
Bind and unbound can handle this situation.
Request:
```
dig darujspravne.cz A @*******************
; <<>> DiG 9.10.3-P4-Ubuntu <<>> darujspravne.cz A @*******************
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 19104
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;darujspravne.cz. IN A
;; Query time: 16 msec
;; SERVER: *******************
;; WHEN: Wed Apr 27 10:11:39 CEST 2016
;; MSG SIZE rcvd: 44
```
Knot-resolver log:
```
Apr 27 10:11:39 kres kresd[1403]: [plan] plan 'darujspravne.cz.' type 'A'
Apr 27 10:11:39 kres kresd[1403]: [resl] => NS is provably without DS, going insecure
Apr 27 10:11:39 kres kresd[1403]: [resl] => querying: '46.101.203.125' score: 11 zone cut: 'darujspravne.cz.' m12n: 'DAruJsPrAvNE.cZ.' type: 'A'
Apr 27 10:11:39 kres kresd[1403]: [iter] <= rcode: REFUSED
Apr 27 10:11:39 kres kresd[1403]: [resl] <= server: '46.101.203.125' rtt: 14 ms
Apr 27 10:11:39 kres kresd[1403]: [resl] finished: 4, queries: 1, mempool: 65600 B
```https://gitlab.nic.cz/knot/knot-resolver/-/issues/64resolver: Feature request / Use negative caching information to detect some k...2017-08-22T13:33:40+02:00Toshinori Maenoresolver: Feature request / Use negative caching information to detect some kind of poison.qname minimisation information can help us preventing some kind of cache poisoning. I made simple explanation in the following page.
https://moin.qmail.jp/kresd/Marek/2016-04-18qname minimisation information can help us preventing some kind of cache poisoning. I made simple explanation in the following page.
https://moin.qmail.jp/kresd/Marek/2016-04-18https://gitlab.nic.cz/knot/knot-resolver/-/issues/63in-bailiwick check ; feature or bug ?2017-08-22T13:33:40+02:00Toshinori Maenoin-bailiwick check ; feature or bug ?I found that in-bailwick check is not doing what I expected.
So I changed lib/layer/iterate.c as the patch follows:
What do you think?
```
*** /home/tmaeno/desk/iterate.c 2016-04-16 19:58:10.240860212 +0900
--- iterate.c 2016-04-1...I found that in-bailwick check is not doing what I expected.
So I changed lib/layer/iterate.c as the patch follows:
What do you think?
```
*** /home/tmaeno/desk/iterate.c 2016-04-16 19:58:10.240860212 +0900
--- iterate.c 2016-04-16 17:35:20.905353675 +0900
***************
*** 253,259 ****
}
kr_zonecut_add(cut, ns_name, NULL);
/* Use glue only in permissive mode or when in bailiwick. */
! if ((qry->flags & QUERY_PERMISSIVE) || knot_dname_in(current_cut, ns_name)) {
fetch_glue(pkt, ns_name, qry);
}
}
--- 253,260 ----
}
kr_zonecut_add(cut, ns_name, NULL);
/* Use glue only in permissive mode or when in bailiwick. */
! if (knot_dname_in(cut->name, ns_name)) {
! DEBUG_MSG("fetching glue for cut %s, %s\n", cut->name, ns_name);
fetch_glue(pkt, ns_name, qry);
}
}
```https://gitlab.nic.cz/knot/knot-resolver/-/issues/84if --keyfile argument contains lua metacharacters, it can trigger arbitrary lua2017-08-22T13:33:40+02:00Daniel Kahn Gillmorif --keyfile argument contains lua metacharacters, it can trigger arbitrary lua```daemon/main.c``` has:
if (keyfile) {
auto_free char *cmd = afmt("trust_anchors.config('%s')", keyfile);
if (!cmd) {
kr_log_error("[system] not enough memory\n");
return EXIT_FAILURE;
}
engine_cmd(...```daemon/main.c``` has:
if (keyfile) {
auto_free char *cmd = afmt("trust_anchors.config('%s')", keyfile);
if (!cmd) {
kr_log_error("[system] not enough memory\n");
return EXIT_FAILURE;
}
engine_cmd(engine.L, cmd, false);
lua_settop(engine.L, 0);
}
so if keyfile has a literal ```')``` in it, it will trigger arbitrary lua actions.
This is not a security issue, because if you can modify the filename passed to kresd you can probably do other things, but it's still not ideal. ideally, the lua stack should be manipulated directly.https://gitlab.nic.cz/knot/knot-resolver/-/issues/62Knot Resolver: out-of-bailwick detection2017-08-22T13:33:40+02:00Toshinori MaenoKnot Resolver: out-of-bailwick detectionIf resolver detect out-of-bailiwick NS,
it should write "DEBUG_MSG("<= authority: ns outside bailiwick\n");" as in update_cut function.
----
But I could not find such output in the log of y.qmail.jp query. What am I overlooking?If resolver detect out-of-bailiwick NS,
it should write "DEBUG_MSG("<= authority: ns outside bailiwick\n");" as in update_cut function.
----
But I could not find such output in the log of y.qmail.jp query. What am I overlooking?https://gitlab.nic.cz/knot/knot-resolver/-/issues/83config fails with ```unexpected symbol near '#'``` if there is a second comme...2017-08-22T13:33:40+02:00Daniel Kahn Gillmorconfig fails with ```unexpected symbol near '#'``` if there is a second comment line```
0 dkg@tester:~/kresd$ cat config.good
# test
net.listen("XXX.YYY.WWW.ZZZ", 5300)
0 dkg@tester:~/kresd$ /usr/sbin/kresd -c config.good
[system] interactive mode
>
```
but:
```
0 dkg@tester:~/kresd$ cat config.bad
# te...```
0 dkg@tester:~/kresd$ cat config.good
# test
net.listen("XXX.YYY.WWW.ZZZ", 5300)
0 dkg@tester:~/kresd$ /usr/sbin/kresd -c config.good
[system] interactive mode
>
```
but:
```
0 dkg@tester:~/kresd$ cat config.bad
# test
# test2
net.listen("XXX.YYY.WWW.ZZZ", 5300)
0 dkg@tester:~/kresd$ /usr/sbin/kresd -c config.bad
config.bad:2: unexpected symbol near '#'
[system] worker failed: Success
1 dkg@tester:~/kresd$
```
https://gitlab.nic.cz/knot/knot-resolver/-/issues/61x2017-08-22T13:33:40+02:00Toshinori Maenoxhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/82trust_anchors.config("/path/foo") requires write access to /path but "kresd -...2017-08-22T13:33:40+02:00Daniel Kahn Gillmortrust_anchors.config("/path/foo") requires write access to /path but "kresd -k/path/foo" does not```
user@host$ /usr/sbin/kresd -a '::1#5353'
[system] interactive mode
> trust_anchors.config("/usr/share/dns/root.key")
/usr/lib/knot-resolver/trust_anchors.lua:224: /usr/share/dns/root.key.lock: Permission denied
>
```
but:
```...```
user@host$ /usr/sbin/kresd -a '::1#5353'
[system] interactive mode
> trust_anchors.config("/usr/share/dns/root.key")
/usr/lib/knot-resolver/trust_anchors.lua:224: /usr/share/dns/root.key.lock: Permission denied
>
```
but:
```
user@host$ /usr/sbin/kresd -a '::1#5353' --keyfile=/usr/share/dns/root.key
[system] interactive mode
>
```
i don't see in the documentation any way to get the equivalent of --keyfile from a configuration snippet.https://gitlab.nic.cz/knot/knot-resolver/-/issues/60Knot Resolver : TXID reuse; suspected2017-08-22T13:33:40+02:00Toshinori MaenoKnot Resolver : TXID reuse; suspectedI found these queris in my dnscache log, related with y.qmail.jp testing. I suspect kresd reuse TXID in some rare cases. (I have other examples.)
What do you think?
---
2016-04-14 13:23:46.066838500 ac382656:bf24:13ec + 0001 y.qmail....I found these queris in my dnscache log, related with y.qmail.jp testing. I suspect kresd reuse TXID in some rare cases. (I have other examples.)
What do you think?
---
2016-04-14 13:23:46.066838500 ac382656:bf24:13ec + 0001 y.qmail.jp
2016-04-14 13:23:51.186525500 ac382656:4741:13ec + 0001 y.qmail.jp
2016-04-14 13:23:56.094262500 ac382656:be0a:13ec + 0001 y.qmail.jp
----
2016-04-15 14:18:08.319191500 d0360592:d682:0893 + 0001 Y.QmAIL.JP
2016-04-15 14:18:08.612258500 d0360592:b615:0893 + 0001 Y.QmAIL.JP
2016-04-15 14:18:08.992343500 d0360592:ed30:0893 + 0001 Y.QmAIL.JP
https://gitlab.nic.cz/knot/knot-resolver/-/issues/81about changelog 1.1.02017-08-22T13:33:40+02:00Horigome Yoshihitoabout changelog 1.1.0Hi,
Release notes for the following site has not been updated 1.1.0 is delivered in the Ubuntu repositories, so I don't know which.
https://www.not-resolver.cz
Updates do not update if possible?
My best regards.Hi,
Release notes for the following site has not been updated 1.1.0 is delivered in the Ubuntu repositories, so I don't know which.
https://www.not-resolver.cz
Updates do not update if possible?
My best regards.https://gitlab.nic.cz/knot/knot-resolver/-/issues/59failing to resolve tools.ietf.org due bogus proof of DS non-existence (probab...2017-08-22T13:33:40+02:00Ondřej Surýfailing to resolve tools.ietf.org due bogus proof of DS non-existence (probably only when cached)This is current master:
```
Apr 15 10:52:21 kage kresd[10286]: [resl] => querying: '65.22.6.79' score: 10 zone cut: 'ietf.org.' m12n: 'tOols.ietf.oRG.' type: 'AAAA'
Apr 15 10:52:21 kage kresd[10286]: [iter] <= referral response,...This is current master:
```
Apr 15 10:52:21 kage kresd[10286]: [resl] => querying: '65.22.6.79' score: 10 zone cut: 'ietf.org.' m12n: 'tOols.ietf.oRG.' type: 'AAAA'
Apr 15 10:52:21 kage kresd[10286]: [iter] <= referral response, follow
Apr 15 10:52:21 kage kresd[10286]: [vldr] <= bogus proof of DS non-existence
Apr 15 10:52:21 kage kresd[10286]: [resl] finished: 8, queries: 0, mempool: 32800 B
```
Responding from clean cache is ok:
```
$ rm *.mdb; ./daemon/kresd -a 127.0.0.1\#5353 -f 1 -v .
[plan] plan 'tools.ietf.org.' type 'AAAA'
[resl] => using root hints
[resl] => querying: '2001:dc3::500' score: 10 zone cut: '.' m12n: 'ORg.' type: 'NS'
[resl] optional: '202.12.27.33' score: 10 zone cut: '.' m12n: 'ORg.' type: 'NS'
[resl] optional: '2001:500:3::b00' score: 10 zone cut: '.' m12n: 'ORg.' type: 'NS'
[resl] optional: '199.7.83.42' score: 10 zone cut: '.' m12n: 'ORg.' type: 'NS'
[iter] <= referral response, follow
[resl] <= server: '202.12.27.33' rtt: 329 ms
[resl] => querying: '2001:500:f::1' score: 10 zone cut: 'org.' m12n: 'IeTf.ORg.' type: 'NS'
[resl] optional: '199.19.57.1' score: 10 zone cut: 'org.' m12n: 'IeTf.ORg.' type: 'NS'
[resl] optional: '2001:500:b::1' score: 10 zone cut: 'org.' m12n: 'IeTf.ORg.' type: 'NS'
[resl] optional: '199.19.53.1' score: 10 zone cut: 'org.' m12n: 'IeTf.ORg.' type: 'NS'
[iter] <= referral response, follow
[resl] <= server: '2001:500:f::1' rtt: 165 ms
[plan] plan 'ns1.yyz1.afilias-nst.info.' type 'AAAA'
[resl] => using root hints
[resl] => querying: '2001:dc3::500' score: 10 zone cut: '.' m12n: 'INfo.' type: 'NS'
[resl] optional: '202.12.27.33' score: 10 zone cut: '.' m12n: 'INfo.' type: 'NS'
[resl] optional: '2001:500:3::b00' score: 10 zone cut: '.' m12n: 'INfo.' type: 'NS'
[resl] optional: '199.7.83.42' score: 10 zone cut: '.' m12n: 'INfo.' type: 'NS'
[iter] <= referral response, follow
[resl] <= server: '202.12.27.33' rtt: 331 ms
[resl] => querying: '2001:500:1c::1' score: 10 zone cut: 'info.' m12n: 'AFILIaS-NsT.INfo.' type: 'NS'
[resl] optional: '199.254.50.1' score: 10 zone cut: 'info.' m12n: 'AFILIaS-NsT.INfo.' type: 'NS'
[resl] optional: '2001:500:1b::1' score: 10 zone cut: 'info.' m12n: 'AFILIaS-NsT.INfo.' type: 'NS'
[resl] optional: '199.254.49.1' score: 10 zone cut: 'info.' m12n: 'AFILIaS-NsT.INfo.' type: 'NS'
[iter] <= referral response, follow
[resl] <= server: '2001:500:1c::1' rtt: 177 ms
[resl] => querying: '2a01:8840:9::1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'YYz1.afiLias-nsT.INfO.' type: 'NS'
[resl] optional: '65.22.9.1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'YYz1.afiLias-nsT.INfO.' type: 'NS'
[resl] optional: '2a01:8840:8::1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'YYz1.afiLias-nsT.INfO.' type: 'NS'
[resl] optional: '65.22.8.1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'YYz1.afiLias-nsT.INfO.' type: 'NS'
[iter] <= rcode: NOERROR
[iter] <= found cut, retrying with non-minimized name
[resl] <= server: '2a01:8840:9::1' rtt: 169 ms
[resl] => querying: '65.22.9.1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'nS1.yYz1.afIlIas-nSt.InFo.' type: 'AAAA'
[resl] optional: '2a01:8840:8::1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'nS1.yYz1.afIlIas-nSt.InFo.' type: 'AAAA'
[resl] optional: '65.22.8.1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'nS1.yYz1.afIlIas-nSt.InFo.' type: 'AAAA'
[resl] optional: '2a01:8840:7::1' score: 10 zone cut: 'afilias-nst.info.' m12n: 'nS1.yYz1.afIlIas-nSt.InFo.' type: 'AAAA'
[iter] <= referral response, follow
[resl] <= server: '65.22.9.1' rtt: 164 ms
[resl] => querying: '2a01:8840:8::1' score: 10 zone cut: 'yyz1.afilias-nst.info.' m12n: 'ns1.yYz1.afiLias-NSt.inFO.' type: 'AAAA'
[resl] optional: '65.22.8.1' score: 10 zone cut: 'yyz1.afilias-nst.info.' m12n: 'ns1.yYz1.afiLias-NSt.inFO.' type: 'AAAA'
[resl] optional: '2a01:8840:7::1' score: 10 zone cut: 'yyz1.afilias-nst.info.' m12n: 'ns1.yYz1.afiLias-NSt.inFO.' type: 'AAAA'
[resl] optional: '65.22.7.1' score: 10 zone cut: 'yyz1.afilias-nst.info.' m12n: 'ns1.yYz1.afiLias-NSt.inFO.' type: 'AAAA'
[iter] <= rcode: NOERROR
[resl] <= server: '2a01:8840:8::1' rtt: 18 ms
[resl] => querying: '2a01:8840:9::1' score: 169 zone cut: 'ietf.org.' m12n: 'tOoLS.Ietf.oRg.' type: 'AAAA'
[iter] <= referral response, follow
[resl] <= server: '2a01:8840:9::1' rtt: 164 ms
[plan] plan 'zinfandel.levkowetz.com.' type 'AAAA'
[resl] => using root hints
[resl] => querying: '2001:dc3::500' score: 10 zone cut: '.' m12n: 'Com.' type: 'NS'
[resl] optional: '202.12.27.33' score: 10 zone cut: '.' m12n: 'Com.' type: 'NS'
[resl] optional: '2001:500:3::b00' score: 10 zone cut: '.' m12n: 'Com.' type: 'NS'
[resl] optional: '199.7.83.42' score: 10 zone cut: '.' m12n: 'Com.' type: 'NS'
[iter] <= referral response, follow
[resl] <= server: '202.12.27.33' rtt: 329 ms
[resl] => querying: '192.55.83.30' score: 10 zone cut: 'com.' m12n: 'leVKowEtZ.coM.' type: 'NS'
[resl] optional: '192.41.162.30' score: 10 zone cut: 'com.' m12n: 'leVKowEtZ.coM.' type: 'NS'
[resl] optional: '192.52.178.30' score: 10 zone cut: 'com.' m12n: 'leVKowEtZ.coM.' type: 'NS'
[resl] optional: '192.48.79.30' score: 10 zone cut: 'com.' m12n: 'leVKowEtZ.coM.' type: 'NS'
[iter] <= referral response, follow
[resl] <= server: '192.55.83.30' rtt: 74 ms
[resl] => querying: '64.170.98.42' score: 10 zone cut: 'levkowetz.com.' m12n: 'ZinFAndel.LEVKowetz.COm.' type: 'AAAA'
[resl] optional: '64.170.98.142' score: 10 zone cut: 'levkowetz.com.' m12n: 'ZinFAndel.LEVKowetz.COm.' type: 'AAAA'
[resl] optional: '77.72.230.31' score: 10 zone cut: 'levkowetz.com.' m12n: 'ZinFAndel.LEVKowetz.COm.' type: 'AAAA'
[resl] optional: '209.208.19.222' score: 10 zone cut: 'levkowetz.com.' m12n: 'ZinFAndel.LEVKowetz.COm.' type: 'AAAA'
[iter] <= rcode: NOERROR
[resl] <= server: '64.170.98.42' rtt: 187 ms
[resl] => querying: '2001:1890:123a::1:2a' score: 10 zone cut: 'tools.ietf.org.' m12n: 'tOOLs.iETF.oRG.' type: 'AAAA'
[iter] <= rcode: NOERROR
[resl] <= server: '2001:1890:123a::1:2a' rtt: 180 ms
[resl] finished: 4, queries: 3, mempool: 49200 B
[plan] plan 'tools.ietf.org.' type 'A'
[resl] => querying: '209.208.19.222' score: 10 zone cut: 'tools.ietf.org.' m12n: 'TooLS.iEtf.org.' type: 'A'
[iter] <= rcode: NOERROR
[resl] <= server: '209.208.19.222' rtt: 127 ms
[resl] finished: 4, queries: 1, mempool: 49200 B
[plan] plan 'tools.ietf.org.' type 'AAAA'
[ rc ] => satisfied from cache
[iter] <= rcode: NOERROR
[resl] finished: 4, queries: 1, mempool: 49200 B
```
https://gitlab.nic.cz/knot/knot-resolver/-/issues/79You can specify the port in the query policies FORWARD do you want2017-08-22T13:33:40+02:00Horigome YoshihitoYou can specify the port in the query policies FORWARD do you wantversion
```
Knot DNS Resolver, version 1.1.0
```
OS
```
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial
$ uname -rm
3.14.73-...version
```
Knot DNS Resolver, version 1.1.0
```
OS
```
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial
$ uname -rm
3.14.73-odroidc2 aarch64
```
issue
Living in FORWARD but no IP address is the authoritative Server launches in the 10053, so specify.
My best regards.https://gitlab.nic.cz/knot/knot-resolver/-/issues/57Duplicities when resolving gitlab.labs.nic.cz2017-08-22T13:33:40+02:00Ondřej SurýDuplicities when resolving gitlab.labs.nic.cz```
$ dig +rd IN A gitlab.labs.nic.cz @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 40903
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; gitlab.labs.nic.cz. IN A
...```
$ dig +rd IN A gitlab.labs.nic.cz @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 40903
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; gitlab.labs.nic.cz. IN A
;; ANSWER SECTION:
gitlab.labs.nic.cz. 16 IN CNAME git.nic.cz.
git.nic.cz. 16 IN A 217.31.192.88
git.nic.cz. 16 IN A 217.31.192.88
;; Received 94 B
;; Time 2016-04-15 09:10:09 CEST
;; From 127.0.0.1@53(UDP) in 0.2 ms
```
+ something strange happens when records expire from cache:
```
$ dig +rd IN A gitlab.labs.nic.cz @127.0.0.1
;; WARNING: truncated reply from 127.0.0.1@53(UDP), retrying over TCP
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 15051
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; gitlab.labs.nic.cz. IN A
;; ANSWER SECTION:
gitlab.labs.nic.cz. 30 IN CNAME git.nic.cz.
git.nic.cz. 30 IN A 217.31.192.88
git.nic.cz. 30 IN A 217.31.192.88
;; Received 94 B
;; Time 2016-04-15 09:10:40 CEST
;; From 127.0.0.1@53(TCP) in 0.2 ms
```https://gitlab.nic.cz/knot/knot-resolver/-/issues/78lua added a policy error occurs2017-08-22T13:33:40+02:00Horigome Yoshihitolua added a policy error occursversion
```
Knot DNS Resolver, version 1.1.0
```
OS
```
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial
3.14.73-odroidc2 aa...version
```
Knot DNS Resolver, version 1.1.0
```
OS
```
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial
3.14.73-odroidc2 aarch64
```
issue
```
$ sudo /usr/sbin/kresd -v -c /etc/knot-resolver/kresd.conf -f 1 /run/kresd
[hint] reading '/etc/hosts'
[hint] loaded 10 hints
[ ta ] key: 19036 state: Valid
/usr/lib/knot-resolver/policy.lua:168: attempt to index local 'policy' (a function value)
```
```
-- load some modules
modules = {
'hints > iterate', -- Hints AFTER iterate
'policy > hints', -- Policy AFTER hints
'pktcache < rrcache' -- View BEFORE rrcache
}
modules.list()
policy.add(policy.suffix(policy.FORWARD('192.168.122.223'), {'\7kometch\5local'}))
```https://gitlab.nic.cz/knot/knot-resolver/-/issues/77ASAN: memory leak in tty_alloc2017-08-22T13:33:40+02:00Jan VčelákASAN: memory leak in tty_alloc1. Start server in interactive mode.
2. Press ^D to indicate EOF.
3. Press ^C to terminate.
```
% ../daemon/kresd -c config.lua
[system] interactive mode
> ^C
=================================================================
==...1. Start server in interactive mode.
2. Press ^D to indicate EOF.
3. Press ^C to terminate.
```
% ../daemon/kresd -c config.lua
[system] interactive mode
> ^C
=================================================================
==24671==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 65536 byte(s) in 1 object(s) allocated from:
#0 0x7f7b19436d88 in malloc (/lib64/libasan.so.3+0xc6d88)
#1 0x55d7d3b7bea3 in tty_alloc (/home/fcelda/devel/resolver/daemon/kresd+0x1eea3)
#2 0x7f7b18a6321f (/lib64/libuv.so.1+0x22221f)
#3 0x62100001cd6f (<unknown module>)
Direct leak of 32800 byte(s) in 2 object(s) allocated from:
#0 0x7f7b19436d88 in malloc (/lib64/libasan.so.3+0xc6d88)
#1 0x7f7b191170a4 (/lib64/libkres.so.1+0x160a4)
SUMMARY: AddressSanitizer: 98336 byte(s) leaked in 3 allocation(s).
```