Knot Resolver issueshttps://gitlab.nic.cz/knot/knot-resolver/-/issues2020-01-27T12:13:19+01:00https://gitlab.nic.cz/knot/knot-resolver/-/issues/485drop systemd socket activation support2020-01-27T12:13:19+01:00Tomas Krizekdrop systemd socket activation supportReplace systemd socket activation with old-style network interface configuration in config file.
`CAP_NET_BIND_SERVICE` should be added during service startup and dropped once sockets are bound via `net.listen()`
For more details, see ...Replace systemd socket activation with old-style network interface configuration in config file.
`CAP_NET_BIND_SERVICE` should be added during service startup and dropped once sockets are bound via `net.listen()`
For more details, see discussion on mailing list: https://lists.nic.cz/pipermail/knot-resolver-users/2019/000182.html
Related: #484 #342 #445
#### Related changes
(preliminary plans)
- [x] failing `net.listen()` should throw a lua error and therefore fail kresd if specified in configuration (by default)
- [x] allow specifying `FREEBIND` in `net.listen()`
- [x] unify TTY sockets, e.g. `net.listen('path', nil, { kind = 'control' })`
- [x] add distro-specific preconfig (control socket location, cache size)
- [x] use upgrade script to suggest updates to config and test in various envs5.0.0Tomas KrizekTomas Krizekhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/476ulimit -n2020-01-07T14:45:12+01:00Vladimír Čunátvladimir.cunat@nic.czulimit -n##### Problem
Very often the number of file-descriptors is limited quite low by default. Consequently, kresd's _uncached_ QPS may be unnecessarily limited by that (lots of SERVFAILs), at least by default.
##### Details
The limits I oft...##### Problem
Very often the number of file-descriptors is limited quite low by default. Consequently, kresd's _uncached_ QPS may be unnecessarily limited by that (lots of SERVFAILs), at least by default.
##### Details
The limits I often see on Linux: 1024 soft + 4096 hard, which seems ridiculous for typical resources of nowadays machines. We open a new FD for every UDP packet upstream in order to maximize entropy from port randomization.
I expect the problem is partially mitigated by the fact that these limits apply per-process, but even so – it seems easy to improve the defaults at least a bit.
##### What we can do:
- [x] `LimitNOFILE=foo` in `kresd@.service`
- [x] document it somewhere
- [x] (maybe) use `ulimit()` or similar to let kresd increase it – just moving from 1024 to 4096 seems quite a substantial improvement, and 4096 even seems OK-ish for some cases I tested
- [ ] (possibly, in future) in case of plaintext forwarding, automatically prefer TCP when QPS gets high and/or getting problems like `EMFILE` errors. Users behind some NATs are also severely limited in terms of "concurrent connection count".
Thoughts?5.0.0Tomas KrizekTomas Krizekhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/451trust_anchors.lua: keyset_read() parameter shadows string library2019-03-12T12:12:22+01:00Petr Špačektrust_anchors.lua: keyset_read() parameter shadows string libraryIn file
/usr/lib/kdns_modules/trust_anchors.lua
around line 376, the `local function keyset_read(path, string)` shadows `string` library, which causes weird problems. We have to remove shadowing before release.In file
/usr/lib/kdns_modules/trust_anchors.lua
around line 376, the `local function keyset_read(path, string)` shadows `string` library, which causes weird problems. We have to remove shadowing before release.4.0.0Tomas KrizekTomas Krizekhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/449RFC 5011 will crash resolver if key is rolled to an unsupported algorithm2019-04-04T15:03:11+02:00Petr ŠpačekRFC 5011 will crash resolver if key is rolled to an unsupported algorithmReported by: Matthijs Mekking <matthijs@isc.org>
PANIC if kresd performs 5011 and retrieves an unsupported algorithm
===================================================================
Summary
-------
tldr; When refreshing trust anchor...Reported by: Matthijs Mekking <matthijs@isc.org>
PANIC if kresd performs 5011 and retrieves an unsupported algorithm
===================================================================
Summary
-------
tldr; When refreshing trust anchors and kresd receives an unsupported
DNSSEC algorithm, kresd will exit with a PANIC:
PANIC: unprotected error in call to Lua API
(/usr/local/lib/kdns_modules/trust_anchors.lua:208: invalid RR:
5011.isc.pletterpet.nl. 60 DNSKEY 257 3 16
GjgC97LCct7HZhArY9KRvynmXLKF/OGPCOX8jVqNaQ5Tj58lqxaNQ/tx2l8sftpLHHQj9KOsRzjN:
invalid key algorithm)
Knot resolver versions used
---------------------------
knot-resolver-3.2.1
Steps to reproduce
------------------
1. Set up an authoritative zone, DNSSEC signed with a supported
algorithm, for example RSA-SHA256 (8).
2. Start Knot resolver with a trust anchor file that contains the KSK
for the authoritative zone.
kresd -c config.test
3. Update the authoritative zone, add a new algorithm that is not
supported by BIND, for example Ed448 (16).
4. Wait until kresd refreshes trust anchors.
You should hit the same error if you do step 2 and the authoritative
server already has the DNSKEY with the unsupported algorithm in the zone.
What is the current bug behavior?
---------------------------------
The Knot resolver will exit with a PANIC.
What is the expected correct behavior?
--------------------------------------
The Knot resolver will log an error (or warning) and ignore the new key.
Relevant configuration files
----------------------------
config.test:
net = { '127.0.0.1', '::1' }
trust_anchors.config('trustanchors.conf', 0)
modules = {
'hints > iterate',
'stats',
'predict',
}
cache.size = 10 * MB4.0.0https://gitlab.nic.cz/knot/knot-resolver/-/issues/448net.list() ignores multiple ports on the same IP address2019-03-12T14:03:36+01:00Petr Špačeknet.list() ignores multiple ports on the same IP addressMultiple invocations of `net.listen()` using the same IP address but different port will confuse output of `net.list()`. Only single endpoint description listening for a given IP address is returned by `net.list`:
Example:
```
$ KRESD_N...Multiple invocations of `net.listen()` using the same IP address but different port will confuse output of `net.list()`. Only single endpoint description listening for a given IP address is returned by `net.list`:
Example:
```
$ KRESD_NO_LISTEN=1 kresd
> net.list()
> net.listen('::1', 5353)
true
> net.list()
[::1] => {
[tcp] => true
[tls] => false
[udp] => true
[port] => 5353
}
> net.listen('::1', 53000)
true
> net.list()
[::1] => {
[tcp] => true
[tls] => false
[udp] => true
[port] => 5353
}
```
Fixing this obviously requires change to `net.list()` output format, which can be done in upcoming 4.0.
The main question is how the new output should look like. Preliminary proposal:
{ address = 'string',
transport = udp/tcp/quic,
transport_params = { [transport-dependent parameters - port etc.] },
security = tls/dtls/...,
format = plain DNS/DNS-over-HTTP-binary/DNS-over-HTTP-JSON
}
`net.list()` would then produce numbered list of tuples, each tuple describing single combination.
While this would be technically correct I don't know if it would be too verbose and ugly. Maybe we should introduce `net.summary()` which could produce a nicer output out of `net.list()` or something like that.4.0.0Tomas KrizekTomas Krizekhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/443DNSSEC validation failing for NSEC signed zone with deeper wildcard2022-05-18T16:25:24+02:00Štěpán BalážikDNSSEC validation failing for NSEC signed zone with deeper wildcardWhen testing on the zones linked below (in local `knotd`), and when asked for `dig @127.0.0.1 -p 53 A shit.wildc.nsec.test.knot-resolver.cz +dnssec` Resolver ends up servfailing because it can't validate proof of non-existence of `wildc....When testing on the zones linked below (in local `knotd`), and when asked for `dig @127.0.0.1 -p 53 A shit.wildc.nsec.test.knot-resolver.cz +dnssec` Resolver ends up servfailing because it can't validate proof of non-existence of `wildc.nsec.test.knot-resolver.cz. DS` record:
```
[44720.12][resl] => id: '36540' querying: '127.0.0.1#05353' score: 21 zone cut: 'nsec.test.knot-resolver.cz.' qname: 'wilDC.nSEc.teSt.KnOT-REsolVER.cz.' qtype: 'DS' proto: 'udp'
[44720.12][iter] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 36540
;; Flags: qr aa rd QUERY: 1; ANSWER: 0; AUTHORITY: 6; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused
;; QUESTION SECTION
wildc.nsec.test.knot-resolver.cz. DS
;; AUTHORITY SECTION
nsec.test.knot-resolver.cz. 3600 SOA dns1.example.com. hostmaster.example.com. 2010111238 21600 3600 604800 86400
*.wild.nsec.test.knot-resolver.cz. 86400 NSEC *.wildc.nsec.test.knot-resolver.cz. A RRSIG NSEC
*.wildc.nsec.test.knot-resolver.cz. 86400 NSEC nsec.test.knot-resolver.cz. CNAME RRSIG NSEC
nsec.test.knot-resolver.cz. 3600 RRSIG SOA 13 4 3600 20370101153211 20190118140211 25023 nsec.test.knot-resolver.cz. YlGILkcuX6EpClR9YBmNZP/2G6UaCWLFB2LxLMfU40h+qARSMwsaaRrBPt9mO7kMS1e6r/vG9muP/tkgIPmEJA==
*.wild.nsec.test.knot-resolver.cz. 86400 RRSIG NSEC 13 5 86400 20370101153211 20190118140211 25023 nsec.test.knot-resolver.cz. HnNsj0OoA82ltnf+iFEdyvUqpw/3DSkeZCGGKKCbvvP0ENgT6jeRP8euL19WBVvloPTb8LUMQWb9FhgauuRtmg==
*.wildc.nsec.test.knot-resolver.cz. 86400 RRSIG NSEC 13 5 86400 20370101153211 20190118140211 25023 nsec.test.knot-resolver.cz. rbFDZXGXSY1J4wWzeIN+EqnKCjr6ZsA/9lZV/yy5ILzi9K2z4IxIp09uKS2qasK/nVuWAdqonFgLteCLuUew6g==
[44720.12][iter] <= rcode: NOERROR
[44720.12][vldr] <= bad NODATA proof
[44720.12][cach] => stashed nsec.test.knot-resolver.cz. SOA, rank 020, 190 B total, incl. 1 RRSIGs
[44720.12][cach] => stashed packet: rank 025, TTL 1, DS wildc.nsec.test.knot-resolver.cz. (615 B)
[44720.12][resl] finished: 8, queries: 3, mempool: 32800 B
```
When asked for the respective record in the NSEC3 signed zone Resolver validates with no problem.
Bellow I link all three zonefiles as well as the configurations of both `kresd` and `knotd` I used.
[kresd.log](/uploads/5360e41e89323adf2636cc868e0caab2/kresd.log)
[kresd.conf](/uploads/3465c6d90d6681e94e87091af39f6c00/kresd.conf)
[knotd.conf](/uploads/519da89b51c4ff77f97bd9c847274230/knotd.conf)
[test.knot-resolver.cz.zone](/uploads/8d6a2b3497134f9895bd4e4592b027b7/test.knot-resolver.cz.zone)
[nsec.test.knot-resolver.cz.zone](/uploads/afe51a85acb768e0b4552b3fad4d1dbb/nsec.test.knot-resolver.cz.zone)
[nsec3.test.knot-resolver.cz.zone](/uploads/ca69754b0afd55d2362c3da28cf6491d/nsec3.test.knot-resolver.cz.zone)5.5.1Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/350migrate to a standard build system2019-03-12T12:12:25+01:00Petr Špačekmigrate to a standard build systemThe current build system is a mess and confuses users. Something standard (autotools? meson? something else?) would be more familiar and could solve some of these issues "for free":
- #338
- #212 (maybe we should remove support for stat...The current build system is a mess and confuses users. Something standard (autotools? meson? something else?) would be more familiar and could solve some of these issues "for free":
- #338
- #212 (maybe we should remove support for static build)
- #290
- #267
Also something which can gather some parts of C headers for further use in Lua FFI would be useful.4.0.0Tomas KrizekTomas Krizek2019-06-30https://gitlab.nic.cz/knot/knot-resolver/-/issues/319validator: add TTL checks2022-05-08T12:09:35+02:00Vladimír Čunátvladimir.cunat@nic.czvalidator: add TTL checksProbably to be within `kr_rrset_validate_with_key()` or inside a sub-call.
- [x] check TTL going over RRSIG expiration;
- [x] check TTL going over the signed TTL.
Possible actions:
1. clamp the TTL
2. refuse such signature -> BOGUSProbably to be within `kr_rrset_validate_with_key()` or inside a sub-call.
- [x] check TTL going over RRSIG expiration;
- [x] check TTL going over the signed TTL.
Possible actions:
1. clamp the TTL
2. refuse such signature -> BOGUS4.2.1Vladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/204hints: interpretation of hosts file with multiple entries2017-12-17T01:10:18+01:00Vladimír Čunátvladimir.cunat@nic.czhints: interpretation of hosts file with multiple entriesIf one line contains multiple names for the address, the *first* name should be the canonical one (i.e. used for reverse lookups). In the current implementation the last one wins. Discovered on https://forum.turris.cz/t/dns-forwarding-...If one line contains multiple names for the address, the *first* name should be the canonical one (i.e. used for reverse lookups). In the current implementation the last one wins. Discovered on https://forum.turris.cz/t/dns-forwarding-to-a-different-dns-for-the-internal-lan/4039/181.3.2https://gitlab.nic.cz/knot/knot-resolver/-/issues/203DNS64 synthesis not working for CNAME responses2017-12-17T01:10:18+01:00Ondřej CaletkaDNS64 synthesis not working for CNAME responsesUsing kresd 1.2.6 on Turris Omnia, I've set up DNS64 using this snippet:
modules.load('dns64')
dns64.config('64:ff9b::')
It works well mostly but somehow it fails to synthetise AAAA response if the answer is indirected by a CNA...Using kresd 1.2.6 on Turris Omnia, I've set up DNS64 using this snippet:
modules.load('dns64')
dns64.config('64:ff9b::')
It works well mostly but somehow it fails to synthetise AAAA response if the answer is indirected by a CNAME. For instance:
```
$ dig www.regiojet.cz aaaa
; <<>> DiG 9.11.0-P3 <<>> www.regiojet.cz aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29320
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.regiojet.cz. IN AAAA
;; ANSWER SECTION:
www.regiojet.cz. 3310 IN CNAME brn-web02.sa.cz.
;; Query time: 3 msec
;; SERVER: 2001:718:e:ed14::1#53(2001:718:e:ed14::1)
;; WHEN: So čen 03 14:53:53 CEST 2017
;; MSG SIZE rcvd: 71
```1.3.xhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/192make sure the new root trust anchor is installed and works in kresd2017-08-04T14:28:12+02:00Petr Špačekmake sure the new root trust anchor is installed and works in kresd2017-10-11 is the big day where new root KSK will get live. We have to make sure nothing breaks at that day. This might include pushing new packages to Omnia and so on. Plan ahead!2017-10-11 is the big day where new root KSK will get live. We have to make sure nothing breaks at that day. This might include pushing new packages to Omnia and so on. Plan ahead!1.3.x2017-10-11https://gitlab.nic.cz/knot/knot-resolver/-/issues/169AD flag is incorrectly returned in NXDOMAIN answers covered by an NSEC3 recor...2017-04-04T10:33:36+02:00Vladimír Čunátvladimir.cunat@nic.czAD flag is incorrectly returned in NXDOMAIN answers covered by an NSEC3 record with opt-out```
$ kdig lachicabionica.com +adflag
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 56321
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 0; AUTHORITY: 1; ADDITIONAL: 0
[...]
```
All versions of knot-resolver are affected, most likely. ...```
$ kdig lachicabionica.com +adflag
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 56321
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 0; AUTHORITY: 1; ADDITIONAL: 0
[...]
```
All versions of knot-resolver are affected, most likely. It seems only this specific case is wrong.1.3.0 releasehttps://gitlab.nic.cz/knot/knot-resolver/-/issues/160If an authoritative server returns invalid RRType in the answer, kresd goes a...2017-04-05T12:12:44+02:00Ondřej SurýIf an authoritative server returns invalid RRType in the answer, kresd goes alongGitBook CDN returns A record on any query (now at least limited to A and AAAA), and IPv4 is now fine:
```
ondrej@komorebi:~/Projects/knot-resolver (master)$ dig +dnssec +multi +time=60 +retry=1 -p 50168 @::1 cdn.gitbook.com.
; <<>...GitBook CDN returns A record on any query (now at least limited to A and AAAA), and IPv4 is now fine:
```
ondrej@komorebi:~/Projects/knot-resolver (master)$ dig +dnssec +multi +time=60 +retry=1 -p 50168 @::1 cdn.gitbook.com.
; <<>> DiG 9.10.3-P4-Debian <<>> +dnssec +multi +time=60 +retry=1 -p 50168 @::1 cdn.gitbook.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33743
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;cdn.gitbook.com. IN A
;; ANSWER SECTION:
cdn.gitbook.com. 3600 IN A 95.85.1.232
;; Query time: 880 msec
;; SERVER: ::1#50168(::1)
;; WHEN: Mon Feb 20 11:09:56 CET 2017
;; MSG SIZE rcvd: 60
```
But AAAA query returns `A` record which is invalid for this type of query.
```
ondrej@komorebi:~/Projects/knot-resolver (master)$ dig +dnssec +multi +time=60 +retry=1 -p 50168 @::1 IN AAAA cdn.gitbook.com.
; <<>> DiG 9.10.3-P4-Debian <<>> +dnssec +multi +time=60 +retry=1 -p 50168 @::1 IN AAAA cdn.gitbook.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55917
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;cdn.gitbook.com. IN AAAA
;; ANSWER SECTION:
cdn.gitbook.com. 3600 IN A 95.85.1.232
;; Query time: 110 msec
;; SERVER: ::1#50168(::1)
;; WHEN: Mon Feb 20 11:11:22 CET 2017
;; MSG SIZE rcvd: 60
```
@pspacek Could you write tests with @sbalazik or @ikrumlova ?1.3.0 releaseIvana KrumlovaIvana Krumlovahttps://gitlab.nic.cz/knot/knot-resolver/-/issues/154predict module can get stuck2017-12-17T01:10:18+01:00Vladimír Čunátvladimir.cunat@nic.czpredict module can get stuckRefs:
- https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001050.html
- https://gitter.im/CZ-NIC/knot-resolver?at=585e7766c895451b751765fdRefs:
- https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001050.html
- https://gitter.im/CZ-NIC/knot-resolver?at=585e7766c895451b751765fd1.3.xhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/151trust anchor bootstrap does not work: [vldr] bad keys, broken trust chain2017-04-05T11:53:40+02:00Petr Špačektrust anchor bootstrap does not work: [vldr] bad keys, broken trust chainSomething weird is when attempting TA bootstrap:
~~~
rm -f *.mdb /tmp/root.keys && kresd -a 127.0.0.1#5353 -v -k /tmp/root.keys
==9656== Memcheck, a memory error detector
==9656== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward ...Something weird is when attempting TA bootstrap:
~~~
rm -f *.mdb /tmp/root.keys && kresd -a 127.0.0.1#5353 -v -k /tmp/root.keys
==9656== Memcheck, a memory error detector
==9656== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9656== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==9656== Command: kresd -a 127.0.0.1#5353 -v -k /tmp/root.keys
==9656==
[ ta ] keyfile '/tmp/root.keys': doesn't exist, bootstrapping
[ ta ] warning: root anchor bootstrapped, you SHOULD check the key manually, see: https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.html#sigs
[system] interactive mode
> [ 0][plan] plan '.' type 'DNSKEY'
[51149][iter] '.' type 'DNSKEY' id was assigned, parent id 0
[51149][resl] => using root hints
[64772][iter] '.' type 'DNSKEY' id was assigned, parent id 0
[64772][resl] => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[64772][resl] => querying: '202.12.27.33' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[64772][iter] <= rcode: NOERROR
[64772][vldr] <= bad keys, broken trust chain
[ 0][resl] finished: 8, queries: 0, mempool: 81952 B
[ ta ] active refresh failed, rcode: 2
[ ta ] next refresh: 86400000
[ 0][plan] plan '.' type 'NS'
[23829][iter] '.' type 'NS' id was assigned, parent id 0
[23829][resl] => using root hints
[ 3535][iter] '.' type 'NS' id was assigned, parent id 0
[ 3535][plan] plan '.' type 'DNSKEY'
[34898][iter] '.' type 'DNSKEY' id was assigned, parent id 3535
[34898][resl] => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[34898][resl] => querying: '202.12.27.33' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[34898][iter] <= rcode: NOERROR
[34898][vldr] <= bad keys, broken trust chain
[ 0][resl] finished: 8, queries: 0, mempool: 81952 B
~~~
The important (and weird) part seems to be:
~~~
[34898][iter] <= rcode: NOERROR
[34898][vldr] <= bad keys, broken trust chain
~~~
Huh? Is validator running before the bootstrap is finished?
In any case, the bootstrap fails because of this and the `kresd` is returning `SERVFAIL` for all the queries.
Affected version: fd84f602b002936c82414f20f9940ad803eaff371.2.2 patch releaseVladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/147calling map() from CLI crashes the kresd2017-04-04T10:33:36+02:00Petr Špačekcalling map() from CLI crashes the kresdFollowing command in kresd CLI crashes the daemon:
~~~
[system] interactive mode
> map()
~~~
Backtrace:
~~~
Thread 1 (Thread 0x7ffff7f3e9c0 (LWP 7330)):
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x000055555555dfc8 in...Following command in kresd CLI crashes the daemon:
~~~
[system] interactive mode
> map()
~~~
Backtrace:
~~~
Thread 1 (Thread 0x7ffff7f3e9c0 (LWP 7330)):
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x000055555555dfc8 in l_map (L=0x40000378) at daemon/engine.c:381
#2 0x00007ffff67ddca6 in lj_BC_FUNCC () from /lib64/libluajit-5.1.so.2
#3 0x00007ffff68235b0 in lua_pcall (L=<optimized out>, nargs=<optimized out>, nresults=<optimized out>, errfunc=<optimized out>) at lj_api.c:1052
#4 0x000055555555efd1 in engine_pcall (L=0x40000378, argc=2) at daemon/engine.c:644
#5 0x000055555555f049 in engine_cmd (L=0x40000378, str=0x55555579e0f0 "map()", raw=false) at daemon/engine.c:659
#6 0x00005555555699ac in tty_read (stream=0x7fffffffd760, nread=6, buf=0x7fffffffa3a0) at daemon/main.c:97
#7 0x00007ffff729d31d in uv.read () from /lib64/libuv.so.1
#8 0x00007ffff729dc1c in uv.stream_io () from /lib64/libuv.so.1
#9 0x00007ffff72a2938 in uv.io_poll () from /lib64/libuv.so.1
#10 0x00007ffff72942d4 in uv_run () from /lib64/libuv.so.1
#11 0x000055555556a5d7 in run_worker (loop=0x7ffff74ad220, engine=0x7fffffffda20, ipc_set=0x7fffffffdc20, leader=true, control_fd=-1) at daemon/main.c:367
#12 0x000055555556ba39 in main (argc=1, argv=0x7fffffffdfe8) at daemon/main.c:692
~~~
This happens on current master 5c77bcfb8c2d6639c7fdaad970998cbcda0f67c6, i.e. is not caused by libedit support.1.2.2 patch releaseVladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/146`knot_rrset_txt_dump` needs fixup in lua2017-04-04T10:33:36+02:00Vladimír Čunátvladimir.cunat@nic.cz`knot_rrset_txt_dump` needs fixup in luaIt seems we only use this in `kresd-host.lua` (possible segfault etc.). The signature changes based on `libknot` version; we need to react to that.It seems we only use this in `kresd-host.lua` (possible segfault etc.). The signature changes based on `libknot` version; we need to react to that.1.2.2 patch releaseVladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/143have a library of work-arounds, applied by a hall-of-shame list2017-04-04T10:33:36+02:00Vladimír Čunátvladimir.cunat@nic.czhave a library of work-arounds, applied by a hall-of-shame listIt's just easier than trying to make them fix their servers.It's just easier than trying to make them fix their servers.1.3.0 releaseVladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-resolver/-/issues/142Resolution of `726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.w...2017-04-04T10:33:36+02:00Ondřej SurýResolution of `726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com. IN MX` "fails" with NXDOMAINCDNs are broken. This is our most desperate hour. Help me, Obi-Wan Kenobi. You're my only hope.
```
[ 0][plan] plan '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX'
[58623][iter] '726170696...CDNs are broken. This is our most desperate hour. Help me, Obi-Wan Kenobi. You're my only hope.
```
[ 0][plan] plan '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX'
[58623][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[58623][resl] => using root hints
[25279][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[25279][plan] plan '.' type 'DNSKEY'
[60831][iter] '.' type 'DNSKEY' id was assigned, parent id 25279
[60831][resl] => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[60831][iter] <= rcode: NOERROR
[60831][vldr] <= parent: updating DNSKEY
[60831][vldr] <= answer valid, OK
[60831][resl] <= server: '2001:dc3::35' rtt: 19 ms
[33422][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[33422][resl] => querying: '2001:500:9f::42' score: 10 zone cut: '.' m12n: 'coM.' type: 'NS' proto: 'udp'
[33422][iter] <= using glue for 'a.gtld-servers.net.': '192.5.6.30'
[33422][iter] <= using glue for 'a.gtld-servers.net.': '2001:503:a83e::2:30'
[33422][iter] <= using glue for 'b.gtld-servers.net.': '192.33.14.30'
[33422][iter] <= using glue for 'b.gtld-servers.net.': '2001:503:231d::2:30'
[33422][iter] <= using glue for 'c.gtld-servers.net.': '192.26.92.30'
[33422][iter] <= using glue for 'd.gtld-servers.net.': '192.31.80.30'
[33422][iter] <= using glue for 'e.gtld-servers.net.': '192.12.94.30'
[33422][iter] <= using glue for 'f.gtld-servers.net.': '192.35.51.30'
[33422][iter] <= using glue for 'g.gtld-servers.net.': '192.42.93.30'
[33422][iter] <= using glue for 'h.gtld-servers.net.': '192.54.112.30'
[33422][iter] <= using glue for 'i.gtld-servers.net.': '192.43.172.30'
[33422][iter] <= using glue for 'j.gtld-servers.net.': '192.48.79.30'
[33422][iter] <= using glue for 'k.gtld-servers.net.': '192.52.178.30'
[33422][iter] <= using glue for 'l.gtld-servers.net.': '192.41.162.30'
[33422][iter] <= using glue for 'm.gtld-servers.net.': '192.55.83.30'
[33422][iter] <= referral response, follow
[33422][vldr] <= DS: OK
[33422][vldr] <= answer valid, OK
[33422][resl] <= server: '2001:500:9f::42' rtt: 2 ms
[61984][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[61984][plan] plan 'com.' type 'DNSKEY'
[34645][iter] 'com.' type 'DNSKEY' id was assigned, parent id 61984
[34645][resl] => querying: '192.55.83.30' score: 10 zone cut: 'com.' m12n: 'cOM.' type: 'DNSKEY' proto: 'udp'
[34645][iter] <= rcode: NOERROR
[34645][vldr] <= parent: updating DNSKEY
[34645][vldr] <= answer valid, OK
[34645][resl] <= server: '192.55.83.30' rtt: 34 ms
[38918][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[38918][resl] => querying: '192.41.162.30' score: 10 zone cut: 'com.' m12n: 'WEbCfs00.cOm.' type: 'NS' proto: 'udp'
[38918][iter] <= using glue for 'ns01.webcfs00.com.': '204.212.170.100'
[38918][iter] <= using glue for 'ns02.webcfs00.com.': '204.212.170.105'
[38918][iter] <= referral response, follow
[38918][vldr] <= DS doesn't exist, going insecure
[38918][vldr] <= answer valid, OK
[38918][resl] <= server: '192.41.162.30' rtt: 116 ms
[65055][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[65055][resl] => querying: '204.212.170.105' score: 10 zone cut: 'webcfs00.com.' m12n: '80Hc70747bE.weBCFS00.cOm.' type: 'NS' proto: 'udp'
[65055][iter] <= rcode: NOERROR
[65055][iter] <= found cut, retrying with non-minimized name
[65055][resl] <= server: '204.212.170.105' rtt: 171 ms
[ 7523][iter] '726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com.' type 'MX' id was assigned, parent id 0
[ 7523][resl] => querying: '204.212.170.100' score: 10 zone cut: 'webcfs00.com.' m12n: '726170696473736c2d63726c.67656f7472757374.636F6d.80Hc70747BE.weBCFS00.com.' type: 'MX' proto: 'udp'
[ 7523][iter] <= rcode: NXDOMAIN
[ 7523][ pc ] => answer cached for TTL=5
[ 7523][resl] <= server: '204.212.170.100' rtt: 179 ms
[ 0][resl] finished: 4, queries: 3, mempool: 164000 B
```
Compare:
```
$ dig +multi +time=60 +retry=1 @204.212.170.100 726170696473736c2d63726C.67656f7472757374.636f6d.80hc70747be.webcfs00.com. IN MX
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 36386
;; Flags: qr aa; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; QUESTION SECTION:
;; 726170696473736c2d63726C.67656f7472757374.636f6d.80hc70747be.webcfs00.com. IN MX
;; ANSWER SECTION:
726170696473736c2d63726C.67656f7472757374.636f6d.80hc70747be.webcfs00.com. 84600 IN MX 4144 f.1b0f0000.a.f.726170696473736c2d63726C.67656f7472757374.636f6d.80hc70747be.webcfs00.com.
;; ADDITIONAL SECTION:
f.1b0f0000.a.f.726170696473736c2d63726C.67656f7472757374.636f6d.80hc70747be.webcfs00.com. 84600 IN A 204.212.170.105
;; Received 138 B
;; Time 2017-01-24 13:53:52 CET
;; From 204.212.170.100@53(UDP) in 170.6 ms
```
vs
```
$ dig +dnssec +multi +time=60 +retry=1 @204.212.170.100 726170696473736c2d63726c.67656f7472757374.636f6d.80hc70747be.webcfs00.com. IN MX
;; ERROR: malformed reply packet from 204.212.170.100@53(UDP)
```1.2.2 patch releasehttps://gitlab.nic.cz/knot/knot-resolver/-/issues/141Resolution of `*.cloudfiles.rackspacecloud.com. IN A` fails with SERVFAIL2017-08-22T13:33:34+02:00Ondřej SurýResolution of `*.cloudfiles.rackspacecloud.com. IN A` fails with SERVFAIL```
>> c0388858.cdn2.cloudfiles.rackspacecloud.com. IN A <<
> knot | bind:
rcode: 2 | 0
> differ: Count of responses.
;ANSWER [1]
ANSWER [2]
a1383.dscg10.akamai.net. IN A 2.21.74.33
a1383.dscg10.akamai.net. IN A 2.21.74.51
---...```
>> c0388858.cdn2.cloudfiles.rackspacecloud.com. IN A <<
> knot | bind:
rcode: 2 | 0
> differ: Count of responses.
;ANSWER [1]
ANSWER [2]
a1383.dscg10.akamai.net. IN A 2.21.74.33
a1383.dscg10.akamai.net. IN A 2.21.74.51
-------------^ knot | bind ^------------------
>> c0388858.cdn2.cloudfiles.rackspacecloud.com. IN A <<
> knot | unbound:
rcode: 2 | 0
> differ: Count of responses.
;ANSWER [1]
ANSWER [2]
a1383.dscg10.akamai.net. IN A 2.21.74.33
a1383.dscg10.akamai.net. IN A 2.21.74.51
-------------^ knot | unbound ^------------------
```
```
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 25787
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused
;; QUESTION SECTION:
;; c0388858.cdn2.cloudfiles.rackspacecloud.com. IN A
;; Received 72 B
;; Time 2017-01-24 13:48:24 CET
;; From ::1@38267(UDP) in 1719.0 ms
```
clear cache log:
```
[ 0][plan] plan 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A'
[56954][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[56954][resl] => using root hints
[44674][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[44674][plan] plan '.' type 'DNSKEY'
[30973][iter] '.' type 'DNSKEY' id was assigned, parent id 44674
[30973][resl] => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[30973][iter] <= rcode: NOERROR
[30973][vldr] <= parent: updating DNSKEY
[30973][vldr] <= answer valid, OK
[30973][resl] <= server: '2001:dc3::35' rtt: 18 ms
[29982][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[29982][resl] => querying: '2001:500:9f::42' score: 10 zone cut: '.' m12n: 'cOm.' type: 'NS' proto: 'udp'
[29982][iter] <= using glue for 'a.gtld-servers.net.': '192.5.6.30'
[29982][iter] <= using glue for 'a.gtld-servers.net.': '2001:503:a83e::2:30'
[29982][iter] <= using glue for 'b.gtld-servers.net.': '192.33.14.30'
[29982][iter] <= using glue for 'b.gtld-servers.net.': '2001:503:231d::2:30'
[29982][iter] <= using glue for 'c.gtld-servers.net.': '192.26.92.30'
[29982][iter] <= using glue for 'd.gtld-servers.net.': '192.31.80.30'
[29982][iter] <= using glue for 'e.gtld-servers.net.': '192.12.94.30'
[29982][iter] <= using glue for 'f.gtld-servers.net.': '192.35.51.30'
[29982][iter] <= using glue for 'g.gtld-servers.net.': '192.42.93.30'
[29982][iter] <= using glue for 'h.gtld-servers.net.': '192.54.112.30'
[29982][iter] <= using glue for 'i.gtld-servers.net.': '192.43.172.30'
[29982][iter] <= using glue for 'j.gtld-servers.net.': '192.48.79.30'
[29982][iter] <= using glue for 'k.gtld-servers.net.': '192.52.178.30'
[29982][iter] <= using glue for 'l.gtld-servers.net.': '192.41.162.30'
[29982][iter] <= using glue for 'm.gtld-servers.net.': '192.55.83.30'
[29982][iter] <= referral response, follow
[29982][vldr] <= DS: OK
[29982][vldr] <= answer valid, OK
[29982][resl] <= server: '2001:500:9f::42' rtt: 1 ms
[22599][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[22599][plan] plan 'com.' type 'DNSKEY'
[ 9678][iter] 'com.' type 'DNSKEY' id was assigned, parent id 22599
[ 9678][resl] => querying: '192.55.83.30' score: 10 zone cut: 'com.' m12n: 'COm.' type: 'DNSKEY' proto: 'udp'
[ 9678][iter] <= rcode: NOERROR
[ 9678][vldr] <= parent: updating DNSKEY
[ 9678][vldr] <= answer valid, OK
[ 9678][resl] <= server: '192.55.83.30' rtt: 34 ms
[49039][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[49039][resl] => querying: '192.41.162.30' score: 10 zone cut: 'com.' m12n: 'rACkSPACecLouD.cOM.' type: 'NS' proto: 'udp'
[49039][iter] <= using glue for 'ns2.rackspace.com.': '65.61.188.4'
[49039][iter] <= using glue for 'ns.rackspace.com.': '69.20.95.4'
[49039][iter] <= referral response, follow
[49039][vldr] <= DS doesn't exist, going insecure
[49039][vldr] <= answer valid, OK
[49039][resl] <= server: '192.41.162.30' rtt: 115 ms
[51213][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[51213][resl] => querying: '65.61.188.4' score: 10 zone cut: 'rackspacecloud.com.' m12n: 'CLoUDFIleS.RacKsPAcECloUD.cOM.' type: 'NS' proto: 'udp'
[51213][iter] <= referral response, follow
[51213][resl] <= server: '65.61.188.4' rtt: 31 ms
[33844][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[33844][plan] plan 'www-gtm-ord1.rackspace.com.' type 'AAAA'
[62064][iter] 'www-gtm-ord1.rackspace.com.' type 'AAAA' id was assigned, parent id 33844
[58017][iter] 'www-gtm-ord1.rackspace.com.' type 'AAAA' id was assigned, parent id 33844
[58017][plan] plan 'm.gtld-servers.net.' type 'AAAA'
[45856][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[45856][resl] => using root hints
[ 4235][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[ 4235][resl] >< TA: '.'
[ 4235][plan] plan '.' type 'DNSKEY'
[33383][iter] '.' type 'DNSKEY' id was assigned, parent id 4235
[33383][ rc ] => satisfied from cache
[33383][iter] <= rcode: NOERROR
[33383][vldr] <= parent: updating DNSKEY
[33383][vldr] <= answer valid, OK
[53600][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[53600][resl] => querying: '2001:7fd::1' score: 10 zone cut: '.' m12n: 'NeT.' type: 'NS' proto: 'udp'
[53600][iter] <= using glue for 'a.gtld-servers.net.': '192.5.6.30'
[53600][iter] <= using glue for 'a.gtld-servers.net.': '2001:503:a83e::2:30'
[53600][iter] <= using glue for 'b.gtld-servers.net.': '192.33.14.30'
[53600][iter] <= using glue for 'b.gtld-servers.net.': '2001:503:231d::2:30'
[53600][iter] <= using glue for 'c.gtld-servers.net.': '192.26.92.30'
[53600][iter] <= using glue for 'd.gtld-servers.net.': '192.31.80.30'
[53600][iter] <= using glue for 'e.gtld-servers.net.': '192.12.94.30'
[53600][iter] <= using glue for 'f.gtld-servers.net.': '192.35.51.30'
[53600][iter] <= using glue for 'g.gtld-servers.net.': '192.42.93.30'
[53600][iter] <= using glue for 'h.gtld-servers.net.': '192.54.112.30'
[53600][iter] <= using glue for 'i.gtld-servers.net.': '192.43.172.30'
[53600][iter] <= using glue for 'j.gtld-servers.net.': '192.48.79.30'
[53600][iter] <= using glue for 'k.gtld-servers.net.': '192.52.178.30'
[53600][iter] <= using glue for 'l.gtld-servers.net.': '192.41.162.30'
[53600][iter] <= using glue for 'm.gtld-servers.net.': '192.55.83.30'
[53600][iter] <= referral response, follow
[53600][vldr] <= DS: OK
[53600][vldr] <= answer valid, OK
[53600][resl] <= server: '2001:7fd::1' rtt: 5 ms
[63179][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[63179][plan] plan 'net.' type 'DNSKEY'
[64080][iter] 'net.' type 'DNSKEY' id was assigned, parent id 63179
[64080][resl] => querying: '192.52.178.30' score: 10 zone cut: 'net.' m12n: 'neT.' type: 'DNSKEY' proto: 'udp'
[64080][resl] => querying: '192.48.79.30' score: 10 zone cut: 'net.' m12n: 'neT.' type: 'DNSKEY' proto: 'udp'
[64080][iter] <= rcode: NOERROR
[64080][vldr] <= parent: updating DNSKEY
[64080][vldr] <= answer valid, OK
[64080][resl] <= server: '192.52.178.30' rtt: 264 ms
[64080][resl] <= server: '192.48.79.30' rtt: >=14 ms
[43576][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[43576][resl] => querying: '192.43.172.30' score: 10 zone cut: 'net.' m12n: 'gtld-seRVeRs.NeT.' type: 'NS' proto: 'udp'
[43576][iter] <= referral response, follow
[43576][vldr] <= DS doesn't exist, going insecure
[43576][vldr] <= parent: updating DS
[43576][vldr] <= answer valid, OK
[43576][resl] <= server: '192.43.172.30' rtt: 28 ms
[27496][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[27496][plan] plan 'av4.nstld.com.' type 'AAAA'
[27534][iter] 'av4.nstld.com.' type 'AAAA' id was assigned, parent id 27496
[22969][iter] 'av4.nstld.com.' type 'AAAA' id was assigned, parent id 27496
[22969][resl] => querying: '192.54.112.30' score: 10 zone cut: 'com.' m12n: 'nsTLd.COm.' type: 'NS' proto: 'udp'
[22969][iter] <= using glue for 'av1.nstld.com.': '192.42.177.30'
[22969][iter] <= using glue for 'av1.nstld.com.': '2001:500:124::30'
[22969][iter] <= using glue for 'av2.nstld.com.': '192.42.178.30'
[22969][iter] <= using glue for 'av2.nstld.com.': '2001:500:125::30'
[22969][iter] <= using glue for 'av3.nstld.com.': '192.82.133.30'
[22969][iter] <= using glue for 'av3.nstld.com.': '2001:500:126::30'
[22969][iter] <= using glue for 'av4.nstld.com.': '192.82.134.30'
[22969][iter] <= using glue for 'av4.nstld.com.': '2001:500:127::30'
[22969][iter] <= referral response, follow
[22969][resl] <= server: '192.54.112.30' rtt: 28 ms
[10652][iter] 'av4.nstld.com.' type 'AAAA' id was assigned, parent id 27496
[10652][resl] => querying: '2001:500:127::30' score: 10 zone cut: 'nstld.com.' m12n: 'aV4.nSTLd.cOM.' type: 'AAAA' proto: 'udp'
[10652][iter] <= using glue for 'av3.nstld.com.': '192.82.133.30'
[10652][iter] <= using glue for 'av3.nstld.com.': '2001:500:126::30'
[10652][iter] <= using glue for 'av1.nstld.com.': '192.42.177.30'
[10652][iter] <= using glue for 'av1.nstld.com.': '2001:500:124::30'
[10652][iter] <= using glue for 'av4.nstld.com.': '2001:500:127::30'
[10652][iter] <= using glue for 'av4.nstld.com.': '192.82.134.30'
[10652][iter] <= using glue for 'av2.nstld.com.': '192.42.178.30'
[10652][iter] <= using glue for 'av2.nstld.com.': '2001:500:125::30'
[10652][iter] <= rcode: NOERROR
[10652][resl] <= server: '2001:500:127::30' rtt: 19 ms
[61253][iter] 'm.gtld-servers.net.' type 'AAAA' id was assigned, parent id 58017
[61253][resl] => querying: '2001:500:127::30' score: 19 zone cut: 'gtld-servers.net.' m12n: 'M.gTld-SERVerS.NEt.' type: 'AAAA' proto: 'udp'
[61253][iter] <= rcode: NOERROR
[61253][ pc ] => answer cached for TTL=900
[61253][resl] <= server: '2001:500:127::30' rtt: 18 ms
[51040][iter] 'www-gtm-ord1.rackspace.com.' type 'AAAA' id was assigned, parent id 33844
[51040][plan] plan 'm.gtld-servers.net.' type 'A'
[26418][iter] 'm.gtld-servers.net.' type 'A' id was assigned, parent id 51040
[26418][ rc ] => satisfied from cache
[26418][iter] <= rcode: NOERROR
[26418][vldr] <= cached insecure response, going insecure
[12543][iter] 'www-gtm-ord1.rackspace.com.' type 'AAAA' id was assigned, parent id 33844
[12543][resl] => querying: '192.55.83.30' score: 34 zone cut: 'com.' m12n: 'racKSPaCe.COm.' type: 'NS' proto: 'udp'
[12543][iter] <= using glue for 'ns2.rackspace.com.': '65.61.188.4'
[12543][iter] <= using glue for 'ns.rackspace.com.': '69.20.95.4'
[12543][iter] <= referral response, follow
[12543][resl] <= server: '192.55.83.30' rtt: 34 ms
[60529][iter] 'www-gtm-ord1.rackspace.com.' type 'AAAA' id was assigned, parent id 33844
[60529][resl] => querying: '69.20.95.4' score: 10 zone cut: 'rackspace.com.' m12n: 'wWW-gTM-oRD1.raCksPAcE.CoM.' type: 'AAAA' proto: 'udp'
[60529][iter] <= rcode: NOERROR
[60529][ pc ] => answer cached for TTL=300
[60529][resl] <= server: '69.20.95.4' rtt: 107 ms
[56516][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[56516][plan] plan 'www-gtm-ord1.rackspace.com.' type 'A'
[ 4871][iter] 'www-gtm-ord1.rackspace.com.' type 'A' id was assigned, parent id 56516
[ 3085][iter] 'www-gtm-ord1.rackspace.com.' type 'A' id was assigned, parent id 56516
[ 3085][resl] => querying: '65.61.188.4' score: 31 zone cut: 'rackspace.com.' m12n: 'WWw-gtm-OrD1.RAckSPACE.CoM.' type: 'A' proto: 'udp'
[ 3085][iter] <= using glue for 'ns2.rackspace.com.': '65.61.188.4'
[ 3085][iter] <= using glue for 'ns.rackspace.com.': '69.20.95.4'
[ 3085][iter] <= rcode: NOERROR
[ 3085][resl] <= server: '65.61.188.4' rtt: 27 ms
[41180][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[41180][resl] => querying: '173.203.44.119' score: 10 zone cut: 'wip.rackspacecloud.com.' m12n: 'cdN2.CLoudfileS.rACkSPacECLoud.com.' type: 'NS' proto: 'udp'
[41180][iter] <= rcode: REFUSED
[41180][resl] <= server: '173.203.44.119' rtt: 121 ms
[52045][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[52045][resl] => querying: '173.203.44.119' score: 221 zone cut: 'wip.rackspacecloud.com.' m12n: 'c0388858.Cdn2.CLOuDfiLes.RacksPAceCloUd.COm.' type: 'A' proto: 'udp'
[52045][iter] <= rcode: REFUSED
[52045][resl] <= server: '173.203.44.119' rtt: 118 ms
[58945][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[58945][resl] => querying: '173.203.44.119' score: 269 zone cut: 'wip.rackspacecloud.com.' m12n: 'C0388858.cDn2.cLOudFIlEs.RAcKspACecLOUd.CoM.' type: 'A' proto: 'udp'
[58945][iter] <= rcode: REFUSED
[58945][resl] <= server: '173.203.44.119' rtt: 119 ms
[ 1543][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[ 1543][resl] => querying: '173.203.44.119' score: 294 zone cut: 'wip.rackspacecloud.com.' m12n: 'C0388858.CDN2.clOUDfiLeS.RAckSpaCeclOUd.COM.' type: 'A' proto: 'udp'
[ 1543][iter] <= rcode: REFUSED
[ 1543][resl] => server: '173.203.44.119' flagged as 'bad'
[34164][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[34164][resl] => unresolvable NS address, bailing out
[34164][plan] plan 'www-gtm-iad2.rackspace.com.' type 'AAAA'
[ 5083][iter] 'www-gtm-iad2.rackspace.com.' type 'AAAA' id was assigned, parent id 34164
[32261][iter] 'www-gtm-iad2.rackspace.com.' type 'AAAA' id was assigned, parent id 34164
[32261][resl] => querying: '65.61.188.4' score: 29 zone cut: 'rackspace.com.' m12n: 'wWw-Gtm-iaD2.RACksPAcE.COM.' type: 'AAAA' proto: 'udp'
[32261][iter] <= rcode: NOERROR
[32261][ pc ] => answer cached for TTL=300
[32261][resl] <= server: '65.61.188.4' rtt: 35 ms
[ 1144][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[ 1144][plan] plan 'www-gtm-iad2.rackspace.com.' type 'A'
[56948][iter] 'www-gtm-iad2.rackspace.com.' type 'A' id was assigned, parent id 1144
[ 4816][iter] 'www-gtm-iad2.rackspace.com.' type 'A' id was assigned, parent id 1144
[ 4816][resl] => querying: '65.61.188.4' score: 32 zone cut: 'rackspace.com.' m12n: 'WWw-GtM-iAD2.rACKSpACe.coM.' type: 'A' proto: 'udp'
[ 4816][iter] <= using glue for 'ns2.rackspace.com.': '65.61.188.4'
[ 4816][iter] <= using glue for 'ns.rackspace.com.': '69.20.95.4'
[ 4816][iter] <= rcode: NOERROR
[ 4816][resl] <= server: '65.61.188.4' rtt: 27 ms
[23391][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[23391][resl] => querying: '207.97.206.40' score: 10 zone cut: 'wip.rackspacecloud.com.' m12n: 'c0388858.Cdn2.clOUDfiLEs.racKspaceClOuD.COm.' type: 'A' proto: 'udp'
[23391][iter] <= rcode: REFUSED
[23391][resl] <= server: '207.97.206.40' rtt: 107 ms
[15551][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[15551][resl] => querying: '207.97.206.40' score: 207 zone cut: 'wip.rackspacecloud.com.' m12n: 'C0388858.cDn2.clouDfilES.RAcKSpACEcloUD.CoM.' type: 'A' proto: 'udp'
[15551][iter] <= rcode: REFUSED
[15551][resl] <= server: '207.97.206.40' rtt: 108 ms
[56069][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[56069][resl] => querying: '207.97.206.40' score: 257 zone cut: 'wip.rackspacecloud.com.' m12n: 'c0388858.CDN2.ClouDFiles.RaCkspAceCloud.cOM.' type: 'A' proto: 'udp'
[56069][iter] <= rcode: REFUSED
[56069][resl] <= server: '207.97.206.40' rtt: 111 ms
[62422][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[62422][resl] => querying: '207.97.206.40' score: 284 zone cut: 'wip.rackspacecloud.com.' m12n: 'C0388858.cDn2.ClOuDfIles.RaCkSpaCECLouD.CoM.' type: 'A' proto: 'udp'
[62422][iter] <= rcode: REFUSED
[62422][resl] => server: '207.97.206.40' flagged as 'bad'
[24149][iter] 'c0388858.cdn2.cloudfiles.rackspacecloud.com.' type 'A' id was assigned, parent id 0
[24149][resl] => unresolvable NS address, bailing out
[24149][resl] => no valid NS left
[ 0][resl] finished: 8, queries: 12, mempool: 164000 B
```1.2.2 patch releaseIvana KrumlovaIvana Krumlova