Dobry den,
hledam nekoho, kdo by mi poradil a nebo me navedl, kde muzu mit problem s konfiguraci.
Knot resolver bezi na virtualu debian 10 - ip adresa serveru 192.168.128.44
samotny server bezi pravdepodobne bez problemu:
root@dns1:# sudo systemctl status kresd*.service
● kresd@2.service - Knot Resolver daemon
Loaded: loaded (/lib/systemd/system/kresd@.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-04-12 21:47:16 CEST; 28min ago
Docs: man:kresd.systemd(7)
man:kresd(8)
Main PID: 425 (kresd)
Tasks: 1 (limit: 4701)
Memory: 10.5M
CGroup: /system.slice/system-kresd.slice/kresd@2.service
└─425 /usr/sbin/kresd -c /usr/lib/knot-resolver/distro-preconfig.lua -c /etc/knot-resolver/kresd.conf -n
Apr 12 21:47:48 dns1 kresd[425]: [23257.04][resl] finished: 4, queries: 1, mempool: 16400 B
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] => id: '44535' querying: '2404:1fc0:1000:400::42#00053' score: 10 zone cut: 'pool.ntp.org.' qname: '2.deBiAn.pOol.Ntp.orG.' qtype: 'A' pr
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] => id: '44535' querying: '31.3.105.98#00053' score: 10 zone cut: 'pool.ntp.org.' qname: '2.deBiAn.pOol.Ntp.orG.' qtype: 'A' proto: 'udp'
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][iter] <= rcode: NOERROR
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][cach] => stashed 2.debian.pool.ntp.org. A, rank 030, 38 B total, incl. 0 RRSIGs
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] <= server: '2a03:7900:104:1::2' rtt: >= 427 ms
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] <= server: '2404:1fc0:1000:400::42' rtt: >= 227 ms
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] <= server: '31.3.105.98' rtt: 27 ms
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] AD: request NOT classified as SECURE
Apr 12 21:47:48 dns1 kresd[425]: [38598.04][resl] finished: 4, queries: 1, mempool: 16400 B
● kresd@1.service - Knot Resolver daemon
Loaded: loaded (/lib/systemd/system/kresd@.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-04-12 21:47:16 CEST; 28min ago
Docs: man:kresd.systemd(7)
man:kresd(8)
Main PID: 418 (kresd)
Tasks: 1 (limit: 4701)
Memory: 7.7M
CGroup: /system.slice/system-kresd.slice/kresd@1.service
└─418 /usr/sbin/kresd -c /usr/lib/knot-resolver/distro-preconfig.lua -c /etc/knot-resolver/kresd.conf -n
Apr 12 21:47:16 dns1 kresd[418]: [65562.01][resl] AD: request NOT classified as SECURE
Apr 12 21:47:16 dns1 kresd[418]: [65562.01][resl] finished: 4, queries: 1, mempool: 81952 B
Apr 12 21:47:16 dns1 kresd[418]: [priming] triggered priming query, next in 477371 seconds
Apr 12 21:47:16 dns1 kresd[418]: [00000.00][plan] plan '.' type 'NS' uid [65563.00]
Apr 12 21:47:16 dns1 kresd[418]: [65563.00][iter] '.' type 'NS' new uid was assigned .01, parent uid .00
Apr 12 21:47:16 dns1 kresd[418]: [65563.01][cach] => satisfied by exact RRset: rank 060, new TTL 477371
Apr 12 21:47:16 dns1 kresd[418]: [65563.01][iter] <= rcode: NOERROR
Apr 12 21:47:16 dns1 kresd[418]: [65563.01][resl] AD: request classified as SECURE
Apr 12 21:47:16 dns1 kresd[418]: [65563.01][resl] finished: 4, queries: 1, mempool: 81952 B
Apr 12 21:47:16 dns1 kresd[418]: [detect_time_skew] Local system time "Sun Apr 12 21:47:16 2020" is within RRSIG validity interval <"Sun Apr 12 06:00:00 2020","Sat Apr 25 07:00:00 2020">.
Konfigurace Knotu:
root@dns1:# more /etc/knot-resolver/kresd.conf
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
-- Network interface configuration
net.listen('127.0.0.1', 53, { kind = 'dns' })
net.listen('127.0.0.1', 853, { kind = 'tls' })
net.listen('::1', 53, { kind = 'dns', freebind = true })
net.listen('::1', 853, { kind = 'tls', freebind = true })
-- Load useful modules
--modules = {
-- 'policy',
-- 'hints > iterate', -- Load /etc/hosts and allow custom root hints
-- 'stats', -- Track internal statistics
-- 'predict', -- Prefetch expiring/frequent records
--}
verbose(true)
modules = {
'policy',
'view',
'hints',
'serve_stale < cache',
'workarounds < iterate',
'stats',
'predict'
}
-- Cache size
cache.size = 1 * GB
-- Root hints
hints.root_file = '/var/lib/knot-resolver/root.hints'
--hints.root({
-- ['i.root-servers.net.'] = { '2001:7fe::53', '192.36.148.17' }
--})
-- Accept all requests from these subnets
view:addr('192.0.0.0/8', policy.all(policy.PASS))
root@dns1:# more /etc/resolv.conf
nameserver 127.0.0.1
root@dns1:# dig www.seznam.cz
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> www.seznam.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58096
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.seznam.cz. IN A
;; ANSWER SECTION:
www.seznam.cz. 297 IN A 77.75.74.172
www.seznam.cz. 297 IN A 77.75.74.176
www.seznam.cz. 297 IN A 77.75.75.172
www.seznam.cz. 297 IN A 77.75.75.176
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Apr 12 22:22:41 CEST 2020
;; MSG SIZE rcvd: 106
Mam problem, jakmile tento DNS resolver nastavim na svem notebooku jako primarni DNS. Stranky se nenacitaji a ani v zapnutem debug modu se nic nezobrazuje. Iptables na strane debianu jsou vypnute, krome fail2ban.
Neporadi mi prosim nekdo, co delam spatne? Dekuju.