[Bug 282383] dns/knot-resolver doesn't resolve anymore after update 5.7.2 -> 5.7.4

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 282383] dns/knot-resolver doesn't resolve anymore after update 5.7.2 -> 5.7.4"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 282383] dns/knot-resolver doesn't resolve anymore after update 5.7.2 -> 5.7.4"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 28 Oct 2024 15:14:40 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282383

            Bug ID: 282383
           Summary: dns/knot-resolver doesn't resolve anymore after update
                    5.7.2 -> 5.7.4
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: dch@freebsd.org
                CC: freebsd@dns.company
             Flags: maintainer-feedback?(freebsd@dns.company)
                CC: freebsd@dns.company

- tried on both amd64 & arm64 15.0-CURRENT 

minimal config:

net.listen('127.0.0.1', 53, { kind = 'dns' })

startup:

/usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf -q
/var/run/kresd

Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/
Thank you for your time and interest!
[system] warning: hard limit for number of file-descriptors is only 65000 but
recommended value is 524288
[io    ] listen TCP (fastopen): Operation not permitted.  This may be caused by
TCP Fast Open being disabled in the OS.
[timesk] cannot resolve '.' NS
[taupd ] active refresh failed for . with rcode: 2


all lookups fail.



running with -vv as well:

 /usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf -q
/var/run/kresd -vv
[system] Knot Resolver is tested on Linux, other platforms might exhibit bugs.
Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/
Thank you for your time and interest!
[system] warning: hard limit for number of file-descriptors is only 65000 but
recommended value is 524288
[tls   ] session ticket: epoch 422394, scheduling rotation check in 1975887 ms
[wtchdg] systemd library not detected
[ta    ] installed trust anchors for domain . are:
.                       3600    DS      20326 8 2
E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D ; Valid: ;
KeyTag:20326
.                       3600    DS      38696 8 2
683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16 ; Valid: ;
KeyTag:38696

[system] loading config '/usr/local/etc/knot-resolver/kresd.conf' (workdir
'/var/run/kresd')
[io    ] listen TCP (fastopen): Operation not permitted.  This may be caused by
TCP Fast Open being disabled in the OS.
[cache ] space pre-allocation failed and ignored; your (file)system probably
doesn't support it.
[system] loading config '/usr/local/lib/knot-resolver/postconfig.lua' (workdir
'/var/run/kresd')
[plan  ][00000.00] plan '.' type 'NS' uid [65536.00]
[iterat][65536.00]   '.' type 'NS' new uid was assigned .01, parent uid .00
[resolv][65536.01]   => using root hints
[iterat][65536.01]   '.' type 'NS' new uid was assigned .02, parent uid .00
[resolv][65536.02]   >< TA: '.'
[plan  ][65536.02]   plan '.' type 'DNSKEY' uid [65536.03]
[iterat][65536.03]     '.' type 'DNSKEY' new uid was assigned .04, parent uid
.02
[cache ][65536.04]     => satisfied by exact RRset: rank 060, new TTL 85618
[iterat][65536.04]     <= rcode: NOERROR
[valdtr][65536.04]     <= parent: updating DNSKEY
[valdtr][65536.04]     <= answer valid, OK
[iterat][65536.02]   '.' type 'NS' new uid was assigned .05, parent uid .00
[select][65536.05]   => id: '18085' choosing from addresses: 13 v4 + 13 v6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65536.05]   => id: '18085' choosing:
'K.ROOT-SERVERS.NET.'@'2001:7fd::1#00053' with timeout 400 ms zone cut: '.'
[resolv][65536.05]   => id: '18085' querying:
'K.ROOT-SERVERS.NET.'@'2001:7fd::1#00053' zone cut: '.' qname: '.' qtype: 'NS'
proto: 'udp'
[resolv][65536.04]     AD: request NOT classified as SECURE
[resolv][65536.05]   finished in state: 8, queries: 1, mempool: 98352 B
[primin] cannot resolve '.' NS, next priming query in 10 seconds
[plan  ][00000.00] plan '.' type 'NS' uid [65537.00]
[iterat][65537.00]   '.' type 'NS' new uid was assigned .01, parent uid .00
[resolv][65537.01]   => using root hints
[iterat][65537.01]   '.' type 'NS' new uid was assigned .02, parent uid .00
[select][65537.02]   => id: '38240' choosing from addresses: 13 v4 + 13 v6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65537.02]   => id: '38240' choosing:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '.'
[resolv][65537.02]   => id: '38240' querying:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: '.' qtype:
'NS' proto: 'udp'
[resolv][65537.00] request failed, answering with empty SERVFAIL
[resolv][65537.02]   finished in state: 8, queries: 0, mempool: 98352 B
[timesk] cannot resolve '.' NS
[taupd ] refreshing TA for .
[plan  ][00000.00] plan '.' type 'DNSKEY' uid [65538.00]
[iterat][65538.00]   '.' type 'DNSKEY' new uid was assigned .01, parent uid .00
[resolv][65538.01]   => using root hints
[iterat][65538.01]   '.' type 'DNSKEY' new uid was assigned .02, parent uid .00
[resolv][65538.02]   >< TA: '.'
[select][65538.02]   => id: '51387' choosing from addresses: 13 v4 + 13 v6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65538.02]   => id: '51387' choosing:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '.'
[resolv][65538.02]   => id: '51387' querying:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: '.' qtype:
'DNSKEY' proto: 'udp'
[resolv][65538.00] request failed, answering with empty SERVFAIL
[resolv][65538.02]   finished in state: 8, queries: 0, mempool: 98352 B
[taupd ] active refresh failed for . with rcode: 2
[taupd ] next refresh for . in 1 hours
[plan  ][00000.00] plan 'skunkwerks.at.' type 'A' uid [29461.00]
[iterat][29461.00]   'skunkwerks.at.' type 'A' new uid was assigned .01, parent
uid .00
[resolv][29461.01]   => using root hints
[iterat][29461.01]   'skunkwerks.at.' type 'A' new uid was assigned .02, parent
uid .00
[resolv][29461.02]   >< TA: '.'
[plan  ][29461.02]   plan '.' type 'DNSKEY' uid [29461.03]
[iterat][29461.03]     '.' type 'DNSKEY' new uid was assigned .04, parent uid
.02
[cache ][29461.04]     => satisfied by exact RRset: rank 060, new TTL 85609
[iterat][29461.04]     <= rcode: NOERROR
[valdtr][29461.04]     <= parent: updating DNSKEY
[valdtr][29461.04]     <= answer valid, OK
[iterat][29461.02]   'skunkwerks.at.' type 'A' new uid was assigned .05, parent
uid .00
[select][29461.05]   => id: '58378' choosing from addresses: 13 v4 + 13 v6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][29461.05]   => id: '58378' choosing:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '.'
[resolv][29461.05]   => id: '58378' querying:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: 'at.' qtype:
'NS' proto: 'udp'
[resolv][29461.04]     AD: request NOT classified as SECURE
[resolv][29461.05]   finished in state: 8, queries: 1, mempool: 32800 B
[plan  ][00000.00] plan '.' type 'NS' uid [65539.00]
[iterat][65539.00]   '.' type 'NS' new uid was assigned .01, parent uid .00
[resolv][65539.01]   => using root hints
[iterat][65539.01]   '.' type 'NS' new uid was assigned .02, parent uid .00
[resolv][65539.02]   >< TA: '.'
[plan  ][65539.02]   plan '.' type 'DNSKEY' uid [65539.03]
[iterat][65539.03]     '.' type 'DNSKEY' new uid was assigned .04, parent uid
.02
[cache ][65539.04]     => satisfied by exact RRset: rank 060, new TTL 85608
[iterat][65539.04]     <= rcode: NOERROR
[valdtr][65539.04]     <= parent: updating DNSKEY
[valdtr][65539.04]     <= answer valid, OK
[iterat][65539.02]   '.' type 'NS' new uid was assigned .05, parent uid .00
[select][65539.05]   => id: '12229' choosing from addresses: 13 v4 + 13 v6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65539.05]   => id: '12229' choosing:
'G.ROOT-SERVERS.NET.'@'2001:500:12::d0d#00053' with timeout 400 ms zone cut:
'.'
[resolv][65539.05]   => id: '12229' querying:
'G.ROOT-SERVERS.NET.'@'2001:500:12::d0d#00053' zone cut: '.' qname: '.' qtype:
'NS' proto: 'udp'
[resolv][65539.04]     AD: request NOT classified as SECURE
[resolv][65539.05]   finished in state: 8, queries: 1, mempool: 98352 B
[primin] cannot resolve '.' NS, next priming query in 10 seconds

all lookups fail.

NB I also tried removing root.* and letting it re-fetch them, however that
fails too:

[system] Knot Resolver is tested on Linux, other platforms might exhibit bugs.
Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/
Thank you for your time and interest!
[system] warning: hard limit for number of file-descriptors is only 65000 but
recommended value is 524288
[system] error /usr/local/lib/knot-resolver/trust_anchors.lua:336: [ ta ] fetch
of "https://data.iana.org/root-anchors/root-anchors.xml" failed: error:
lua-http and luaossl libraries are missing (but required)
[ ta ] Failed to bootstrap root trust anchors!

-- 
You are receiving this mail because:
You are the assignee for the bug.