From nobody Mon Oct 28 15:14:40 2024
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XccPX71xwz5bRPQ
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Mon, 28 Oct 2024 15:14:40 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XccPX5ws8z4t60
	for <ports-bugs@FreeBSD.org>; Mon, 28 Oct 2024 15:14:40 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1730128480;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rwnNOEY4QzEGRvWVy65pQHKEosFh4xyw59bWzev0T0w=;
	b=wPROpAgWb5Zdb7mlS/rjB45Ke3nm2TL9N4wJHSN4WtXzBK6Kmtwm+aQNqECzQzONcpLjlI
	Ha5nlA9c7uBtUnaTQSyEH0/pD+gQi9oy2iTp3YzLVpN0pSRPwsBPkOzMyxlxp4d+/y9S+Q
	4FXy8EoTtUxqNZXumCjRX/mfUtRYRrVB+KQmoLWx28ekMnQoKQhqnMFljl/NcThZ6r3ISA
	nVACJ6FR2fVxQhHryMU4pR5zfc35Dxom2/6OBPzkAT5tUXPhffCDe/g4v0wcvvTq2ISyzW
	3U8ARF0tyKxi8cXlLKwfrSCSouom13IIIwW8HHGDqKbP6uLsObQ72jziUgoO9Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730128480; a=rsa-sha256; cv=none;
	b=yPHtu/l2j3tA9pc5+wqM4dogCfGFGhpovcKOmM264Sg63KjuIxlcXVJi8lAcpGpciKvdH4
	UcKrWmINjhJlbo+h6f5JDR89g/OhvCjm8IFsgQCjjT17sjVzR2F7rHR5UinlufYJ37hCtL
	vqdQFgJWtytVYi9musHMxWrwKY2uvmI4bwFiftqu318JhXJrtnB0tIU9Kj/cpxG38xY+K6
	a2+vgkgka8je/vlVIElJHcYWUInqljz78ZnIQw+4T0FuamjNmV99y73d4X2c9/wubp1IU0
	4kJbLnC+7Ex0qSflB8vyYJKVdHq9tRoTqan3CNA0wIwUDy1ad9V7sh/wTMNujw==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XccPX5QGnzkWp
	for <ports-bugs@FreeBSD.org>; Mon, 28 Oct 2024 15:14:40 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 49SFEeHE099935
	for <ports-bugs@FreeBSD.org>; Mon, 28 Oct 2024 15:14:40 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 49SFEe3e099934
	for ports-bugs@FreeBSD.org; Mon, 28 Oct 2024 15:14:40 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 282383] dns/knot-resolver doesn't resolve anymore after update
 5.7.2 -> 5.7.4
Date: Mon, 28 Oct 2024 15:14:40 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dch@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
 flagtypes.name
Message-ID: <bug-282383-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
X-BeenThere: freebsd-ports-bugs@freebsd.org
Sender: owner-freebsd-ports-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282383

            Bug ID: 282383
           Summary: dns/knot-resolver doesn't resolve anymore after update
                    5.7.2 -> 5.7.4
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: dch@freebsd.org
                CC: freebsd@dns.company
             Flags: maintainer-feedback?(freebsd@dns.company)
                CC: freebsd@dns.company

- tried on both amd64 & arm64 15.0-CURRENT=20

minimal config:

net.listen('127.0.0.1', 53, { kind =3D 'dns' })

startup:

/usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf -q
/var/run/kresd

Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/
Thank you for your time and interest!
[system] warning: hard limit for number of file-descriptors is only 65000 b=
ut
recommended value is 524288
[io    ] listen TCP (fastopen): Operation not permitted.  This may be cause=
d by
TCP Fast Open being disabled in the OS.
[timesk] cannot resolve '.' NS
[taupd ] active refresh failed for . with rcode: 2


all lookups fail.



running with -vv as well:

 /usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf -q
/var/run/kresd -vv
[system] Knot Resolver is tested on Linux, other platforms might exhibit bu=
gs.
Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/
Thank you for your time and interest!
[system] warning: hard limit for number of file-descriptors is only 65000 b=
ut
recommended value is 524288
[tls   ] session ticket: epoch 422394, scheduling rotation check in 1975887=
 ms
[wtchdg] systemd library not detected
[ta    ] installed trust anchors for domain . are:
.                       3600    DS      20326 8 2
E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D ; Valid: ;
KeyTag:20326
.                       3600    DS      38696 8 2
683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16 ; Valid: ;
KeyTag:38696

[system] loading config '/usr/local/etc/knot-resolver/kresd.conf' (workdir
'/var/run/kresd')
[io    ] listen TCP (fastopen): Operation not permitted.  This may be cause=
d by
TCP Fast Open being disabled in the OS.
[cache ] space pre-allocation failed and ignored; your (file)system probably
doesn't support it.
[system] loading config '/usr/local/lib/knot-resolver/postconfig.lua' (work=
dir
'/var/run/kresd')
[plan  ][00000.00] plan '.' type 'NS' uid [65536.00]
[iterat][65536.00]   '.' type 'NS' new uid was assigned .01, parent uid .00
[resolv][65536.01]   =3D> using root hints
[iterat][65536.01]   '.' type 'NS' new uid was assigned .02, parent uid .00
[resolv][65536.02]   >< TA: '.'
[plan  ][65536.02]   plan '.' type 'DNSKEY' uid [65536.03]
[iterat][65536.03]     '.' type 'DNSKEY' new uid was assigned .04, parent u=
id
.02
[cache ][65536.04]     =3D> satisfied by exact RRset: rank 060, new TTL 856=
18
[iterat][65536.04]     <=3D rcode: NOERROR
[valdtr][65536.04]     <=3D parent: updating DNSKEY
[valdtr][65536.04]     <=3D answer valid, OK
[iterat][65536.02]   '.' type 'NS' new uid was assigned .05, parent uid .00
[select][65536.05]   =3D> id: '18085' choosing from addresses: 13 v4 + 13 v=
6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65536.05]   =3D> id: '18085' choosing:
'K.ROOT-SERVERS.NET.'@'2001:7fd::1#00053' with timeout 400 ms zone cut: '.'
[resolv][65536.05]   =3D> id: '18085' querying:
'K.ROOT-SERVERS.NET.'@'2001:7fd::1#00053' zone cut: '.' qname: '.' qtype: '=
NS'
proto: 'udp'
[resolv][65536.04]     AD: request NOT classified as SECURE
[resolv][65536.05]   finished in state: 8, queries: 1, mempool: 98352 B
[primin] cannot resolve '.' NS, next priming query in 10 seconds
[plan  ][00000.00] plan '.' type 'NS' uid [65537.00]
[iterat][65537.00]   '.' type 'NS' new uid was assigned .01, parent uid .00
[resolv][65537.01]   =3D> using root hints
[iterat][65537.01]   '.' type 'NS' new uid was assigned .02, parent uid .00
[select][65537.02]   =3D> id: '38240' choosing from addresses: 13 v4 + 13 v=
6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65537.02]   =3D> id: '38240' choosing:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '=
.'
[resolv][65537.02]   =3D> id: '38240' querying:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: '.' qtype:
'NS' proto: 'udp'
[resolv][65537.00] request failed, answering with empty SERVFAIL
[resolv][65537.02]   finished in state: 8, queries: 0, mempool: 98352 B
[timesk] cannot resolve '.' NS
[taupd ] refreshing TA for .
[plan  ][00000.00] plan '.' type 'DNSKEY' uid [65538.00]
[iterat][65538.00]   '.' type 'DNSKEY' new uid was assigned .01, parent uid=
 .00
[resolv][65538.01]   =3D> using root hints
[iterat][65538.01]   '.' type 'DNSKEY' new uid was assigned .02, parent uid=
 .00
[resolv][65538.02]   >< TA: '.'
[select][65538.02]   =3D> id: '51387' choosing from addresses: 13 v4 + 13 v=
6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65538.02]   =3D> id: '51387' choosing:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '=
.'
[resolv][65538.02]   =3D> id: '51387' querying:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: '.' qtype:
'DNSKEY' proto: 'udp'
[resolv][65538.00] request failed, answering with empty SERVFAIL
[resolv][65538.02]   finished in state: 8, queries: 0, mempool: 98352 B
[taupd ] active refresh failed for . with rcode: 2
[taupd ] next refresh for . in 1 hours
[plan  ][00000.00] plan 'skunkwerks.at.' type 'A' uid [29461.00]
[iterat][29461.00]   'skunkwerks.at.' type 'A' new uid was assigned .01, pa=
rent
uid .00
[resolv][29461.01]   =3D> using root hints
[iterat][29461.01]   'skunkwerks.at.' type 'A' new uid was assigned .02, pa=
rent
uid .00
[resolv][29461.02]   >< TA: '.'
[plan  ][29461.02]   plan '.' type 'DNSKEY' uid [29461.03]
[iterat][29461.03]     '.' type 'DNSKEY' new uid was assigned .04, parent u=
id
.02
[cache ][29461.04]     =3D> satisfied by exact RRset: rank 060, new TTL 856=
09
[iterat][29461.04]     <=3D rcode: NOERROR
[valdtr][29461.04]     <=3D parent: updating DNSKEY
[valdtr][29461.04]     <=3D answer valid, OK
[iterat][29461.02]   'skunkwerks.at.' type 'A' new uid was assigned .05, pa=
rent
uid .00
[select][29461.05]   =3D> id: '58378' choosing from addresses: 13 v4 + 13 v=
6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][29461.05]   =3D> id: '58378' choosing:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '=
.'
[resolv][29461.05]   =3D> id: '58378' querying:
'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: 'at.' qtyp=
e:
'NS' proto: 'udp'
[resolv][29461.04]     AD: request NOT classified as SECURE
[resolv][29461.05]   finished in state: 8, queries: 1, mempool: 32800 B
[plan  ][00000.00] plan '.' type 'NS' uid [65539.00]
[iterat][65539.00]   '.' type 'NS' new uid was assigned .01, parent uid .00
[resolv][65539.01]   =3D> using root hints
[iterat][65539.01]   '.' type 'NS' new uid was assigned .02, parent uid .00
[resolv][65539.02]   >< TA: '.'
[plan  ][65539.02]   plan '.' type 'DNSKEY' uid [65539.03]
[iterat][65539.03]     '.' type 'DNSKEY' new uid was assigned .04, parent u=
id
.02
[cache ][65539.04]     =3D> satisfied by exact RRset: rank 060, new TTL 856=
08
[iterat][65539.04]     <=3D rcode: NOERROR
[valdtr][65539.04]     <=3D parent: updating DNSKEY
[valdtr][65539.04]     <=3D answer valid, OK
[iterat][65539.02]   '.' type 'NS' new uid was assigned .05, parent uid .00
[select][65539.05]   =3D> id: '12229' choosing from addresses: 13 v4 + 13 v=
6;
names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65539.05]   =3D> id: '12229' choosing:
'G.ROOT-SERVERS.NET.'@'2001:500:12::d0d#00053' with timeout 400 ms zone cut:
'.'
[resolv][65539.05]   =3D> id: '12229' querying:
'G.ROOT-SERVERS.NET.'@'2001:500:12::d0d#00053' zone cut: '.' qname: '.' qty=
pe:
'NS' proto: 'udp'
[resolv][65539.04]     AD: request NOT classified as SECURE
[resolv][65539.05]   finished in state: 8, queries: 1, mempool: 98352 B
[primin] cannot resolve '.' NS, next priming query in 10 seconds

all lookups fail.

NB I also tried removing root.* and letting it re-fetch them, however that
fails too:

[system] Knot Resolver is tested on Linux, other platforms might exhibit bu=
gs.
Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/
Thank you for your time and interest!
[system] warning: hard limit for number of file-descriptors is only 65000 b=
ut
recommended value is 524288
[system] error /usr/local/lib/knot-resolver/trust_anchors.lua:336: [ ta ] f=
etch
of "https://data.iana.org/root-anchors/root-anchors.xml" failed: error:
lua-http and luaossl libraries are missing (but required)
[ ta ] Failed to bootstrap root trust anchors!

--=20
You are receiving this mail because:
You are the assignee for the bug.=