[Yeti DNS Discuss] A weird behavior of Knot

Jan Včelák jan.vcelak at nic.cz
Mon Aug 17 08:46:39 UTC 2015 

Hello,

we are currently unaware of such a problem in Knot DNS.

If you manage to reproduce the problem again, the knotd backtrace would be 
very useful for us to debug the problem. Please, also provide some basic 
information about the platform and Knot DNS version.

Have a look at Troubleshooting section in our documentation. Everything 
important is there:

http://knot-dns.labs.nic.cz/docs/2.0/html/troubleshooting.html

Cheers,

Jan

--
 Jan Včelák, Knot DNS
 CZ.NIC Labs https://www.knot-dns.cz
 --------------------------------------------
 Milešovská 5, 130 00 Praha 3, Czech Republic
 WWW: https://labs.nic.cz https://www.nic.cz

On Friday, August 14, 2015 03:37:58 PM Ondrej Filip wrote:
> -------- Forwarded Message --------
> Subject: 	[Yeti DNS Discuss] A weird behavior of Knot
> Date: 	Fri, 14 Aug 2015 15:57:09 +0800
> From: 	"Davey(宋林健)" <ljsong at biigroup.cn>
> To: 	discuss at lists.yeti-dns.org
> 
> 
> 
> 
> Hi all,
> 
> We observed a weird behavior of Knot when we reset the .arpa ns
> records to [a-m].root-servers.net <http://root-servers.net> in root
> zone file.
> 
> The knot root server (yeti-dns01.dnsworkshop.org
> <http://yeti-dns01.dnsworkshop.org>)  entered a a kind of "hung¡±
> state after updating the root zone (with a new serial number) but
> without change of the NS records list for .arpa.
> 
> Best regards,
> Davey
> 
> > ------------------ Original ------------------
> > *From: * "Carsten Strotmann"<carsten at strotmann.de
> > <mailto:carsten at strotmann.de>>;
> > *Date: * Fri, Aug 14, 2015 03:30 PM
> > *To: * "¹¨µÀ±ë"<dbgong at biigroup.cn <mailto:dbgong at biigroup.cn>>;
> > *Subject: * Re: Fw:[Yeti DNS Operators] <Action>: Remove the .arpa
> > zone fromcurrentYeti Root servers
> > 
> > Hello Kevin,
> > 
> > ¹¨µÀ±ë wrote:
> > > Hi Carsten,
> > > 
> > > I have try to dig arpa ns @yeti-dns01.dnsworkshop.org
> > 
> > <http://yeti-dns01.dnsworkshop.org>
> > 
> > > I found that the answer is not right.
> > 
> > thanks for the notice.
> > 
> > > ---
> > > ;; OPT PSEUDOSECTION:
> > > ; EDNS: version: 0, flags:; udp: 4096
> > > ;; QUESTION SECTION:
> > > ;arpa.                          IN      NS
> > > 
> > > ;; AUTHORITY SECTION:
> > > arpa.                   172800  IN      NS      bii.dns-lab.net
> > 
> > <http://bii.dns-lab.net>.
> > 
> > > arpa.                   172800  IN      NS      yeti.bofh.priv.at
> > 
> > <http://yeti.bofh.priv.at>.
> > 
> > > arpa.                   172800  IN      NS      yeti.ipv6.ernet.in.
> > > arpa.                   172800  IN      NS      dahu1.yeti.eu.org
> > 
> > <http://dahu1.yeti.eu.org>.
> > 
> > > arpa.                   172800  IN      NS      ns-yeti.bondis.org
> > 
> > <http://ns-yeti.bondis.org>.
> > 
> > > arpa.                   172800  IN      NS      yeti-ns.ix.ru
> > 
> > <http://yeti-ns.ix.ru>.
> > 
> > > arpa.                   172800  IN      NS      yeti-ns.tisf.net
> > 
> > <http://yeti-ns.tisf.net>.
> > 
> > > arpa.                   172800  IN      NS      yeti-ns.wide.ad.jp
> > 
> > <http://yeti-ns.wide.ad.jp>.
> > 
> > > arpa.                   172800  IN      NS      yeti-ns.conit.co
> > 
> > <http://yeti-ns.conit.co>.
> > 
> > > arpa.                   172800  IN      NS
> > 
> > yeti-ns.as59715.net <http://yeti-ns.as59715.net>.
> > 
> > > arpa.                   172800  IN      NS
> > 
> > yeti-dns01.dnsworkshop.org <http://yeti-dns01.dnsworkshop.org>.
> > 
> > > ;; ADDITIONAL SECTION:
> > > bii.dns-lab.net <http://bii.dns-lab.net>.        518400  IN
> > 
> > AAAA    240c:f:1:22::6
> > 
> > > yeti.bofh.priv.at <http://yeti.bofh.priv.at>.      518400  IN
> > 
> > AAAA    2a01:4f8:161:6106:1::10
> > 
> > > yeti.ipv6.ernet.in.     518400  IN      AAAA    2001:e30:1c1e:1::333
> > > dahu1.yeti.eu.org <http://dahu1.yeti.eu.org>.      518400  IN
> > 
> > AAAA
> > 
> > >  2001:4b98:dc2:43:216:3eff:fea9:41a
> > > 
> > > ns-yeti.bondis.org <http://ns-yeti.bondis.org>.     518400
> > 
> > IN      AAAA    2a02:2810:0:405::250
> > 
> > > yeti-ns.ix.ru <http://yeti-ns.ix.ru>.          518400  IN
> > 
> > AAAA    2001:6d0:6d06::53
> > 
> > > yeti-ns.tisf.net <http://yeti-ns.tisf.net>.       518400  IN
> > 
> > AAAA    2001:559:8000::6
> > 
> > > yeti-ns.wide.ad.jp <http://yeti-ns.wide.ad.jp>.     518400
> > 
> > IN      AAAA    2001:200:1d9::35
> > 
> > > yeti-ns.conit.co <http://yeti-ns.conit.co>.       518400  IN
> > 
> > AAAA    2607:ff28:2:10::47:a010
> > 
> > > yeti-ns.as59715.net <http://yeti-ns.as59715.net>.    518400
> > 
> > IN      AAAA
> > 
> > >  2a02:cdc5:9715:0:185:5:203:53
> > > 
> > > yeti-dns01.dnsworkshop.org <http://yeti-dns01.dnsworkshop.org>.
> > 
> > 518400 IN   AAAA    2001:1608:10:167:32e::53
> > 
> > > -----
> > > ARPA zone's NS should be [a-m].root-servers.net
> > 
> > <http://root-servers.net> now
> > 
> > > DMs have removed ARPA zone. and do not modify ARPA zone NS records on
> > > root zone file.
> > > 
> > > dig SOA on yeti-dns01.dnsworkshop.org
> > 
> > <http://yeti-dns01.dnsworkshop.org>
> > 
> > >  dig @2001:1608:10:167:32e::53 . soa +short
> > > 
> > > bii.dns-lab.net <http://bii.dns-lab.net>. yeti.biigroup.cn
> > 
> > <http://yeti.biigroup.cn>. 2015081301 1800 900 604800 86400
> > 
> > > but the SOA serial number is same with DM, it's weird.
> > > 
> > > would you please check this?
> > > Thank you
> > 
> > I've found the Knot-DNS server process in a kind of "hung" state, it was
> > still answering queries, but would not respond to control messages. Also
> > the slave copy of the yeti-root-zone on disk was an old one.
> > 
> > I've killed the process, and restarted, and it fetched the latest
> > version of the zone and the answers now seem OK.
> > 
> > I will monitor this closely, and if it happens again, will troubleshoot
> > with the Knot-DNS developers.
> > 
> > Best regards
> > 
> > Carsten Strotmann
> 
> ---------------------------
> Davey Song(ËÎÁÖ½¡)
> BII Lab
> ljsong at biigroup.cn <mailto:ljsong at biigroup.cn>

More information about the discuss mailing list