3.11 upgrade causes DNS problems with knot

Hi!

This morning “internet didn’t work” in the house. After squinting a little and getting my 2fa token, I managed to figure out that I could login to the router and that internet actually did work correctly, it was just DNS resolution that was down. I could resolve hosts by asking public DNS resolvers, but not the omnia.

I couldn’t figure out the problem through the GUI - DNS was indeed failing on the router as well, so it was not a client configuration issue. I could tell there was a reboot a little more than a day ago, which means updates were applied then. But DNS kept on chugging along until some time last night.

I managed to find the problem with a SSH connection though, which was related to a misconfiguration in kresd. It looks like the configuration template changed. It now looks like this:

--Automatically generated file; DO NOT EDIT
modules = {
    'hints > iterate'
  , 'policy'
  , 'stats'
  , predict = {
        window = 30 -- 30 minutes sampling window
      , period = 24*(60/30) -- track last 24 hours
  }
}
hints.use_nodata(true)
policy.add(policy.rpz(policy.DENY, '/etc/kresd/adb_list.overall'))
hints.config('/tmp/kresd/hints.tmp')
net.bufsize(4096)
net.ipv4=true
net.ipv6=true
cache.open(20*MB)

… with (thankfully) my kresd.conf.local appended of course (but excluded from the paste). Can anyone see what’s missing?

Any guess?

… laaaaast chance! :wink:

There are no upstream resolvers or hints file!

This could be because of my disabled resolver.common.forward_upstream configuration, set to 0. But the resolver previously had the root hints and could figure out how to bootstrap DNS itself. The workaround I found was to append that hints file to my custom config, by adding this to /etc/kresd/kres.config.local:

hints.config('root.hints')

It seems like a major regression which is why I’m reporting this here. I haven’t investigated exactly the cause of that problem, but I suspect something changed in the kresd.config template that caused that line to disappear. It seems that if we disable the forward mechanism, the resolver just falls over and has no other recourse to resolve hostnames, which, I believe, wasn’t the case before thanks to the builtin root hints file.

I’m not sure where to find which turris OS version. This is what the Luci GUI tells me:

OpenWrt omnia 15.05 r47055 / LuCI 96366054565006474c39e02dca00c9d45dcb9e15 branch (git-18.328.59464-9636605) 
4.4.165-4a7a81f8db0ad743e54c68e1845c60b6-1

And the Foris version is 98.17. According to Foris, I’m running Turris OS 3.11 (but I thought that was still in RC).

I hope that helps other kresd users, provided they can somehow get online… :slight_smile:

3.11 was released as stable two days ago. My almost-default Omnia on 3.11 loads the root hints fine, without anything about that in configuration. That’s how it’s meant to be. The path to default root hints is compiled in, and on Omnia it’s /etc/kresd/root.hints, included in the package AFAIK. I can’t see what’s happening in your case.

BTW, root hints behave differently than regular hints and should be handled by special commands if you want to replace them: hints.root*.