For some reason my kresd (knot-resolver) started crashing consistently. Eventually DNS stopped working.
The logs show an Assertion failed exception. Looks like a bug to me. Can anyone help me out?
Here are the logs:
Jul 9 11:54:56 turris kresd[11470]: [ ta ] warning: overriding previously set trust anchors for .
Jul 9 11:54:56 turris kresd[11470]: [ta_update] refreshing TA for .
Jul 9 11:54:56 turris kresd[11470]: [ta_update] key: 20326 state: Valid
Jul 9 11:54:56 turris kresd[11470]: [ta_update] next refresh for . in 24 hours
Jul 9 11:55:01 turris kresd[11470]: Assertion failed: xn <= n (gmp-glue.c: _nettle_mpz_limbs_copy: 178)
Jul 9 11:55:01 turris crond[11477]: (root) CMD (/usr/bin/notifier)
Jul 9 11:55:01 turris crond[11476]: (root) CMDOUT (There is no message to send.)
Jul 9 11:55:06 turris kresd[11507]: [ ta ] warning: overriding previously set trust anchors for .
Jul 9 11:55:06 turris kresd[11507]: [ta_update] refreshing TA for .
Jul 9 11:55:06 turris kresd[11507]: [ta_update] key: 20326 state: Valid
Jul 9 11:55:06 turris kresd[11507]: [ta_update] next refresh for . in 24 hours
Jul 9 11:55:11 turris kresd[11507]: Assertion failed: xn <= n (gmp-glue.c: _nettle_mpz_limbs_copy: 178)
Jul 9 11:55:16 turris kresd[11519]: [ ta ] warning: overriding previously set trust anchors for .
Jul 9 11:55:16 turris kresd[11519]: [ta_update] refreshing TA for .
Jul 9 11:55:16 turris kresd[11519]: [ta_update] key: 20326 state: Valid
Jul 9 11:55:16 turris kresd[11519]: [ta_update] next refresh for . in 24 hours
Jul 9 11:55:22 turris kresd[11519]: Assertion failed: xn <= n (gmp-glue.c: _nettle_mpz_limbs_copy: 178)
Jul 9 11:55:22 turris procd: Instance kresd::instance1 s in a crash loop 6 crashes, 5 seconds since last crash
Here is my configuration
root@turris:~# cat /etc/config/resolver
config resolver 'common'
list interface '0.0.0.0'
list interface '::0'
option port '53'
option keyfile '/etc/root.keys'
option verbose '0'
option msg_buffer_size '65552'
option msg_cache_size '20M'
option net_ipv6 '1'
option net_ipv4 '1'
option forward_upstream '0'
option prefered_resolver 'kresd'
option ignore_root_key '0'
option prefetch 'yes'
option static_domains '1'
option dynamic_domains '0'
option edns_buffer_size '1232'
config resolver 'kresd'
option rundir '/tmp/kresd'
option log_stderr '1'
option log_stdout '1'
option forks '1'
option keep_cache '1'
option include_config '/etc/kresd/custom.conf'
list hostname_config '/etc/hosts'
root@turris:~# cat /etc/kresd/custom.conf
-- make sure to include this config with
-- uci set resolver.kresd.include_config=/etc/kresd/custom.conf
-- see https://knot-resolver.readthedocs.io/en/stable/modules-policy.html
trust_anchors.add_file("/etc/kresd/kresd_root.keys", readwrite)
cache.ns_tout(1000)
-- DNS over VPN
-- Forward all dns queries to a server behind my VPN
policy.add(policy.all(
policy.FORWARD({'192.168.2.13'})
))