- tried on both amd64 & arm64 15.0-CURRENT minimal config: net.listen('127.0.0.1', 53, { kind = 'dns' }) startup: /usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf -q /var/run/kresd Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/ Thank you for your time and interest! [system] warning: hard limit for number of file-descriptors is only 65000 but recommended value is 524288 [io ] listen TCP (fastopen): Operation not permitted. This may be caused by TCP Fast Open being disabled in the OS. [timesk] cannot resolve '.' NS [taupd ] active refresh failed for . with rcode: 2 all lookups fail. running with -vv as well: /usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf -q /var/run/kresd -vv [system] Knot Resolver is tested on Linux, other platforms might exhibit bugs. Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/ Thank you for your time and interest! [system] warning: hard limit for number of file-descriptors is only 65000 but recommended value is 524288 [tls ] session ticket: epoch 422394, scheduling rotation check in 1975887 ms [wtchdg] systemd library not detected [ta ] installed trust anchors for domain . are: . 3600 DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D ; Valid: ; KeyTag:20326 . 3600 DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16 ; Valid: ; KeyTag:38696 [system] loading config '/usr/local/etc/knot-resolver/kresd.conf' (workdir '/var/run/kresd') [io ] listen TCP (fastopen): Operation not permitted. This may be caused by TCP Fast Open being disabled in the OS. [cache ] space pre-allocation failed and ignored; your (file)system probably doesn't support it. [system] loading config '/usr/local/lib/knot-resolver/postconfig.lua' (workdir '/var/run/kresd') [plan ][00000.00] plan '.' type 'NS' uid [65536.00] [iterat][65536.00] '.' type 'NS' new uid was assigned .01, parent uid .00 [resolv][65536.01] => using root hints [iterat][65536.01] '.' type 'NS' new uid was assigned .02, parent uid .00 [resolv][65536.02] >< TA: '.' [plan ][65536.02] plan '.' type 'DNSKEY' uid [65536.03] [iterat][65536.03] '.' type 'DNSKEY' new uid was assigned .04, parent uid .02 [cache ][65536.04] => satisfied by exact RRset: rank 060, new TTL 85618 [iterat][65536.04] <= rcode: NOERROR [valdtr][65536.04] <= parent: updating DNSKEY [valdtr][65536.04] <= answer valid, OK [iterat][65536.02] '.' type 'NS' new uid was assigned .05, parent uid .00 [select][65536.05] => id: '18085' choosing from addresses: 13 v4 + 13 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK [select][65536.05] => id: '18085' choosing: 'K.ROOT-SERVERS.NET.'@'2001:7fd::1#00053' with timeout 400 ms zone cut: '.' [resolv][65536.05] => id: '18085' querying: 'K.ROOT-SERVERS.NET.'@'2001:7fd::1#00053' zone cut: '.' qname: '.' qtype: 'NS' proto: 'udp' [resolv][65536.04] AD: request NOT classified as SECURE [resolv][65536.05] finished in state: 8, queries: 1, mempool: 98352 B [primin] cannot resolve '.' NS, next priming query in 10 seconds [plan ][00000.00] plan '.' type 'NS' uid [65537.00] [iterat][65537.00] '.' type 'NS' new uid was assigned .01, parent uid .00 [resolv][65537.01] => using root hints [iterat][65537.01] '.' type 'NS' new uid was assigned .02, parent uid .00 [select][65537.02] => id: '38240' choosing from addresses: 13 v4 + 13 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK [select][65537.02] => id: '38240' choosing: 'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '.' [resolv][65537.02] => id: '38240' querying: 'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: '.' qtype: 'NS' proto: 'udp' [resolv][65537.00] request failed, answering with empty SERVFAIL [resolv][65537.02] finished in state: 8, queries: 0, mempool: 98352 B [timesk] cannot resolve '.' NS [taupd ] refreshing TA for . [plan ][00000.00] plan '.' type 'DNSKEY' uid [65538.00] [iterat][65538.00] '.' type 'DNSKEY' new uid was assigned .01, parent uid .00 [resolv][65538.01] => using root hints [iterat][65538.01] '.' type 'DNSKEY' new uid was assigned .02, parent uid .00 [resolv][65538.02] >< TA: '.' [select][65538.02] => id: '51387' choosing from addresses: 13 v4 + 13 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK [select][65538.02] => id: '51387' choosing: 'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '.' [resolv][65538.02] => id: '51387' querying: 'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: '.' qtype: 'DNSKEY' proto: 'udp' [resolv][65538.00] request failed, answering with empty SERVFAIL [resolv][65538.02] finished in state: 8, queries: 0, mempool: 98352 B [taupd ] active refresh failed for . with rcode: 2 [taupd ] next refresh for . in 1 hours [plan ][00000.00] plan 'skunkwerks.at.' type 'A' uid [29461.00] [iterat][29461.00] 'skunkwerks.at.' type 'A' new uid was assigned .01, parent uid .00 [resolv][29461.01] => using root hints [iterat][29461.01] 'skunkwerks.at.' type 'A' new uid was assigned .02, parent uid .00 [resolv][29461.02] >< TA: '.' [plan ][29461.02] plan '.' type 'DNSKEY' uid [29461.03] [iterat][29461.03] '.' type 'DNSKEY' new uid was assigned .04, parent uid .02 [cache ][29461.04] => satisfied by exact RRset: rank 060, new TTL 85609 [iterat][29461.04] <= rcode: NOERROR [valdtr][29461.04] <= parent: updating DNSKEY [valdtr][29461.04] <= answer valid, OK [iterat][29461.02] 'skunkwerks.at.' type 'A' new uid was assigned .05, parent uid .00 [select][29461.05] => id: '58378' choosing from addresses: 13 v4 + 13 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK [select][29461.05] => id: '58378' choosing: 'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' with timeout 400 ms zone cut: '.' [resolv][29461.05] => id: '58378' querying: 'C.ROOT-SERVERS.NET.'@'2001:500:2::c#00053' zone cut: '.' qname: 'at.' qtype: 'NS' proto: 'udp' [resolv][29461.04] AD: request NOT classified as SECURE [resolv][29461.05] finished in state: 8, queries: 1, mempool: 32800 B [plan ][00000.00] plan '.' type 'NS' uid [65539.00] [iterat][65539.00] '.' type 'NS' new uid was assigned .01, parent uid .00 [resolv][65539.01] => using root hints [iterat][65539.01] '.' type 'NS' new uid was assigned .02, parent uid .00 [resolv][65539.02] >< TA: '.' [plan ][65539.02] plan '.' type 'DNSKEY' uid [65539.03] [iterat][65539.03] '.' type 'DNSKEY' new uid was assigned .04, parent uid .02 [cache ][65539.04] => satisfied by exact RRset: rank 060, new TTL 85608 [iterat][65539.04] <= rcode: NOERROR [valdtr][65539.04] <= parent: updating DNSKEY [valdtr][65539.04] <= answer valid, OK [iterat][65539.02] '.' type 'NS' new uid was assigned .05, parent uid .00 [select][65539.05] => id: '12229' choosing from addresses: 13 v4 + 13 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK [select][65539.05] => id: '12229' choosing: 'G.ROOT-SERVERS.NET.'@'2001:500:12::d0d#00053' with timeout 400 ms zone cut: '.' [resolv][65539.05] => id: '12229' querying: 'G.ROOT-SERVERS.NET.'@'2001:500:12::d0d#00053' zone cut: '.' qname: '.' qtype: 'NS' proto: 'udp' [resolv][65539.04] AD: request NOT classified as SECURE [resolv][65539.05] finished in state: 8, queries: 1, mempool: 98352 B [primin] cannot resolve '.' NS, next priming query in 10 seconds all lookups fail. NB I also tried removing root.* and letting it re-fetch them, however that fails too: [system] Knot Resolver is tested on Linux, other platforms might exhibit bugs. Please report issues to https://gitlab.nic.cz/knot/knot-resolver/issues/ Thank you for your time and interest! [system] warning: hard limit for number of file-descriptors is only 65000 but recommended value is 524288 [system] error /usr/local/lib/knot-resolver/trust_anchors.lua:336: [ ta ] fetch of "https://data.iana.org/root-anchors/root-anchors.xml" failed: error: lua-http and luaossl libraries are missing (but required) [ ta ] Failed to bootstrap root trust anchors!
issue also reproduced on 14.1-RELEASE with 5.7.4.
ACK; I just noticed this PR now. Will have a look at possible cause (but FYI I'm running 5.7.4 fine on 14.2).
(In reply to Dave Cottlehuber from comment #1) I kept icann-ca.pem and root.hints and root.keys in place. Made a kresd.conf.tst net.listen('127.0.0.1', 53) modules = { 'hints > iterate', 'stats', 'predict' } cache.size = 100 * MB then /usr/local/sbin/kresd -c /usr/local/etc/knot-resolver/kresd.conf.tst -q /var/run/kresd -vv shows startup going fine, queries getting in, and being replied. However, yes I managed to replicate reported error, when removing the installed files and making the minimal config apparently less than what's minimal needed.
so these minimal files, can we at least list them in pkg-message, or alternatively ship the port with suitable default files as .sample?
^Triage: note that in general, we use "maintainer-feedback?" to notify maintainers, and do not assign the PR to them, on the theory that if they are not a committer, they cannot do the commit. Hat: bugmeister