Re: [knot-dns-users] multimaster docs?

2014-08-29 Thread Marek Vavruša
://lists.isc.org/pipermail/bind-users/2012-August/088413.html http://technet.microsoft.com/en-us/library/cc959273.aspx Marek Vavruša wrote: Hi Nicolas, there isn't much to point. The `xfr-in` clause in the configuration accepts multiple remotes. The first in the list is treated as primary

Re: [knot-dns-users] Knot 1.6.1 and full journal

2014-12-15 Thread Marek Vavruša
Just a follow-up - as Jan wrote, there's no file size shrinking implemented in the journal. Moreover, the file does not cap exactly at the configured limit, for example a journal may be treated as full if the journal size is 9M, the configured limit is 10M, and the next update requests = 1M of

Re: [knot-dns-users] Use of recvmmsg in Knot

2015-04-16 Thread Marek Vavruša
Hi Anand, On 16 April 2015 at 16:45, Anand Buddhdev ana...@ripe.net wrote: Dear Knot developers, In Knot 1.6.3, is it safe to leave out the interfaces section of the config on a multi-homed server? Will Knot enumerate all the addresses on the host and bind to them, or will it bind to 0.0.0.0

Re: [knot-dns-users] [Knot-Resolver] "I yielded, not you" issue

2015-11-13 Thread Marek Vavruša
Hi Florian, On 6 November 2015 at 16:02, Florian Maury wrote: > Hi everyone, > > While working on my Knot-Resolver (kr) module, I came to think that the > current YIELD mechanism for layers will not work properly, if multiple > YIELD-enabled modules are loaded

Re: [knot-dns-users] should NSEC3 be default?

2016-06-09 Thread Marek Vavruša
+1 to Matthijs. NSEC has been a sane default for a while and people who want NSEC3 have already enabled it. Changing it would break the rule of least surprise in current deployments, when zones signed using and old policy would be NSEC and zones signed with a new policy NSEC3. That's something

Re: [knot-dns-users] Question about "views" and "RPZ"

2016-05-19 Thread Marek Vavruša
Hey Jake, yes it does, RPZ is supported for views as is any other policy. There's an example of setting RPZ for a source-address subnet view in the documentation: http://knot-resolver.readthedocs.io/en/latest/modules.html#id3 Cheers, Marek > Does KnotDNS Resolver support the use of different

Re: [knot-dns-users] dnsproxy module performance

2016-08-15 Thread Marek Vavruša
Hey Matthijs, On 15 August 2016 at 06:32, Matthijs Mekking wrote: > Hi Jan, > > Thanks for your response. Some comments inline: > > On 15-08-16 14:29, Jan Včelák wrote: > >> Hi Matthijs, >> >> processing of queries in Knot DNS is synchronous. So the UDP thread is >>

Re: [knot-dns-users] dnsproxy module performance

2016-08-22 Thread Marek Vavruša
Hi Matthijs, On 22 August 2016 at 06:21, Matthijs Mekking <matth...@pletterpet.nl> wrote: > Hi Marek, > > Thanks for your pointers, I really appreciate it. > > On 15-08-16 19:27, Marek Vavruša wrote: > >> Hey Matthijs, >> >> On 15 August 2016 at 06:32

Re: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

2016-10-15 Thread Marek Vavruša
Hi, dnsmasq is caching forwarder, knot resolver is full resolver (but can be configured as forwarder too). As in your 5-step list: you have to install it, modify /etc/resolv.conf as in step 2, and then start it (kresd -k /var/something/root.keys). If you want to forward to full recursors like