Knot DNS issueshttps://gitlab.nic.cz/knot/knot-dns/-/issues2018-02-14T23:52:41+01:00https://gitlab.nic.cz/knot/knot-dns/-/issues/288DDNS: responses from server are not signed2018-02-14T23:52:41+01:00Jan VčelákDDNS: responses from server are not signedResponses for signed DDNS updates are not signed.
```
server 127.0.0.1 53533
update add test.example.com. 60 TXT "test"
show
send
```
```
Update query:
;; ->>HEADER<<- opcode: UPDATE; status: NOERROR; id: 58816
;; Flags: ; ...Responses for signed DDNS updates are not signed.
```
server 127.0.0.1 53533
update add test.example.com. 60 TXT "test"
show
send
```
```
Update query:
;; ->>HEADER<<- opcode: UPDATE; status: NOERROR; id: 58816
;; Flags: ; ZONE: 1; PREREQ: 0; UPDATE: 1; ADDITIONAL: 0
;; ZONE SECTION:
;; example.com. IN SOA
;; UPDATE SECTION:
test.example.com. 60 IN TXT "test"
; TSIG error with server: Expected a TSIG or SIG(0)
```v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/287nsupdate: SOA RRset prerequisite does not work2014-08-18T19:20:11+02:00Ondřej Caletkansupdate: SOA RRset prerequisite does not workLet there be a zone with contents:
```
example.com. 60 IN SOA n71.nebula.cesnet.cz. root.example.com. 20 120 10 3600 60
example.com. 60 NS n71.nebula.cesnet.cz.
```
When trying to do a...Let there be a zone with contents:
```
example.com. 60 IN SOA n71.nebula.cesnet.cz. root.example.com. 20 120 10 3600 60
example.com. 60 NS n71.nebula.cesnet.cz.
```
When trying to do a DDNS update using `nsupdate` utility from BIND, using the SOA rrset as a prerequisite does not work:
```
$ nsupdate
> server n71.nebula.cesnet.cz.
> prereq yxrrset example.com. IN SOA n71.nebula.cesnet.cz. root.example.com. 20 120 10 3600 60
> update add test.example.com. 60 IN TXT "TEST"
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; PREREQUISITE SECTION:
example.com. 0 IN SOA n71.nebula.cesnet.cz. root.example.com. 20 120 10 3600 60
;; UPDATE SECTION:
test.example.com. 60 IN TXT "TEST"
> send
update failed: NOTZONE
```v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/286OPT in authority section2014-08-18T19:20:11+02:00Daniel SalzmanOPT in authority sectionKnot parses OPT record in authority section like regular EDNS0 extension.Knot parses OPT record in authority section like regular EDNS0 extension.v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/285DNSSEC, but no RRSIGs2017-11-19T08:51:57+01:00Ondřej SurýDNSSEC, but no RRSIGsI have recently added two new zones (dns.rock and dns.bike), generated new keys and issuing `knot reload` with dnssec-enabled on;
The logfile doesn't show anything helpful:
```
Aug 11 09:35:54 pagan knot[16184]: Zone 'dns.rocks.' ...I have recently added two new zones (dns.rock and dns.bike), generated new keys and issuing `knot reload` with dnssec-enabled on;
The logfile doesn't show anything helpful:
```
Aug 11 09:35:54 pagan knot[16184]: Zone 'dns.rocks.' will be loaded (serial 0)
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing started...
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [error] DNSSEC: Zone dns.rocks. - No keys for signing.
Aug 11 09:35:54 pagan knot[16184]: [error] Zone 'dns.rocks.' failed to store changes in the journal - No keys for signing.
Aug 11 09:35:54 pagan knot[16184]: [error] Zone 'dns.rocks.' event 'reload' failed - No keys for signing.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+15472.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
Aug 11 09:35:54 pagan knot[16184]: [warning] DNSSEC: Failed to load key Kdns.rocks.+008+11719.private: Cannot open private key file.
```
Fixed the permissions on /etc/knot/keys/Kdns.* to knot:knot
```
Aug 11 09:36:05 pagan knot[16184]: Remote command: 'signzone dns.rocks.'
Aug 11 09:36:05 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Complete resign started (dropping all previous signatures)...
Aug 11 09:36:05 pagan knot[16184]: [error] Zone 'dns.rocks.' event 'DNSSEC resign' failed - Invalid parameter.
Aug 11 09:37:06 pagan knot[16184]: Zone 'dns.rocks.' will be reloaded (serial 0)
Aug 11 09:37:06 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing started...
Aug 11 09:37:06 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 15472, file Kdns.rocks.+008+15472.private, KSK, active, public
Aug 11 09:37:06 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 11719, file Kdns.rocks.+008+11719.private, KSK, active, public
Aug 11 09:37:06 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Successfully signed.
Aug 11 09:37:06 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Next event on 2014-09-07T09:37:06.
Aug 11 09:37:06 pagan knot[16184]: Zone 'dns.rocks.' loaded (0 -> 1407742626).
Aug 11 09:37:10 pagan knot[16184]: Remote command: 'signzone dns.rocks.'
Aug 11 09:37:10 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Complete resign started (dropping all previous signatures)...
Aug 11 09:37:10 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing started...
Aug 11 09:37:10 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 15472, file Kdns.rocks.+008+15472.private, KSK, active, public
Aug 11 09:37:10 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 11719, file Kdns.rocks.+008+11719.private, KSK, active, public
Aug 11 09:37:10 pagan knot[16184]: DNSSEC: Zone dns.rocks. - No signing performed, zone is valid.
Aug 11 09:37:10 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Next event on 2014-09-07T09:37:10.
Aug 11 09:37:10 pagan knot[16184]: [error] NOTIFY of 'dns.rocks.' from '81.91.84.116@53': Server responded with NOTAUTH.
Aug 11 09:37:10 pagan knot[16184]: [warning] NOTIFY of 'dns.rocks.' with '81.91.84.116@53': Failed.
Aug 11 09:37:10 pagan knot[16184]: [error] NOTIFY of 'dns.rocks.' from '2001:1568:b::145@53': Server responded with NOTAUTH.
Aug 11 09:37:10 pagan knot[16184]: [warning] NOTIFY of 'dns.rocks.' with '2001:1568:b::145@53': Failed.
Aug 11 09:37:10 pagan knot[16184]: [error] NOTIFY of 'dns.rocks.' from '2001:1568:b:145::1@53': Server responded with NOTAUTH.
Aug 11 09:37:10 pagan knot[16184]: [warning] NOTIFY of 'dns.rocks.' with '2001:1568:b:145::1@53': Failed.
Aug 11 09:45:02 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@58554': Started (serial 1407742626).
Aug 11 09:45:02 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@58554': Finished in 0.00s (1 messages, ~1.5 KiB).
Aug 11 09:45:29 pagan knot[16184]: Zone 'dns.rocks.' is up-to-date (serial 1407742626)
Aug 11 09:45:29 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing zone...
Aug 11 09:45:29 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing started...
Aug 11 09:45:29 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 15472, file Kdns.rocks.+008+15472.private, KSK, active, public
Aug 11 09:45:29 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 11719, file Kdns.rocks.+008+11719.private, KSK, active, public
Aug 11 09:45:29 pagan knot[16184]: DNSSEC: Zone dns.rocks. - No signing performed, zone is valid.
Aug 11 09:45:29 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Next event on 2014-09-07T09:45:29.
Aug 11 09:45:55 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@36025': Started (serial 1407742626).
Aug 11 09:45:55 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@36025': Finished in 0.00s (1 messages, ~1.5 KiB).
Aug 11 09:46:24 pagan knot[16184]: Zone 'dns.rocks.' will be reloaded (serial 1407742626)
Aug 11 09:46:24 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing started...
Aug 11 09:46:24 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 15472, file Kdns.rocks.+008+15472.private, KSK, active, public
Aug 11 09:46:24 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 11719, file Kdns.rocks.+008+11719.private, KSK, active, public
Aug 11 09:46:24 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Successfully signed.
Aug 11 09:46:24 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Next event on 2014-09-07T09:46:24.
Aug 11 09:46:24 pagan knot[16184]: Zone 'dns.rocks.' loaded (1407742626 -> 1407743184).
Aug 11 09:46:30 pagan knot[16184]: Remote command: 'signzone dns.bike.'
Aug 11 09:46:33 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@44529': Started (serial 1407743184).
Aug 11 09:46:33 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@44529': Finished in 0.00s (1 messages, ~1.5 KiB).
Aug 11 09:47:27 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@60582': Started (serial 1407743184).
Aug 11 09:47:27 pagan knot[16184]: Outgoing AXFR of 'dns.rocks.' with '81.91.84.116@60582': Finished in 0.00s (1 messages, ~1.5 KiB).
Aug 11 09:47:53 pagan knot[16184]: Remote command: 'signzone dns.bike.'
Aug 11 09:48:53 pagan knot[16184]: Zone 'dns.rocks.' is up-to-date (serial 1407743184)
Aug 11 09:48:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing zone...
Aug 11 09:48:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Signing started...
Aug 11 09:48:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 15472, file Kdns.rocks.+008+15472.private, KSK, active, public
Aug 11 09:48:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - - Loaded key 11719, file Kdns.rocks.+008+11719.private, KSK, active, public
Aug 11 09:48:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - No signing performed, zone is valid.
Aug 11 09:48:54 pagan knot[16184]: DNSSEC: Zone dns.rocks. - Next event on 2014-09-07T09:48:54.
```
Full configuration, zones and keys sent in private email.v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/282Knot 1.5.0 gives a strange RCODE for EDNS=1 instead of BADVERS2014-08-18T19:20:11+02:00Anand BuddhdevKnot 1.5.0 gives a strange RCODE for EDNS=1 instead of BADVERS```
$ dig +edns=1 ripe.net @ns2.ams.authdns.ripe.net
; <<>> DiG 9.10.0-P2 <<>> +edns=1 ripe.net @ns2.ams.authdns.ripe.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: ?256, id: 3362
;; flags: qr a...```
$ dig +edns=1 ripe.net @ns2.ams.authdns.ripe.net
; <<>> DiG 9.10.0-P2 <<>> +edns=1 ripe.net @ns2.ams.authdns.ripe.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: ?256, id: 3362
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ripe.net. IN A
;; ANSWER SECTION:
ripe.net. 21600 IN A 193.0.6.139
;; AUTHORITY SECTION:
ripe.net. 3600 IN NS ns3.nic.fr.
ripe.net. 3600 IN NS pri.authdns.ripe.net.
ripe.net. 3600 IN NS sec1.apnic.net.
ripe.net. 3600 IN NS sec3.apnic.net.
ripe.net. 3600 IN NS sns-pb.isc.org.
ripe.net. 3600 IN NS tinnie.arin.net.
;; ADDITIONAL SECTION:
pri.authdns.ripe.net. 3600 IN A 193.0.9.5
pri.authdns.ripe.net. 3600 IN AAAA 2001:67c:e0::5
;; Query time: 11 msec
;; SERVER: 193.0.0.101#53(193.0.0.101)
;; WHEN: Mon Aug 11 10:49:53 CEST 2014
;; MSG SIZE rcvd: 256
```v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/280knotc checkzone should parse full command line input2014-08-18T19:20:11+02:00Ondřej Surýknotc checkzone should parse full command line input```shell:
# knotc checkzone dns.rocksaaaa
2014-08-11T09:53:35 Zone 'dns.rocks.' OK.
```shell:
# knotc checkzone dns.rocksaaaa
2014-08-11T09:53:35 Zone 'dns.rocks.' OK.
v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/279knotc signzone should fail on non-existent domains2014-08-18T19:20:11+02:00Ondřej Surýknotc signzone should fail on non-existent domains```shell:
# knotc signzone jsdjklgsgjklsdgjklsdg
OK```shell:
# knotc signzone jsdjklgsgjklsdgjklsdg
OKv1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/276DNSSEC: RDATA are not converted to canonical form before computing signature2017-11-19T08:51:57+01:00Jan VčelákDNSSEC: RDATA are not converted to canonical form before computing signatureFollowing SOA will result in bogus signature:
````
example.com. 3600 IN SOA alfa.example.com. Postmaster.example.com. 2014080509 900 900 86400 1800
```Following SOA will result in bogus signature:
````
example.com. 3600 IN SOA alfa.example.com. Postmaster.example.com. 2014080509 900 900 86400 1800
```v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/275knsupdate: Origin not honored when deleting2014-08-18T19:20:11+02:00Ondřej Caletkaknsupdate: Origin not honored when deletingSee this `knsupdate` session (version 1.5.0):
```
# knsupdate
zone example.com
origin example.com
add test 60 TXT "testik"
send
del test
send
; Error: update failed: NOTZONE
del test.example.com.
send
```See this `knsupdate` session (version 1.5.0):
```
# knsupdate
zone example.com
origin example.com
add test 60 TXT "testik"
send
del test
send
; Error: update failed: NOTZONE
del test.example.com.
send
```v1.5.1Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/issues/272Bug in remotes handling of via keyword pointing to defined interface2018-02-14T23:52:41+01:00Ghost UserBug in remotes handling of via keyword pointing to defined interface```
interfaces {
interface_one { address 0.0.0.0; port 53; }
interface_two {address [::]; port 53; }
}
remotes {
master0 {
address [2001:db8::1]@53;
via interface_two;
}
}
zones {
sto...```
interfaces {
interface_one { address 0.0.0.0; port 53; }
interface_two {address [::]; port 53; }
}
remotes {
master0 {
address [2001:db8::1]@53;
via interface_two;
}
}
zones {
storage "/var/cache/knot";
domain.example {
file "domain.example.db";
xfr-in master0;
notify-in master0;
}
}
```
Attempt to run with this configuration will cause following error:
```
2014-07-21T13:57:24 [error] Cannot bind to address '::@53': Address already in use.
2014-07-21T13:57:24 [error] AXFR of 'domain.example.' with '2001:db8::1@53': Connection reset.
```v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/271Missing denied AXFR from the logs2014-08-18T19:20:11+02:00Ondřej SurýMissing denied AXFR from the logs```
ondrej@trubka:~$ dig IN AXFR vesperumbris.cz @pagan.rfc1925.org
; <<>> DiG 9.9.4 <<>> IN AXFR vesperumbris.cz @pagan.rfc1925.org
;; global options: +cmd
; Transfer failed.
```
And nothing shows in the logs, as opposed to:
...```
ondrej@trubka:~$ dig IN AXFR vesperumbris.cz @pagan.rfc1925.org
; <<>> DiG 9.9.4 <<>> IN AXFR vesperumbris.cz @pagan.rfc1925.org
;; global options: +cmd
; Transfer failed.
```
And nothing shows in the logs, as opposed to:
```
ondrej@trubka:~$ dig IN IXFR=0 vesperumbris.cz @pagan.rfc1925.org
; <<>> DiG 9.9.4 <<>> IN IXFR=0 vesperumbris.cz @pagan.rfc1925.org
;; global options: +cmd
; Transfer failed.
```
this correctly logs the error:
```
Jul 16 10:47:52 pagan.rfc1925.org knot[16184]: [error] Outgoing IXFR of 'vesperumbris.cz.' with '2001:1568:b:145::1@60116': Failed to start (Not allowed.).
```
v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/268knotc memstats anomaly2014-08-18T19:20:11+02:00Anand Buddhdevknotc memstats anomalyIn 1.5.0, I tried to use knotc's memstats command. With one instance, I get:
knotc -c /etc/knot/arpa.conf memstats
2014-07-09T20:48:51 Zone ip6-servers.arpa.: 51 RRs, used memory estimation is 0MB.
2014-07-09T20:48:51 Zone in-ad...In 1.5.0, I tried to use knotc's memstats command. With one instance, I get:
knotc -c /etc/knot/arpa.conf memstats
2014-07-09T20:48:51 Zone ip6-servers.arpa.: 51 RRs, used memory estimation is 0MB.
2014-07-09T20:48:51 Zone in-addr.arpa.: 2499 RRs, used memory estimation is 0MB.
2014-07-09T20:48:51 Zone in-addr-servers.arpa.: 51 RRs, used memory estimation is 0MB.
2014-07-09T20:48:51 Zone ip6.arpa.: 641 RRs, used memory estimation is 0MB.
2014-07-09T20:48:51 Estimated memory consumption for all zones is 0MB.
Note that the last line reports the total usage. The fact that the zones are so small means that the usage is still printed as 0MB, which is not too useful. However, it's not a big deal.
Next up, I did:
knotc -c /etc/knot/knot.conf memstats
2014-07-09T20:43:18 Zone 1.94.in-addr.arpa.: 516 RRs, used memory estimation is 0MB.
2014-07-09T20:43:18 [error] Could not load zone 0.d.e.0.0.0.a.2.ip6.arpa.
2014-07-09T20:43:18 Zone 3.4.1.0.0.2.ip6.arpa.: 252 RRs, used memory estimation is 0MB.
...
...
2014-07-09T20:44:28 Zone dentiste.mc.: 6 RRs, used memory estimation is 0MB.
2014-07-09T20:44:28 Zone ipv6roadshow.net.: 16 RRs, used memory estimation is 0MB.
2014-07-09T20:44:28 Zone nsap.int.: 30 RRs, used memory estimation is 0MB.
In this second run, knotc did not print a total estimated memory usage. Could it be that some zone files were not found?v1.5.1https://gitlab.nic.cz/knot/knot-dns/-/issues/266Logging improvements2014-08-18T19:20:12+02:00Anand BuddhdevLogging improvementsWhile 1.5.0 is not yet final, may I suggest some logging improvements?
I notice that Knot emits log entries with quotes around some elements, but not others. This makes it more work to parse and process the logs, because I have to str...While 1.5.0 is not yet final, may I suggest some logging improvements?
I notice that Knot emits log entries with quotes around some elements, but not others. This makes it more work to parse and process the logs, because I have to strip the quotes during post-processing. Additionally, the stop at the end of most log lines is IMHO unnecessary. Also, not all log lines have it. Would you consider just dropping all final stops?
An example is:
2014-07-08T15:23:22 Zone 'ip6.arpa.' loaded (0 -> 2014061774).
Could you make this just log as:
2014-07-08T15:23:22 Zone ip6.arpa. loaded (0 -> 2014061774)
Next up, the NOTIFY logs look like this:
2014-07-08T15:24:34 NOTIFY of 'ip6.arpa.' with '193.0.0.198@53535': received serial 2014061776.
Could you change them to:
2014-07-08T15:24:34 NOTIFY of ip6.arpa. from 193.0.0.198@53535 with key ripencc-arpa: Received serial 2014061776
This makes it clearer that a signed NOTIFY came in. If the NOTIFY message was not signed, you would leave out the "with key XXXX" part. Or log it as "with key NONE" (so that parsing these log lines can be done with the same regex).
One more logging inconsistency is this:
2014-07-08T15:23:22 [notice] IXFR of 'in-addr.arpa.' with '193.0.0.198@53': Fallback to AXFR.
This should probably be:
2014-07-08T15:23:22 [notice] IXFR of in-addr.arpa. from 193.0.0.198@53: Fallback to AXFR
Next, I like that Knot logs the size of an AXFR, but I don't like that fact that it is rounded up. Instead of logging:
2014-07-08T15:23:22 Incoming AXFR of 'ip6.arpa.' from '193.0.0.198@53': Finished in 0.00s (1 messages, ~32.0 KiB).
could you please log it as:
2014-07-08T15:23:22 Incoming AXFR of ip6.arpa. from 193.0.0.198@53: Finished in 0.00s (1 messages, 32000 bytes)
Finally, the case of log entries is not consistent. Compare the following 2 lines:
2014-07-08T15:23:22 Refresh of 'ip6-servers.arpa.' from '193.0.0.198@53': master has newer serial 2014052294 -> 2014052295.
2014-07-08T15:23:22 Refresh of 'in-addr-servers.arpa.' from '193.0.0.198@53': Zone is up-to-date.
In the first line, the message after the colon starts with 'master', ie. lowercase 'm'. In the next log entry, the message after the colon starts with 'Zone', ie. uppercase 'Z'. IMHO, case is totally unnecessary with logging, and if you log everything with just lowercase, and dispense with stops, then it is much easier to maintain consistency. After all, logs are not prose, and should be easy to parse with scripts, so consistency would help.v1.5.1