I forgot I had the "serve-expired: yes" on in my Unbound config, after I switched it off Knot is faster.
I did not turn off 'predict' in Knot because that's more like Unbounds 'prefetch' and not like 'serve-expired', however I do not use Knot's 'serve_stale < cache'.
Been trying to set up Knot Resolver while I have Unbound active to test out but I cannot get to start on DietPi with the latest update and PiHole.
● kresd@1.service - Knot Resolver daemon
Loaded: loaded (/lib/systemd/system/kresd@.service; enabled; vendor preset: enabled)
Active: failed (Result: signal) since Fri 2019-06-07 17:02:11 CDT; 3h 10min ago
Docs: man:kresd.systemd(7)
man:kresd(8)
Process: 4878 ExecStart=/usr/sbin/kresd --config=/etc/knot-resolver/kresd.conf (code=killed,
signal=ILL)
Main PID: 4878 (code=killed, signal=ILL)
Jun 07 17:02:10 DietPi systemd[1]: kresd@1.service: Unit entered failed state.
Jun 07 17:02:10 DietPi systemd[1]: kresd@1.service: Failed with result 'signal'.
Jun 07 17:02:11 DietPi systemd[1]: kresd@1.service: Service hold-off time over, scheduling restart.
Jun 07 17:02:11 DietPi systemd[1]: Stopped Knot Resolver daemon.
Jun 07 17:02:11 DietPi systemd[1]: kresd@1.service: Start request repeated too quickly.
Jun 07 17:02:11 DietPi systemd[1]: Failed to start Knot Resolver daemon.
Jun 07 17:02:11 DietPi systemd[1]: kresd@1.service: Unit entered failed state.
Jun 07 17:02:11 DietPi systemd[1]: kresd@1.service: Failed with result 'signal'.
Jun 07 17:02:10 DietPi systemd[1]: Failed to listen on kresd.socket.
Jun 07 17:02:11 DietPi systemd[1]: kresd.socket: Socket service kresd.service not loaded, refus
ing.
Jun 07 17:02:11 DietPi systemd[1]: Failed to listen on kresd.socket.
This is what I am getting as an error. Seems to be the socket which I have set as:
[Socket]
ListenDatagram=
ListenStream=
ListenDatagram=127.0.0.1:53000
ListenStream=127.0.0.1:53000
Here is my config which is just copied from here:
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: http://knot-resolver.readthedocs.org/en/stable/daemon.html#configuration
-- Network interface configuration: see kresd.systemd(7)
-- For DNS-over-HTTPS and web management when using http module
-- modules.load('http')
-- http.config({
-- cert = '/etc/knot-resolver/mycert.crt',
-- key = '/etc/knot-resolver/mykey.key',
-- tls = true,
-- })
-- To disable DNSSEC validation, uncomment the following line (not recommended)
-- trust_anchors.remove('.')
-- Load useful modules
modules = {
'hints > iterate', -- Load /etc/hosts and allow custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
}
-- Cache size
cache.size = 100 * MB
Try adding..
verbose(true)
...and see if you can get more details on what is failing.
Seems to be most of the failure is coming from wanting to listen on 127.0.0.1#53 which I cannot figure out how to change. I do have my socket pointed at 127.0.0.1#53555.
Try doing a "systemctl daemon-reload"?
Same error. For now I'll just put in a pin in it. I am using the latest dietpi and maybe they'll add it as a service in the future.
unbound is working fine it was just to try out. plus I remember using Lua back when I used awesomewm for arch linux.
Nothing seems to work at this time so I'll just move on for now. Same error where it will not start the socket but does not give a lot of information even with verbose on.
In my example configuration (kresd.socket), you will notice I don't use 127.0.0.1 but 127.10.10.5. I do the same for unbound( different IPv4), configuration example here.
content of kresd.socket:
[Unit]
Description=Knot Resolver DNS socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
FreeBind=true
BindIPv6Only=both
FileDescriptorName=dns
ListenDatagram=127.10.10.5:5555
ListenStream=127.10.10.5:5555
Service=kresd@1.service
Slice=system-kresd.slice
[Install]
WantedBy=sockets.target
You don't have to do anything to add the IPv4 address to the system, you just have to reconfigure the server= entries in /etc/dnsmasq.d/01-pihole.conf
Advantage: by adding the IP adresses with a description to the host file, you'll get a more descriptive pihole graph:
Entries in the host file (example, including IPv6 entries):
# dnscrypt-proxy v2
127.10.10.4 dnscrypt-IPv4
fdaa:bbcc:ddee:2::5554 dnscrypt-IPv6
# knot-resolver
127.10.10.5 knot-resolver-IPv4
fdaa:bbcc:ddee:2::5555 knot-resolver-IPv6
# unbound
127.10.10.2 unbound-IPv4
fdaa:bbcc:ddee:2::5552 unbound-IPv6
WARNING: if you are going to use IPv6 entries, the IPv6 address must exist on the system BEFORE starting the resolver!!!
Never had any problem with this configuration...
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: http://knot-resolver.readthedocs.org/en/stable/daemon.html#configuration
-- Network interface configuration: see kresd.systemd(7)
-- For DNS-over-HTTPS and web management when using http module
-- modules.load('http')
-- http.config({
-- cert = '/etc/knot-resolver/mycert.crt',
-- key = '/etc/knot-resolver/mykey.key',
-- tls = true,
-- })
-- To disable DNSSEC validation, uncomment the following line (not recommended)
-- trust_anchors.remove('.')
-- Load useful modules
modules = {
'hints > iterate', -- Load /etc/hosts and allow custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
}
-- Cache size
cache.size = 100 * MB
cache.min_ttl(3600)
cache.max_ttl(86400)
modules.load('prefill')
prefill.config({
['.'] = {
url = 'https://www.internic.net/domain/root.zone',
ca_file = '/etc/ssl/certs/ca-certificates.crt',
interval = 86400 -- seconds
}
})
hints.root({
['i.root-servers.net.'] = { '2001:7fe::53', '192.36.148.17' }
})
Hey guys, im trying to install knot resolver on my pi zero, managed to get version 3 from the standard repo. How do i update to 4.2? Currently v3 wont start with prefill and root hints defined. Without prefill it feels sluggishhhhh. =( Help please.
You will need to uninstall v3 and install v4.2 from their own repo.
1 Like
which one is source for raspberry? i tried adding debian one. but that didnt work. care to point me to the right direction?
Debian 9 or 10 depending on if you run Raspbian Stretch or Buster. Should work fine, I've used both myself. What happens when you try?
Mine is on buster. I tried adding debian 10. Then it no 4.2 came out. So i checked the source list just to find this instead "no upstream repo available for: raspbian 10 armv6l"
Can u explain how u do it. I copy pasted these;
sudi echo 'deb Index of /repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_10 /' > sudo /etc/apt/sources.list.d/home:CZ-NIC:knot-resolver-latest.list
Sudo apt-get update
Sudo apt-get install knot-resolver
Nothing happened. I checked inside the source list and its not there. Tried adding it manually using nano. Then this came out after apt update
Err:4 http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_10 buster Release
404 Not Found [IP: 195.135.221.134 80]
What am i missing here?
Ah I see, which Pi model are you installing it on? Looks like there is only armv7 build for Knot-resolver and you are using a Pi with armv6 arch...
Its pi zero v1.3. the non wifi model. Its not supported?
Nope, looks like Knot doesn't have a repo for armv6 which is the zero arch.