Knot DNS 2 Agent backend

Knot DNS 2 Agent backend

Knot DNS 2 User documentation

This page documents the Agent backend for Knot DNS.

The agent runs on the same host as the resolver. It receives DNS messages from Mini DNS using private DNS OPCODEs and classes and creates or deletes zones on Knot using the knotc tool. It also instructs Knot to request AXFR from MiniDNS when a zone is created or updated.

Support matrix:

Knot DNS 2.x documentation

Setting up Knot DNS on Ubuntu Trusty

Knot DNS 2.1 is not part of Ubuntu Trusty. You can ues the CZ.NIC PPA with:

service pdns stop
add-apt-repository ppa:cz.nic-labs/knot-dns
apt-get update
apt-get install knot

Configuring Knot DNS

Assuming Knot has been freshly installed on the system, run as root:

# Monitor syslog during the next steps
tail -f /var/log/syslog

# Start the daemon, ensure it's running
service knot start
netstat -npltu | grep knotd

# Create the config database
knotc conf-init

# Edit /etc/default/knot
# Set the variable:
# KNOTD_ARGS="-C /var/lib/knot/confdb"

# Restart
service knot restart

# Check if the deamon is still running from the conf file in /etc/knot/
ps axuw | grep knotd

# if so, apply this workaround for bug
( cd /etc/default/ && ln -s knot knotd )
service knot restart
ps axuw | grep knotd

# Ensure the confdb is present
test -f /var/lib/knot/confdb/data.mdb && echo OK

# Create the configuration
# Populate the variable with the MiniDNS ipaddr:

knotc conf-begin
knotc conf-set server.listen
# To listen on IPv6 as well, also run this:
# knotc conf-set server.listen '::@53'
knotc conf-set remote[minidns]
knotc conf-set remote[minidns].address $MINIDNS_IPADDR@5354
knotc conf-set template[default]
knotc conf-set template[default].master minidns
knotc conf-set template[default].acl acl_minidns
knotc conf-set template[default].semantic-checks on
knotc conf-set zone[]
knotc conf-set log.any info
knotc conf-set syslog
knotc conf-set acl[acl_minidns]
knotc conf-set acl[acl_minidns].address $MINIDNS_IPADDR
knotc conf-set acl[acl_minidns].action notify
# Review the changes and commit
knotc conf-diff
knotc conf-commit

# Optionally check and back up the conf
knotc conf-check
knotc conf-export knot.conf.bak && cat knot.conf.bak

# Ensure the zone survives a restart
service knot restart
knotc zone-status

# Test Knot: this should return the version
dig @ version.server CH TXT

If needed, create a rootwrap filter, as root:

cat > /etc/designate/rootwrap.d/knot2.filters <<EOF
# cmd-name: filter-name, raw-command, user, args
knotc: CommandFilter, /usr/sbin/knotc, root

# Check the filter:
sudo /usr/local/bin/designate-rootwrap /etc/designate/rootwrap.conf knotc status

Configure the “service.agent” and “backend.agent.knot2” sections in /etc/designate/designate.conf

Look in designate.conf.example for examples

Create an agent pool:

# Fetch the existing pool(s) if needed or start from scratch
designate-manage pool generate_file --file /tmp/pool.yaml
# Edit the file (see below) and reload it as:
designate-manage pool update --file /tmp/pool.yaml

The “targets” section in pool.yaml should look like:

- description: knot2 agent
  - host: <MiniDNS IP addr>
    port: 5354
  options: {}
  - host: <Agent IP addr>
    port: 5358
  type: agent

Developer documentation

Devstack testbed

Follow “Setting up Knot DNS on Ubuntu Trusty”

Configure Knot to slave from MiniDNS on

Knotd configuration example (sudo knotc conf-export <filename>):

# Configuration export (Knot DNS 2.1.1)

    listen: ""

- target: "syslog"
    any: "debug"

- id: "acl_minidns"
    address: [ "" ]
    action: [ "notify" ]

- id: "minidns"
    address: ""

- id: "default"
    master: "minidns"
    acl: "acl_minidns"
    semantic-checks: "on"
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.