Version: 2.3.0-1
On Mon 2016-03-21 20:03:08 +0000, Stephane Bortzmeyer wrote:
> When calling:
>
> trust_anchors.config('/etc/knot-resolver/yeti-root.key')
>
> I discovered that Knot does not check that the file exists. If it
> doesn't, there is no error and no warning, but Knot falls back to a
> root anchor bootstrapped
As of version 2.3.0, when this configuration is in
/etc/knot-resolver/kresd.conf, it can produce two kinds of failures,
depending on whether the location is writable by the daemon. when it's
not writable:
/usr/lib/knot-resolver/trust_anchors.lua:374: [ ta ] ERROR: write access
needed to keyfile dir '/etc/knot-resolver/no-such-root.key'
and when it is:
/usr/lib/knot-resolver/trust_anchors.lua:387: [ ta ] fetch of
"https://data.iana.org/root-anchors/root-anchors.xml"; failed: error loading CA
locations (No such file or directory)
[ ta ] Failed to bootstrap root trust anchors; see:
https://knot-resolver.readthedocs.io/en/latest/daemon.html#enabling-dnssec
[ ta ] keyfile '/var/cache/knot-resolver/no-such-root.key': doesn't exist,
bootstrapping
and these failures both cause kresd to terminate with a non-zero error
code.
These error messages also appear when talking to the control socket
directly, for example, when connecting via:
socat UNIX-CONNECT:/run/knot-resolver/control@1 STDIO
This was clearly fixed at some point before 2.3.0 -- but i'm marking it
done at 2.3.0 because i'm too lazy to look up the specific point it was
fixed.
--dkg
signature.asc
Description: PGP signature
