Package: knot-resolver Version: 5.3.1-1+deb11u1 Severity: normal X-Debbugs-Cc: and...@lists.savchenko.net
Dear Maintainer, HTTP module in knot-resolver can't be enabled by adding `http` directive in its config file. I have tried the separate `modules.load('http')` statement via config and control socket / `kresc`, but to no avail. `kresd.conf` attached below. While `kresc` reports that the module is loaded, no new port is opened and stats can't be fetched via `curl`. `stats.list()` works as expected, this confirms that there is a valid data to expose via http. -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-20-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages knot-resolver depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.77 ii dns-root-data 2021011101 ii libc6 2.31-13+deb11u5 ii libdnssec8 3.0.5-1+deb11u1 ii libedit2 3.1-20191231-2+b1 ii libfstrm0 0.6.0-1+b1 ii libgcc-s1 10.2.1-6 ii libgnutls30 3.7.1-5+deb11u3 ii libknot11 3.0.5-1+deb11u1 ii liblmdb0 0.9.24-1 ii libluajit-5.1-2 2.1.0~beta3+dfsg-5.3 ii libnghttp2-14 1.43.0-1 ii libprotobuf-c1 1.3.3-1+b2 ii libstdc++6 10.2.1-6 ii libsystemd0 247.3-7+deb11u1 ii libuv1 1.40.0-2 ii libzscanner3 3.0.5-1+deb11u1 ii lua-sec 1.0-1 ii lua-socket 3.0~rc1+git+ac3201d-4 Versions of packages knot-resolver recommends: ii knot-resolver-module-http 5.3.1-1+deb11u1 ii lua-basexx 0.3-2.1 ii lua-cqueues 20200726-1 knot-resolver suggests no packages. -- Configuration Files: /etc/default/kresd [Errno 13] Permission denied: '/etc/default/kresd' /etc/knot-resolver/kresd.conf changed: -- Listen locally, ipv4-only net = { '127.0.0.1' } net.ipv6 = false -- Enable optional modules modules = { 'policy', -- NXDOMAIN "bad" queries 'hints', -- read /etc/hosts and whatever is defined below 'stats', -- internal statistics 'serve_stale < cache', -- serve stale record if parent NS is unreachable 'rebinding < iterate', -- prevent rebinding attack, TODO: Remove?.. 'prefill', 'predict', 'view', http = { host = '127.0.0.1', port = 8053 } } -- Accept exclusively from localhost view:addr('127.0.0.1/8', function (req, qry) return policy.PASS end) view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end) -- Block Firefox DoH policy.add(policy.suffix(policy.DENY, {todname('use-application-dns.net')})) -- Add blocked hosts, reload on file change -- MUST be in a special .RPZ format -- https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#policy.rpz policy.add(policy.rpz(policy.DENY, '/etc/knot-resolver/black.rpz')) policy.add(policy.rpz(policy.DENY, '/etc/knot-resolver/blacklist-fgs.txt')) -- DNS-over-TLS policy.add(policy.all(policy.TLS_FORWARD({ {'9.9.9.9', hostname='dns.quad9.net'}, {'149.112.112.112', hostname='dns.quad9.net'}, {'1.1.1.1', hostname='1dot1dot1dot1.cloudflare-dns.com'}, {'1.0.0.1', hostname='one.one.one.one'} }))) -- DNS-over-UDP -- policy.add(policy.all(policy.FORWARD({'9.9.9.9', '1.1.1.1'}))) --- Root zone preload prefill.config({ ['.'] = { url = 'https://www.internic.net/domain/root.zone', ca_file = '/etc/ssl/certs/ca-certificates.crt', interval = 86400 -- 24h } }) -- Cache config cache.size = 32 * MB cache.max_ttl(172800) -- 48h cache.min_ttl(60) -- 1m --- Prefetch learning (15-minute blocks over 24 hours) predict.config({ window = 15, -- 15 minutes sampling window period = 24*(60/15) -- track last 24 hours }) -- debconf-show failed