Package: knot-resolver
Version: 5.3.1-1+deb11u1
Severity: normal
X-Debbugs-Cc: and...@lists.savchenko.net

Dear Maintainer,

HTTP module in knot-resolver can't be enabled by adding `http` directive
in its config file.

I have  tried the separate `modules.load('http')` statement via
config and control socket / `kresc`, but to no avail.

`kresd.conf` attached below. While `kresc` reports that the module is
loaded, no new port is opened and stats can't be fetched via `curl`.

`stats.list()` works as expected, this confirms that there is a valid
data to expose via http.


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-20-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages knot-resolver depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.77
ii  dns-root-data          2021011101
ii  libc6                  2.31-13+deb11u5
ii  libdnssec8             3.0.5-1+deb11u1
ii  libedit2               3.1-20191231-2+b1
ii  libfstrm0              0.6.0-1+b1
ii  libgcc-s1              10.2.1-6
ii  libgnutls30            3.7.1-5+deb11u3
ii  libknot11              3.0.5-1+deb11u1
ii  liblmdb0               0.9.24-1
ii  libluajit-5.1-2        2.1.0~beta3+dfsg-5.3
ii  libnghttp2-14          1.43.0-1
ii  libprotobuf-c1         1.3.3-1+b2
ii  libstdc++6             10.2.1-6
ii  libsystemd0            247.3-7+deb11u1
ii  libuv1                 1.40.0-2
ii  libzscanner3           3.0.5-1+deb11u1
ii  lua-sec                1.0-1
ii  lua-socket             3.0~rc1+git+ac3201d-4

Versions of packages knot-resolver recommends:
ii  knot-resolver-module-http  5.3.1-1+deb11u1
ii  lua-basexx                 0.3-2.1
ii  lua-cqueues                20200726-1

knot-resolver suggests no packages.

-- Configuration Files:
/etc/default/kresd [Errno 13] Permission denied: '/etc/default/kresd'
/etc/knot-resolver/kresd.conf changed:
-- Listen locally, ipv4-only
net = { '127.0.0.1' }
net.ipv6 = false

-- Enable optional modules
modules = {
  'policy',              -- NXDOMAIN "bad" queries
  'hints',               -- read /etc/hosts and whatever is defined below
  'stats',               -- internal statistics
  'serve_stale < cache', -- serve stale record if parent NS is unreachable
  'rebinding < iterate', -- prevent rebinding attack, TODO: Remove?..
  'prefill',
  'predict',
  'view',
  http = {
    host = '127.0.0.1',
    port = 8053
  }
}

-- Accept exclusively from localhost
view:addr('127.0.0.1/8', function (req, qry) return policy.PASS end)
view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end)

-- Block Firefox DoH
policy.add(policy.suffix(policy.DENY, {todname('use-application-dns.net')}))

-- Add blocked hosts, reload on file change
-- MUST be in a special .RPZ format
-- https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#policy.rpz
policy.add(policy.rpz(policy.DENY, '/etc/knot-resolver/black.rpz'))
policy.add(policy.rpz(policy.DENY, '/etc/knot-resolver/blacklist-fgs.txt'))

-- DNS-over-TLS
policy.add(policy.all(policy.TLS_FORWARD({
  {'9.9.9.9', hostname='dns.quad9.net'},
  {'149.112.112.112', hostname='dns.quad9.net'},
  {'1.1.1.1', hostname='1dot1dot1dot1.cloudflare-dns.com'},
  {'1.0.0.1', hostname='one.one.one.one'}
})))

-- DNS-over-UDP
-- policy.add(policy.all(policy.FORWARD({'9.9.9.9', '1.1.1.1'})))

--- Root zone preload
prefill.config({
  ['.'] = {
    url = 'https://www.internic.net/domain/root.zone',
    ca_file = '/etc/ssl/certs/ca-certificates.crt',
    interval = 86400  -- 24h
  }
})

-- Cache config
cache.size = 32 * MB
cache.max_ttl(172800) -- 48h
cache.min_ttl(60) -- 1m

--- Prefetch learning (15-minute blocks over 24 hours)
predict.config({
  window = 15,         -- 15 minutes sampling window
  period = 24*(60/15)  -- track last 24 hours
})

-- debconf-show failed

Reply via email to