search

r-raymond / nixos-mailserver

A complete and Simple Nixos Mailserver
GNU General Public License v3.0
181 stars 27 forks source link

localDnsResolver (kresd) fails #108

Closed oxzi closed 6 years ago

oxzi commented 6 years ago

SNM Version: v2.1.3

Nixos Version: 17.09

Relevant part of the config to reproduce:

The option localDnsResolver defaults to true which enables kresd. However, it seems like kresd doesn't work properly out of the box and I ended up with a system without a working DNS.

However, setting localDnsResolver = false; kind of solves the issue.

What I expected to happen:

A smoothly running DNS-daemon to get rid of rspamd's warnings.

What happened:

There was no working DNS at all.

Relevant journald log:

Mar 21 12:08:01 x systemd[1]: Starting kresd-cachedir.service...
Mar 21 12:08:01 x systemd[1]: Started kresd-cachedir.service.
Mar 21 12:08:01 x systemd[1]: Starting Knot-resolver daemon...
Mar 21 12:08:01 x kresd-start[11514]: [ ta ] keyfile '/var/cache/kresd/root.key': doesn't exist, bootstrapping
Mar 21 12:08:26 x kresd-start[11514]: ...2-knot-resolver-1.4.0/lib/kdns_modules/trust_anchors.lua:380: [ ta ] fetch of "https://data.iana.org/root-anchors/root-anchors.xml" failed: temporary failure in name resolution
Mar 21 12:08:26 x kresd-start[11514]: [ ta ] Failed to bootstrap root trust anchors; see:
Mar 21 12:08:26 x kresd-start[11514]:        https://knot-resolver.readthedocs.io/en/latest/daemon.html#enabling-dnssec
Mar 21 12:08:26 x systemd[1]: kresd.service: Main process exited, code=exited, status=1/FAILURE
Mar 21 12:08:26 x systemd[1]: Failed to start Knot-resolver daemon.
Mar 21 12:08:26 x systemd[1]: kresd.service: Unit entered failed state.
Mar 21 12:08:26 x systemd[1]: kresd.service: Failed with result 'exit-code'.
Mar 21 12:08:26 x systemd[1]: Starting kresd-cachedir.service...
Mar 21 12:08:26 x systemd[1]: Started kresd-cachedir.service.

…

Mar 21 12:08:27 x systemd[1]: Starting kresd-cachedir.service...
Mar 21 12:08:27 x systemd[1]: Started kresd-cachedir.service.
Mar 21 12:08:27 x systemd[1]: Starting Knot-resolver daemon...
Mar 21 12:08:27 x kresd-start[11527]: [ ta ] keyfile '/var/cache/kresd/root.key': doesn't exist, bootstrapping
Mar 21 12:08:27 x kresd-start[11527]: ...2-knot-resolver-1.4.0/lib/kdns_modules/trust_anchors.lua:380: [ ta ] fetch of "https://data.iana.org/root-anchors/root-anchors.xml" failed: host or service not provided, or not known
Mar 21 12:08:27 x kresd-start[11527]: [ ta ] Failed to bootstrap root trust anchors; see:
Mar 21 12:08:27 x kresd-start[11527]:        https://knot-resolver.readthedocs.io/en/latest/daemon.html#enabling-dnssec
Mar 21 12:08:27 x systemd[1]: kresd.service: Main process exited, code=exited, status=1/FAILURE
Mar 21 12:08:27 x systemd[1]: Failed to start Knot-resolver daemon.
Mar 21 12:08:27 x systemd[1]: kresd.service: Unit entered failed state.
Mar 21 12:08:27 x systemd[1]: kresd.service: Failed with result 'exit-code'.
Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Start request repeated too quickly.
Mar 21 12:08:27 x systemd[1]: Failed to start kresd-cachedir.service.
Mar 21 12:08:27 x systemd[1]: Dependency failed for Knot-resolver daemon.
Mar 21 12:08:27 x systemd[1]: kresd.service: Job kresd.service/start failed with result 'dependency'.
Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Unit entered failed state.
Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Failed with result 'start-limit-hit'.
Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Start request repeated too quickly.
Mar 21 12:08:27 x systemd[1]: Failed to start kresd-cachedir.service.
Mar 21 12:08:27 x systemd[1]: Dependency failed for Knot-resolver daemon.
Mar 21 12:08:27 x systemd[1]: kresd.service: Job kresd.service/start failed with result 'dependency'.
Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Failed with result 'start-limit-hit'.
Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Start request repeated too quickly.
Mar 21 12:08:27 x systemd[1]: Failed to start kresd-cachedir.service.

Potentially related issues

phdoerfler commented 6 years ago

@tokudan Can you comment on whether this is what NixOs/nixpkgs#35508 is fixing?

@geistesk I have had a very similar if not identical issue with kresd on 17.09-small which is already fixed in unstable and backported to stable.

For additional details see the PR that added kresd to NMS.

tokudan commented 6 years ago

@phdoerfler NixOS/nixpkgs#35508 only fixes the issue that can be seen here after the bootstrap: Mar 21 12:08:27 x systemd[1]: kresd-cachedir.service: Start request repeated too quickly.

As I avoided uses kresd without the fix in NixOS/nixpkgs#35508 by using "localDnsResolver = false;", I have no idea if that would actually solve this whole issue or not.

oxzi commented 6 years ago

Fixed by upgrading to 18.03. Thanks to all those who worked for this upstream.