stork issueshttps://gitlab.isc.org/isc-projects/stork/-/issues2024-03-28T09:53:37Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/1303BIND 9 generates no events2024-03-28T09:53:37ZSlawek FigielBIND 9 generates no eventsThe issue was found by @slawek during 1.15 sanity checks: https://gitlab.isc.org/isc-projects/stork/-/issues/1296#note_434177
The BIND 9 application generates no events. I think there should be at least a notification about connecting t...The issue was found by @slawek during 1.15 sanity checks: https://gitlab.isc.org/isc-projects/stork/-/issues/1296#note_434177
The BIND 9 application generates no events. I think there should be at least a notification about connecting to the daemon.1.16Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1333Incorrect error handing of the bind9 app state causes no transition to the in...2024-03-14T12:23:22ZMarcin SiodelskiIncorrect error handing of the bind9 app state causes no transition to the inactive stateThe `GetAppState()` logic returns early when communication with named fails. As a result, the info about the app is not updated in the database. So, for example, the active flag remains true, while it should be put to false. The daemon a...The `GetAppState()` logic returns early when communication with named fails. As a result, the info about the app is not updated in the database. So, for example, the active flag remains true, while it should be put to false. The daemon appears to be online in the UI even though there is no connection to it.https://gitlab.isc.org/isc-projects/stork/-/issues/1310BIND 9 returns poor statistics if the bind-dyndb-ldap plugin2024-03-05T14:39:31ZSlawek FigielBIND 9 returns poor statistics if the bind-dyndb-ldap pluginThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html).
> on one of the authoritative bind instances, i am using views there
> too, which i might reconsider, i am using the bind...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html).
> on one of the authoritative bind instances, i am using views there
> too, which i might reconsider, i am using the bind-dyndb-ldap plugin
> to host the zone data in ldap, and when i curl for the json/v1 stats
> URL, only get back:
> [brendan@server3 ~]$ curl http://localhost:8053/json/v1/
>
> ```json
> {
> "json-stats-version":"1.7",
> "boot-time":"2024-02-01T09:01:21.914Z",
> "config-time":"2024-02-01T09:01:27.425Z",
> "current-time":"2024-02-06T21:45:33.123Z",
> "version":"9.18.20"
> }
> ```
>
> even though the statistics are configured. it seems the caching
> mechanisms are not being used:
>
> ```
> ++ Cache Statistics ++
> [View: internal (Cache: internal)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXXXXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXXXXXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memory in use
> [View: _bind (Cache: _bind)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memry in use
> ```
The reported problem prevents Stork agent from forwarding statistics to Prometheus and Stork server.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/1309Support for non-default BIND 9 views2024-03-05T14:37:16ZSlawek FigielSupport for non-default BIND 9 viewsThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html):
> the fact that i use views in my bind config is why there is no data
showing up for one host.
The attached statistics:
...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-dev/2024-February/000049.html):
> the fact that i use views in my bind config is why there is no data
showing up for one host.
The attached statistics:
> ```
> ++ Cache Statistics ++
> [View: internal (Cache: internal)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXXXXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXXXXXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memory in use
> [View: _bind (Cache: _bind)]
> 0 cache hits
> 0 cache misses
> 0 cache hits (from query)
> 0 cache misses (from query)
> 0 cache records deleted due to memory exhaustion
> 0 cache records deleted due to TTL expiration
> 0 covering nsec returned
> 0 cache database nodes
> 0 cache NSEC auxiliary database nodes
> XX cache database hash buckets
> XXXXX cache tree memory total
> XXXXX cache tree memory in use
> 0 cache tree highest memory in use
> XXXX cache heap memory total
> XXXX cache heap memory in use
> 0 cache heap highest memry in use
> ```
> there is no _default zone, which might be due to my use of
> views, or different naming convention (_bind vs _default).
>
> is there a way to tell Stork that i want the stats from the views that
> i am running, or global stats from all views?
Unfortunately, Stork has no possibility to change the BIND 9 view name. The `_default` name is hard-coded in several places.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1217BIND 9 in chroot mode - detection fail2023-11-21T14:42:33ZSlawek FigielBIND 9 in chroot mode - detection failThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000227.html).
The user runs BIND 9 in the chroot mode (using the `-t` flag). The configuration file is detected properly, but `named-c...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000227.html).
The user runs BIND 9 in the chroot mode (using the `-t` flag). The configuration file is detected properly, but `named-checkconf` returns a non-zero status. The problem occurs only for Stork Agent 1.12. Stork Agent 1.11 detects this BIND 9 instance properly.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/974Stork not consider bind chroot path in all cases2023-10-03T11:59:42ZJuliano GuidiniStork not consider bind chroot path in all cases---
name: Feature request
about: Suggest an idea for this project
---
**Some initial questions**
- Are you sure what you would like to do is not possible using some other mechanisms?
Maybe, changing all Bind setup, stork will find th...---
name: Feature request
about: Suggest an idea for this project
---
**Some initial questions**
- Are you sure what you would like to do is not possible using some other mechanisms?
Maybe, changing all Bind setup, stork will find the conf files.
- Stork is in very early stages of development. If your request is not simple, it
may be a while until anyone does anything with your request. Are you ok with that?
OK.
**Is your feature request related to a problem? Please describe.**
Yes. My Bind setup, and a wich a great number of Binds running, are on chroot environment. All Bind configuration is relactive to chroot path and in some them (my case) the configuration files are inside chroot.
Sample:
```
stork agent version: 1.9.0.230131111245
OS: Ubuntu 18.04.6 LTS - amd_64
chroot path: /var/lib/named
diretory absolute path: /var/lib/named/databases
bind command line: /var/lib/named/sbin/named -f -u bind -t /var/lib/named
```
Starting stork, in log it shows:
```
Feb 7 15:33:10 teste-compilando-bind-UB18 stork-agent[9802]: time="2023-02-07 15:33:10" level="warning" msg="cannot parse BIND 9 config file /etc/named.conf: exit status 1; /etc/named.conf.options:5: change directory to '/databases' failed: file not found\n\n/etc/named.conf.options:5: parsing failed: file not found\n" file=" bind9.go:405 "
```
Examining backend/agent/bind9.go
(commit 639fbb707313e7e7c9ac99d15c413fca1b6860f7 (HEAD -> master, tag: v1.9.0, origin/master, origin/HEAD))
```go
403 out, err := executor.Output(namedCheckconfPath, "-p", bind9ConfPath)
```
If I understand the code (sorry, programing is not my best :-) ) this function result on:
```bash
named-checkconf -p /etc/named.conf
/etc/named.conf.options:5: change directory to '/databases' failed: file not found
/etc/named.conf.options:5: parsing failed: file not found
```
Line 5 of /etc/named.conf.options is:
```
2 options {
3
4
5 directory "/databases";
```
This directory is relative to chroot path, but chroot path is not indicated to named-checonf -t option.
My Bind is compiled, so i think this is some part of the trouble.
If i use Bind from distro ( apt-get install bind9 ), this error not occours, see:
```
stork agent version: 1.9.0.230131111245
OS: Ubuntu 18.04.6 LTS - amd_64
chroot path: /var/bind9/chroot
diretory absolute path: /var/cache/bind
bind command line: /usr/sbin/named -f -u bind -t /var/bind9/chroot
```
/etc/bind/named.conf.options
```
1 options {
2
3 directory "/var/cache/bind";
```
This directory exists outside chroot directory, this way named-checkconf -p works whitout -t, of course, and all conf files are in /etc/bind.
I would like stork consider the chroot directory, automatically or by configuration the file agent.env, and if possible, configurations parameters to indicate bind named.conf.
**Describe alternatives you've considered**
To indicate Bind conf files a link was created from chroot/etc to /etc/bind.
But no solution to use chroot unless change all Bind setup on all my servers.
Thanks.1.13Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1130Empty status column for BIND 9 applications2023-08-22T13:35:26ZSlawek FigielEmpty status column for BIND 9 applicationsThe issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393166).
The status column in the Bind 9 application list is empty.
![image](https://gitlab.isc.org/isc-projects/st...The issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393166).
The status column in the Bind 9 application list is empty.
![image](https://gitlab.isc.org/isc-projects/stork/uploads/157da70fec110493deea9213e01167cd/image.png)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1129Missing "named" daemon on the machine page2023-08-22T13:34:38ZSlawek FigielMissing "named" daemon on the machine pageThe issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393165).
The Bind 9 daemon (`named`) is missing in the daemon column on the machine page.
![image](https://gitlab.i...The issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393165).
The Bind 9 daemon (`named`) is missing in the daemon column on the machine page.
![image](https://gitlab.isc.org/isc-projects/stork/uploads/576f122e2ae622b57d289d4f862bdd27/image.png)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1059Stork 1.1.0 - BIND statistics exceed RPC message size limit2023-08-21T17:33:52ZBrandon ApplegateStork 1.1.0 - BIND statistics exceed RPC message size limitHello,
It seems that when stork-agent polls my BIND statistics channel, on one of my servers the message is too large:
```
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="rpc error: code = Res...Hello,
It seems that when stork-agent polls my BIND statistics channel, on one of my servers the message is too large:
```
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="rpc error: code = ResourceExhausted desc = grpc: received message larger than max (5625179 vs. 4194304)" file=" manager.go:110 " agent="1
27.0.0.1:8081"
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="Failed to send the following named statistics command: " file=" grpcli.go:328 " agent="127.0.0.1:8081" stats URL="http://127.0.0.1:8053/
json/v1"
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="Problem retrieving stats from named: failed to send named statistics command via the agent 127.0.0.1:8081, the agent is still not responding" file=
" appbind9.go:59 "
```
I had posted on the mailing list and got some agreement that this is very likely the same issue as:
https://gitlab.isc.org/isc-projects/stork/-/issues/398
Except with BIND as opposed to Kea. I.e. these reponses should probably be gzipped as well.
Thanks.1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/997incorrect rndc key match2023-07-26T12:40:15ZPengfei Guincorrect rndc key matchHi,
there is a bug in https://gitlab.isc.org/isc-projects/stork/-/blob/master/backend/agent/bind9.go#L132
the keyword of `key` block is `key`,
```
key "name" {
algorithm "hmac-sha256";
secret "OmItW1lOyLVUEuvv+Fme+Q==";
};
```
...Hi,
there is a bug in https://gitlab.isc.org/isc-projects/stork/-/blob/master/backend/agent/bind9.go#L132
the keyword of `key` block is `key`,
```
key "name" {
algorithm "hmac-sha256";
secret "OmItW1lOyLVUEuvv+Fme+Q==";
};
```
but the regex matches `keys`.1.10Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1057Agent cannot detect RNDC key if the -c flag is not used.2023-07-25T12:26:31ZSlawek FigielAgent cannot detect RNDC key if the -c flag is not used.There are two related variables: bind9ConfPath and bind9ConfDir.
First one stores the full path to the named.conf file, and the second one is the path to a directory containing this file.
There are 4 different methods to detect where th...There are two related variables: bind9ConfPath and bind9ConfDir.
First one stores the full path to the named.conf file, and the second one is the path to a directory containing this file.
There are 4 different methods to detect where the named.conf file is located, executed one-by-one until success.
Unfortunately, the bind9ConfDir value is set before executing method number 3. It means if the named.conf is not detected by methods 1 and 2, the bind9ConfDir is empty.
The bind9ConfDir is used only in one place - to construct the rndc.key path. If it is empty, the resulting path is just rndc.key. It causes Stork looks up the rndc.key in the current working directory.
As a workaround you can:
Run the Bind 9 with the -c flag. This flag accepts the explicit path to the named.conf file.
Set the STORK_BIND9_CONFIG environment variable and provide the full path to the named.conf file as a value.1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1051Display `rndc status`2023-06-13T13:23:55ZTomek MrugalskiDisplay `rndc status`There's a very nice and short status of overall BIND, obtained with `rndc status`. We do use it, but the details of what was retrieved is not displayed.
Here's an example of what rndc prints:
```
# rndc status
version: BIND 9.16.37-Debi...There's a very nice and short status of overall BIND, obtained with `rndc status`. We do use it, but the details of what was retrieved is not displayed.
Here's an example of what rndc prints:
```
# rndc status
version: BIND 9.16.37-Debian (Extended Support Version) <id:2b2afb2> (the latest, patched, secure one)
running on v13: Linux x86_64 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13)
boot time: Fri, 02 Jun 2023 20:57:23 GMT
last configured: Fri, 02 Jun 2023 20:57:23 GMT
configuration file: /etc/bind/named.conf
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 103 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 1/900/1000
tcp clients: 0/150
TCP high-water: 2
server is up and running
```
We could print this as is, maybe with some meta-data (timestamp when this status was obtained). This would be flexible enough (I'm sure older bind prints less and newer probably more) and useful.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1031Difficult to monitor BIND with stork-agent2023-06-05T18:17:45ZDarren AnkneyDifficult to monitor BIND with stork-agentStork-agent is not able to make use of the simple rndc.key found in the bind configuration directory. It complains there is no control clause as shown:
```
May 3 14:31:06 dynamic-192-168-20-20 stork-agent[8367]: time="2023-05-03 14:31:...Stork-agent is not able to make use of the simple rndc.key found in the bind configuration directory. It complains there is no control clause as shown:
```
May 3 14:31:06 dynamic-192-168-20-20 stork-agent[8367]: time="2023-05-03 14:31:06" level="info" msg="Found BIND 9 config file in /etc/bind/named.conf based on output of `named -V`." file=" bind9.go:485 "
May 3 14:31:06 dynamic-192-168-20-20 stork-agent[8367]: time="2023-05-03 14:31:06" level="warning" msg="Cannot determine BIND 9 rndc details: cannot determine rndc key" file=" bind9.go:561 "
```
Perhaps this is as intended. However, if you then configure rndc.conf and bind correctly using rndc-confgen, it still does not work as it uses an incorrect format for executing rndc as shown:
```
May 3 14:51:09 dynamic-192-168-20-20 stork-agent[9178]: time="2023-05-03 14:51:09" level="debug" msg="Rndc: [/usr/sbin/rndc -s 127.0.0.1 -p 953 -y hmac-sha256:iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM= status]" file=" bind9.go:125 "
May 3 14:51:09 dynamic-192-168-20-20 stork-agent[9178]: time="2023-05-03 14:51:09" level="error" msg="Failed to forward commands to rndc: exit status 1" file=" agent.go:244 " Address="127.0.0.1" Port="953"
```
The rndc command is being executed like so: `rndc -s 127.0.0.1 -p 953 -y hmac-sha256:iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM= status`
This produces errors if run from the command line as shown:
```
$ rndc -s 127.0.0.1 -p 953 -y hmac-sha256:iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM= status
rndc: no key definition for name hmac-sha256:iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM=
```
Proper syntax is as follows: `rndc -s 127.0.0.1 -p 953 -y rndc-key status`. Relevant configuration shown below:
excerpt of named.conf:
```
key "rndc-key" {
algorithm hmac-sha256;
secret "iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM=";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};
```
rndc.conf:
```
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
```
Alternatively, the rndc.conf file could be specified on the command line: `rndc -c /etc/bind/rndc.conf status` which would allow you to remove the ip and port specification from the command line as it is in the conf file.
A third option, to obviate the need for the administrator to create an rndc.conf file, would be to look for rndc.key if no rndc.conf or controls clause (in named.conf) was found. An rndc.key file can be specified as follows: `rndc -k /etc/bind/rndc.key status`. If a rndc.key file exists in the directory with named.conf (can be generated with `rndc-confgen -a` if it was removed) and no controls clause exists in named.conf, then named will allow connections locally using the key in that key file. Many administrators use rndc this way, so something to consider.
The only way to get bind monitoring working at the moment is to setup rndc.conf this way:
```
#key "rndc-key" {
key "hmac-sha256:iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM=" {
algorithm hmac-sha256;
secret "iCQvHPqq43AvFK/xRHaKrUiq4GPaFyBpvt/GwKSvKwM=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
```
which, I assume, means that if the -y is specified on the command line that rndc is ignoring the options section with the defaults defined.
[RT22012](https://support.isc.org/Ticket/Display.html?id=22012)1.11Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1020Some Bind9-related events are not shown in the event viewer.2023-05-31T14:37:51ZSlawek FigielSome Bind9-related events are not shown in the event viewer.The issue was reported by @slawek during 1.10 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/1009#note_364604).
Some Bind9-related events are not shown in the event viewer.
Event viewer:
![image](https://gi...The issue was reported by @slawek during 1.10 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/1009#note_364604).
Some Bind9-related events are not shown in the event viewer.
Event viewer:
![image](https://gitlab.isc.org/isc-projects/stork/uploads/a1912d23b4d8d0a44c596eddb0e2d576/image.png)
Machine events:
![image](https://gitlab.isc.org/isc-projects/stork/uploads/b2cf194950ebc9a852226292e64b4781/image.png)1.11Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/58Req 5.5 - View NTAs2023-04-11T16:19:44ZVicky Riskvicky@isc.orgReq 5.5 - View NTAsAs an administrator, I need to see what Negative trust anchors are configured. I may have help desk staff that need to be prepared to answer questions about zones that may stop validating.
Questions I have:
* What NTAs are active?
* Fo...As an administrator, I need to see what Negative trust anchors are configured. I may have help desk staff that need to be prepared to answer questions about zones that may stop validating.
Questions I have:
* What NTAs are active?
* For the NTAs configured, when do they expire?
* I also want to see any 'permanent NTAs'. (zones with = validate except.)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/831Better detection of BIND 92023-03-15T19:05:56ZSlawek FigielBetter detection of BIND 9The BIND 9 configuration is detected based on a fixed list of potential paths.
In the Kea-part, we detect the configuration based on the process arguments. It should be a similar solution or possible to provide a custom path.
From [stor...The BIND 9 configuration is detected based on a fixed list of potential paths.
In the Kea-part, we detect the configuration based on the process arguments. It should be a similar solution or possible to provide a custom path.
From [stork-users] Stork Agent: Specify location for named.conf (2022-08-01):
> OS: Openbsd 7.1
> Version: 1.5.0
>
> Hello everyone,
>
> When I start the stork agent
> `# ./backend/cmd/stork-agent/stork-agent --listen-stork-only`
>
> It complains about not finding named.conf
> `WARN[2022-08-01 20:39:58] bind9.go:376 cannot find config file for BIND 9`
> I looked at other messages posted about stork and saw that I was trying to find this file at /etc/bind/named.conf
> So I created an empty file and I have the confirmation now
> `WARN[2022-08-01 20:53:51] bind9.go:406 found BIND 9 config file (/etc/bind/named.conf) but cannot parse controls clause`
>
> 1) How can I tell stork agent where to find named.conf ? On Openbsd it's in /var/named/etc/named.conf
> 2) What do you think about modifying the source code so that when the file is not found we have a hint where it was searching
> Instead of
> `WARN[2022-08-01 20:39:58] bind9.go:376 cannot find config file for BIND 9`
> Should be
> `WARN[2022-08-01 20:39:58] bind9.go:376 cannot find /etc/bind/named.conf for BIND 9`1.10Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/stork/-/issues/535Stork agent - application detection model (specify named, kea ip/port manually)2023-03-15T19:05:55Zymartin-ovhStork agent - application detection model (specify named, kea ip/port manually)---
name: Ability to pass bind9/kea endpoints via CLI or configuration file
about: Suggest an idea for this project
---
Hello
I wanted to run stork agent to use the nice work done on the prometheus side of this daemon.
On my hardened ...---
name: Ability to pass bind9/kea endpoints via CLI or configuration file
about: Suggest an idea for this project
---
Hello
I wanted to run stork agent to use the nice work done on the prometheus side of this daemon.
On my hardened systems (grsecurity), I tried to run on a specific unix user and runs into the following issue.
Application detection model can work as process.Process() does not return "named" process.
An alternative to the whole detection mechanism is to have the ability to pass statistic channel endpoint (ip, port), eventually control channel with command line or configuration file.
With that, the daemon could run on different user id or different system for example or on pod different from bind9 pod in a kubernetes deployment.
Plus, this would help in unit-test. You could have multiple bind version running and check stork-agent against them.
What do you think about that ?
Regardsbackloghttps://gitlab.isc.org/isc-projects/stork/-/issues/834NaN metrics values2023-01-30T13:13:47ZSlawek FigielNaN metrics valuesReported by @ray - [Source](https://mattermost.isc.org/isc/pl/n5hqa4gzmigjj87p6c4exbs8zc)
I don't yet have a Prometheus server polling this, but the NaN from the raw /metrics pull here seems wrong:
```
# TYPE bind_traffic_incoming_requ...Reported by @ray - [Source](https://mattermost.isc.org/isc/pl/n5hqa4gzmigjj87p6c4exbs8zc)
I don't yet have a Prometheus server polling this, but the NaN from the raw /metrics pull here seems wrong:
```
# TYPE bind_traffic_incoming_requests_udp4_size histogram
bind_traffic_incoming_requests_udp4_size_bucket{le="47"} 2
bind_traffic_incoming_requests_udp4_size_bucket{le="+Inf"} 2
bind_traffic_incoming_requests_udp4_size_sum NaN
bind_traffic_incoming_requests_udp4_size_count 2
```backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/862Pre-release CI pipelines2022-12-13T12:58:56ZSlawek FigielPre-release CI pipelinesI'm introducing in #817 the possibility of running system tests with different Kea and Bind9 versions.
Our standard system test pipeline now uses Kea 2.0 and Bind9 9.18. But we can prepare additional CI tasks/pipelines to test other conf...I'm introducing in #817 the possibility of running system tests with different Kea and Bind9 versions.
Our standard system test pipeline now uses Kea 2.0 and Bind9 9.18. But we can prepare additional CI tasks/pipelines to test other configurations.
Unfortunately, the system tests pipeline executes quite long ~15 minutes. It is inconvenient to run it many times for every pushed commit. But we can run the additional CI pipelines only for pre-releases merge requests, i.e., merge requests that pump the Stork version. They are usually merged after code freeze but a day before sanity checks. We should have enough time to check the bugs found.
I think the pre-release pipelines may also contain the installation and de-installation tests.
There should be a possibility to run the pipelines manually on demand.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/835rndc configuration2022-11-15T16:07:54ZRay Bellisrndc configurationThe file `rndc.conf` in the same directory as `named.conf` should be used in preference to `rndc.key`.
Refs:
* #831
* https://kb.isc.org/docs/aa-00722The file `rndc.conf` in the same directory as `named.conf` should be used in preference to `rndc.key`.
Refs:
* #831
* https://kb.isc.org/docs/aa-00722backlog