If you are using systemd to run the knot resolver and it fails you will be told
journalctl -xe and you will learn 1) that it failed to start
and 2) that it returned an error code. Don't you just love systemd?
The good stuff isn't in the journal. It is buried in the CGroup part of the
filesystem. Here's how to get it:
systemctl status system-kresd.slice
When I installed knot-resolver I used apt to install the dot-deb. Having
mucked about with debs I learned that each one contains a file hierarchy that
starts at / and contains all the bits it wants to install already in place in
this filesystem overlay. /etc/my-stuff.conf, /usr/local/bin/my-program, etc.
knot-resolver requires a working directory which defaults to
/var/cache/knot-resolver that must be user.group
knot-resolver.knot-resolver. And that is the problem. For whatever
reason, it is not included in the dot-deb. It is up to you to stumble about
until you find the problem in knot-resolver's slice.
So that's all there is to it. Create the missing directory and give it
the correct owner and group, then
systemctl start kresd@1 and
you're off to the races.
One more possible gotcha comes when you are also running knotd, the authority nameserver: it may have already glommed onto lo. Remove that from the listen stanza, reload knotd and that fixes that.
Happy camping !