Hi,
I was trying to backup and restore a server with the new knotc
zone-backup/restore command.
I recognized that only half of the private keys were in the backup,
which leads to an error:
2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load private
keys (not exists)
2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load keys (not
exists)
Shouldn't the backup contain all private keys?
Thanks,
Thomas
Hello,
I'm trying to remove the slave node from the master Knot, result code is
0, but no change happened. There is no information in the log file. Can
you please help me, why does it happen?
# knotc conf-get template[default].notify
> template[default].notify = 1 2 3 4 5 6 7 8 9
# knotc conf-begin
> OK
# knotc conf-set -b template[default].notify 1 2 4 5 6 7 8 9
> OK
# knotc conf-diff
(no output)
# knotc conf-get template[default].notify
> template[default].notify = 1 2 3 4 5 6 7 8 9
Thanks for your help.
--
Zdeněk Nový
Linux administrator
ACTIVE 24, s.r.o.
Sokolovská 394/17 186 00 Praha 8
Web: http://www.active24.cz
Hello,
we are facing the issue with "Too many transactions" during configuring
knot via knotc - we are using confdb. We are using Python3 worker and
popen function to knotc socket.
This is the log from the Python worker:
[2020-12-07 08:58:13,001] [INFO] adding zone xxxxxxxx
[2020-12-07 08:58:13,016] [ERROR] [event worker.job] Exception in job
'dns.add_zone'
Traceback (most recent call last):
......
ACK Exception: error running command: 'conf-begin'
retcode: 1
out: error: (too many transactions)
Is there any limitation for number of open transactions and are we able
to increase it? Is it possible to see, how many open transactions there
are now?
I can't see any message in the log file, is it possible to log
conf-begin requests? Or are there any other ways, how to determine and
guard the situation?
Many thanks for your help
--
Zdeněk Nový
Linux administrator
ACTIVE 24, s.r.o.
Sokolovská 394/17 186 00 Praha 8
Web: http://www.active24.cz
Hello,
I'm trying to remove the slave node from the master Knot, result code is
0, but no change happen. There is no information in the log file. Can
you please help me, why does it happen?
# knotc conf-get template[default].notify
> template[default].notify = 1 2 3 4 5 6 7 8 9
# knotc conf-begin
> OK
# knotc conf-set -b template[default].notify 1 2 4 5 6 7 8 9
> OK
# knotc conf-diff
(no output)
# knotc conf-get template[default].notify
> template[default].notify = 1 2 3 4 5 6 7 8 9
Thanks for your help.
--
Zdeněk Nový
Linux administrator
ACTIVE 24, s.r.o.
Sokolovská 394/17 186 00 Praha 8
Web: http://www.active24.cz
Hello,
as I plan to migrate an existing DNS setup to Knot, not only for deploying DNSSEC but also for synthesizing some records using mod-synthrecord, I am not sure as how to setup online signing when having multiple public authoritative name servers. My uncertainty is, if it is necessary to give them the same ZSKs and do the key rollover from the outside, or if the chain of trust isn't severed when they generate their own ZSKs based from a common KSK or even their distinct KSKs, and therefore provide different signatures.
Best regards and thanks,
Nils
--
Nils Trampel
GPG: 0x012BADD8
Dear!
We are learning about the Knot DNS to apply to our DNS Authoritative Secondary. However, we are wondering about the query log, i have read the document of DNS Knot Software (Knot DNS Documentation Release 2.9.4/ 8.3 dnstap – Dnstap traffic logging), query log of Knot DNS cannot get directly like BIND9, query log can get by dnstap tool.
For Knot DNS Software, we cannot get log query continuosly and directly to the current syslog server, since raw log need to capture and then read after stop capture.
I wanna to know how to get the query log continously when using Knot DNS or softwares of your DNS and other DNS of organizations have already applied. Can you share with us and help us to deploy Knot DNS to our DNS Authoritative Secondary.
Best Regards,
Vũ Thị Hoàn
=================================================
DNS & VNIX - Trung tâm Internet Việt Nam
Mobile: +84 916 961 631
Email: hoanvt(a)vnnic.vn
Hi,
the doc says that changing the policy algorithm field will trigger an
algorithm rollover. Is there anything else one must consider or is the
algorithm rollover done fully automated like the normal rollovers?
Thanks,
Thomas
Hi,
I need to generate keys of algorithm 7. But I receive this error:
# keymgr example generate algorithm=rsasha1-nsec3-sha1 size=2048 ksk=yes
Unknown algorithm: rsasha1-nsec3-sha1
Error (invalid parameter)
I'm using the latest version of knot. Do I get something wrong here? It
you be supported, right?
Thanks
Thomas