16 Úno
2015
16 Úno
'15
12:11
Hello.
On Friday 13 of February 2015 18:07:11 Jan-Piet Mens wrote:
1. `keymgr zone add example.com policy XX' does
not complain if the XX
policy doesn't exist, nor if the specified zone isn't configured in
knot.conf.
Right, this is a bug.
2. I created a config as in the example on [1] with a
single, tiny, zone
and started the daemon afresh:
I really don't think 'not enough
memory' can be the reason. :)
Please, can you verify the file permissions on KASP database? I guess knot
can't write into the zone_k20.aa.json file in the KASP database.
The error message is wrong. Based on the fact that so many private keys were
generated. I believe that something failed when writing the zone state into
the KASP database.
With the "on disk database", some operations cannot be performed atomically.
The server generates a new private key and tries to reference this key in the
zone file in the KASP database. If something fails later, like writing the new
zone state into the database, we don't delete the generated key.
Any query to this zone results in a SERVFAIL. If I
remove `dnssec-enable',
the server responds correctly.
Right. If zone sign fails, SERVFAIL responses for the failed zone are
expected.
Thank you, JP! I will investigate the problems you pointed out.
Best regards.
Jan