9 Pro
2020
9 Pro
'20
11:39
Hi Libor,
I deleted the backup directory a few times, but I receive the same error
every time:
2020-12-09T10:31:52+0000 info: control, received command 'zone-backup'
2020-12-09T10:31:52+0000 warning: [xxx.] zone backup failed (not exists)
2020-12-09T10:31:52+0000 error: [xxx.] zone event 'backup/restore'
failed (not exists)
2020-12-09T10:31:52+0000 warning: [yyy.] zone backup failed (not exists)
2020-12-09T10:31:52+0000 error: [yyy.] zone event 'backup/restore'
failed (not exists)
One of the keys is the ZSK of zone xxx and the oterh the KSKS of zone yyy.
root@signer-0:/# keymgr xxx list human | grep
1fb3900b2e5ac72d30f927016ea4546ca561a5da
1fb3900b2e5ac72d30f927016ea4546ca561a5da ksk=no zsk=yes tag=39969
algorithm=7 size=1024 public-only=no pre-active=0
publish=-1M3D17h49m4s ready=0 active=-1M3D17h49m4s retire-active=0
retire=0 post-active=0 revoke=0 remove=0
root@signer-0:/# keymgr yyy list human | grep
087cc573318e070befff1d9cbcf07e3b5cf5444d
087cc573318e070befff1d9cbcf07e3b5cf5444d ksk=yes zsk=no tag=37419
algorithm=7 size=2048 public-only=no pre-active=0
publish=-1M3D18h11m7s ready=-1M3D18h11m7s active=-26D12h49m4s
retire-active=0 retire=0 post-active=0 revoke=0 remove=0
Best regards,
Thomas
On 09.12.20 11:15, libor.peltan wrote:
Hi Thomas,
could you please try if this issue is reproducible: if whenever you
attempt the backup (to a fresh empty target directory), it fails with
"not exists"?
Could you please check if the keys that happen to make it to the backup
belong to the same zone, or that it's one from each zone? (You light use
`keymgr list` to check which key ID belongs to which zone.)
Thanks,
Libor
Dne 08. 12. 20 v 21:36 Thomas napsal(a):
> Hi Libor,
>
> sorry, I was really too unspecific.
>
> I'm hosting 2 zones. These 4 keys are on the production machine:
>
> root@signer-0:/var/lib/knot/keys/keys# ls -alh
>
>
> -rw-r----- 1 knot knot 1,7K Nov 5 16:22
> 087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
> -rw-r----- 1 knot knot 916 Nov 5 16:44
> 1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
> -rw-r----- 1 knot knot 916 Nov 5 16:22
> 6ebb8eb3ec2ddaf150119b4bc11b47dcec91621a.pem
> -rw-r----- 1 knot knot 1,7K Nov 5 16:44
> d7e47e2909f4d5947d8fb8684cb79ed06feb4b0a.pem
>
>
> Performing a backup with the following command:
>
> # knotc zone-backup +backupdir /tmp/backup
>
> Backup directory after performing the backup shows:
>
> root@signer-0:/tmp/backup/keys/keys# ls -ahl
>
> -rw-r----- 1 knot knot 1,7K Dez 8 20:21
> 087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
> -rw-r----- 1 knot knot 916 Dez 8 20:21
> 1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
>
> 2 keys are missing.
>
> Hhmm ok, there is an error in the log:
>
> 2020-12-08T20:26:43+0000 info: control, received command 'zone-backup'
> 2020-12-08T20:26:43+0000 warning: [xxx.] zone backup failed (not exists)
> 2020-12-08T20:26:43+0000 error: [xxx.] zone event 'backup/restore'
> failed (not exists)
> 2020-12-08T20:26:43+0000 warning: [yyy.] zone backup failed (not exists)
> 2020-12-08T20:26:43+0000 error: [yyy.] zone event 'backup/restore'
> failed (not exists)
>
> I'm using the latest knot version.
>
>
> Best regards,
>
> Thomas
>
>
>
> Am 08.12.20 um 16:56 schrieb libor.peltan:
>> Hi Thomas,
>>
>> could you be more specific about "half of private keys were in the
>> backup" ? How many were, how many weren't, and was there some obvious
>> difference between them?
>>
>> Could you share the log snippets covering the backup and the restore
>> procedures?
>>
>> Thanks,
>>
>> Libor
>>
>> Dne 08. 12. 20 v 16:48 Thomas E. napsal(a):
>>> Hi (again),
>>>
>>> I was trying to backup and restore a server with the new knotc
>>> zone-backup/restore command.
>>>
>>> I recognized that only half of the private keys were in the backup,
>>> which leads to an error:
>>>
>>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load private
>>> keys (not exists)
>>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load keys (not
>>> exists)
>>>
>>> Shouldn't the backup contain all private keys?
>>>
>>>
>>> Thanks,
>>> Thomas