[knot-dns-users] Re: restore, key copy failed (already exists)

Hi Einar, thank you for your bug report :) We are trying to reproduce your observations, but without luck yet. Anyway, it would be useful if you provide us with more complete information, mostly (at least) about the server where you do observe the issue (which is, I assume, the backup signer where the keys are being restored to):  - Knot DNS version  - configuration file (or at least relevant parts; don't forget to remove any TSIG secrets or sensitive IPs)  - longer log snippets around the time the issue was observed  - the script that you use for the backup (or at least relevant parts; unless it is somehow sensitive)  - maybe also the directory with the backup whose "restore" triggers the issue (don't forget to delete the contents of all the PEM files in it!!, and note that data.mdb only contains public keys) I'd also have some more questions to make a complete picture about the situation: 1) Is it possible that the issue is not really triggered by algorithm rollover, but by Knot DNS version upgrade? Have you upgraded Knot DNS recently? 2) Do you use PKCS#11 is any way (either a HSM or SoftHSM), or just PKCS#8 (PEM files directly accessed by Knot)? 3) Do you somehow clean up the destination Knot's directories before calling zone-restore? 4) Do you somehow clean up the target directory on the active signer before performing zone-backup into that directory (or you always create fresh empty directory for the purpose)? 5) When manipulating with the backup directory, do you somehow write its content into an existing directory with an older version of the backup in it? Thank you much for providing at least some of those! Libor On 29. 11. 25 20:22, Einar Bjarni Halldórsson via knot-dns-users wrote: