28 Lis
2025
28 Lis
'25
11:44
Hi David,
On 28 Nov 2025, at 10:38, David Vasek
<david.vasek(a)nic.cz> wrote:
thank you for your report. We are investigating the issue. Just to be sure - do you have
all keys in softhsm's only? If I understand it right, you sync both Knot
configuration
and softhsm data from the active to the backup signer first, don't you?
All keys are in softhsm only and we only sync the softhsm data.
The signers where running 3.5.0 from ports on FreeBSD 14.3.
I saw some changes regarding keys in 3.5.1 and 3.5.2, so I just tried
upgrading, but the issue still resides.
On the active signer we run:
knotc zone-backup +backupdir /tmp/somedir +nozonefile +nojournal +notimers \
+kaspdb +nocatalog
On the backup signer we run:
knotc zone-restore +backupdir /tmp/somedir +nozonefile +nojournal +notimers \
+kaspdb +nocatalog
I tested removing the keys from the secondary /var/db/knot/keys and synced
without errors. Subsequent syncs also run without errors.
.einar