12 Lis
2019
12 Lis
'19
13:44
Hi Jan-Piet,
we agree that the wording of log messages is not fortunate enough. We
will think how to improve this. Some suggestions are welcome.
The KSK submission (i.e. somehow uploading the DS record to the parent
zone) is in general expected to be done by the user manually, while Knot
only periodically checks if it's done, by querying the configured parent
server.
In typical usecases the parent zone is a TLD and there is no consesus on
an interface for automatic DS upload. There are some methods, but we
considered them too needy for configuration.
However, in version 2.8.4, we implemented "DS push", which does exactly
what you asked for. It's mostly intended for the case when the operator
also owns the parent zone (possibly even on the very same server).
https://www.knot-dns.cz/docs/2.9/singlehtml/index.html#ds-push
To your second question, i'm not sure what kind of information exactly
would you welcome in the log messages. It's obvious that printing the
contents of the DDNS updates would be over too verbose. Anyway, if the
update succeedes, you might probably be able to view it as a changeset
in your journal, by using kjournalprint.
BR,
Libor
Dne 12.11.19 v 13:25 Jan-Piet Mens napsal(a):
Hello!
after reading and rereading the documentation (release 2.9) section on
automatic KSK management, and rereading it again, I finally understood
the part which says "the user shall propagate [the DS] to the
parent". In particular due to the log entry
info: DS check, outgoing, remote 127.0.0.1@53, KSK submission attempt:
negative
and the phrasing of the "submission:" configuration stanza, I thought
Knot would attempt to do so itself via dynamic update. I think I was
injecting too much wishful thinking into the text. :)
Now to my two questions:
Is it envisioned to have Knot launch an executable in order to perform
the submission? I'm thinking along the lines of Knot running at every
`check-interval':
./ds-submitter zone "<cds>" "<cdnskey>"
upon which the ds-submitter program could (e.g. via RFC2136) add DS
RRset to the parent zone. Might be nice to have ... (I did see the bit
about journald and using that to trigger DS submission, but using
journald frightens me a bit.)
I notice that a dynamic update on 2.9 logs
info: [zone.] DDNS, processing 1 updates
is there any way to get more details logged (what the update actually
was)? My configuration contains:
log:
- target: syslog
server: debug
control: debug
zone: debug
any: debug
Thank you.
-JP