28 Lis
2016
28 Lis
'16
21:22
Hi,
As you are running 2.3.1 version, you must create an empty configuration
for
the module:
mod-online-sign:
- id: default
zone:
- domain: tregon-grifon.swordarmor.fr
module: [mod-synth-record/tregon-grifon, mod-online-sign/default]
...
The second problem is that this module hasn't been upgraded to the new
dnssec
configuration. So you must utilize keymgr in the legacy mode:
$ keymgr -l init
$ keymgr -l zone add tregon-grifon.swordarmor.fr
$ keymgr -l zone key generate tregon-grifon.swordarmor.fr algorithm
ecdsap256sha256 size 256
Then the online signing should work.
I'm sorry for these complications.
Daniel
On 2016-11-28 18:50, Alarig Le Lay wrote:
On Mon Nov 28 14:53:03 2016, Daniel Salzman wrote:
Hi,
Knot already supports online signing. See
https://www.knot-dns.cz/docs/2.x/singlehtml/index.html#online-sign-online-d…
Daniel
Thanks for your reply :)
I tried it, but the documentation speaks about KASP, that is now
deprecated regarding to tools.c
https://gitlab.labs.nic.cz/labs/knot/blob/master/src/knot/conf/tools.c#L505
So instead, I tried with the dnssec-policy option
66 - domain: tregon-grifon.swordarmor.fr
67 file: tregon-grifon.swordarmor.fr.zone # Must exist
68 module: [mod-synth-record/tregon-grifon, mod-online-sign]
69 dnssec-signing: false
70 dnssec-policy: default
but knotc does not want to reload the daemon.
eddy ~ # knotc reload
error: config, file '/etc/knot/knot.conf', line 68, item 'module',
value 'mod-online-sign' (invalid parameter)
error: failed to load configuration file '/etc/knot/knot.conf'
(invalid parameter)
I’m running the version 2.3.1.