9 Pro
2020
9 Pro
'20
12:25
Hi Libor,
# knotc -V
knotc (Knot DNS), version 3.0.2
Thomas
On 09.12.20 12:16, libor.peltan wrote:
Hi Thomas,
aren't you using Knot version 3.0.0 (thus lower than 3.0.1) ?
Libor
Dne 09. 12. 20 v 11:39 Thomas E. napsal(a):
> Hi Libor,
>
> I deleted the backup directory a few times, but I receive the same error
> every time:
>
> 2020-12-09T10:31:52+0000 info: control, received command 'zone-backup'
> 2020-12-09T10:31:52+0000 warning: [xxx.] zone backup failed (not exists)
> 2020-12-09T10:31:52+0000 error: [xxx.] zone event 'backup/restore'
> failed (not exists)
> 2020-12-09T10:31:52+0000 warning: [yyy.] zone backup failed (not exists)
> 2020-12-09T10:31:52+0000 error: [yyy.] zone event 'backup/restore'
> failed (not exists)
>
>
>
> One of the keys is the ZSK of zone xxx and the oterh the KSKS of zone
> yyy.
>
>
> root@signer-0:/# keymgr xxx list human | grep
> 1fb3900b2e5ac72d30f927016ea4546ca561a5da
>
> 1fb3900b2e5ac72d30f927016ea4546ca561a5da ksk=no zsk=yes tag=39969
> algorithm=7 size=1024 public-only=no pre-active=0
> publish=-1M3D17h49m4s ready=0 active=-1M3D17h49m4s retire-active=0
> retire=0 post-active=0 revoke=0 remove=0
>
>
> root@signer-0:/# keymgr yyy list human | grep
> 087cc573318e070befff1d9cbcf07e3b5cf5444d
>
> 087cc573318e070befff1d9cbcf07e3b5cf5444d ksk=yes zsk=no tag=37419
> algorithm=7 size=2048 public-only=no pre-active=0
> publish=-1M3D18h11m7s ready=-1M3D18h11m7s active=-26D12h49m4s
> retire-active=0 retire=0 post-active=0 revoke=0 remove=0
>
> Best regards,
> Thomas
>
> On 09.12.20 11:15, libor.peltan wrote:
>> Hi Thomas,
>>
>> could you please try if this issue is reproducible: if whenever you
>> attempt the backup (to a fresh empty target directory), it fails with
>> "not exists"?
>>
>> Could you please check if the keys that happen to make it to the backup
>> belong to the same zone, or that it's one from each zone? (You light use
>> `keymgr list` to check which key ID belongs to which zone.)
>>
>> Thanks,
>>
>> Libor
>>
>> Dne 08. 12. 20 v 21:36 Thomas napsal(a):
>>> Hi Libor,
>>>
>>> sorry, I was really too unspecific.
>>>
>>> I'm hosting 2 zones. These 4 keys are on the production machine:
>>>
>>> root@signer-0:/var/lib/knot/keys/keys# ls -alh
>>>
>>>
>>> -rw-r----- 1 knot knot 1,7K Nov 5 16:22
>>> 087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
>>> -rw-r----- 1 knot knot 916 Nov 5 16:44
>>> 1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
>>> -rw-r----- 1 knot knot 916 Nov 5 16:22
>>> 6ebb8eb3ec2ddaf150119b4bc11b47dcec91621a.pem
>>> -rw-r----- 1 knot knot 1,7K Nov 5 16:44
>>> d7e47e2909f4d5947d8fb8684cb79ed06feb4b0a.pem
>>>
>>>
>>> Performing a backup with the following command:
>>>
>>> # knotc zone-backup +backupdir /tmp/backup
>>>
>>> Backup directory after performing the backup shows:
>>>
>>> root@signer-0:/tmp/backup/keys/keys# ls -ahl
>>>
>>> -rw-r----- 1 knot knot 1,7K Dez 8 20:21
>>> 087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
>>> -rw-r----- 1 knot knot 916 Dez 8 20:21
>>> 1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
>>>
>>> 2 keys are missing.
>>>
>>> Hhmm ok, there is an error in the log:
>>>
>>> 2020-12-08T20:26:43+0000 info: control, received command
'zone-backup'
>>> 2020-12-08T20:26:43+0000 warning: [xxx.] zone backup failed (not
>>> exists)
>>> 2020-12-08T20:26:43+0000 error: [xxx.] zone event 'backup/restore'
>>> failed (not exists)
>>> 2020-12-08T20:26:43+0000 warning: [yyy.] zone backup failed (not
>>> exists)
>>> 2020-12-08T20:26:43+0000 error: [yyy.] zone event 'backup/restore'
>>> failed (not exists)
>>>
>>> I'm using the latest knot version.
>>>
>>>
>>> Best regards,
>>>
>>> Thomas
>>>
>>>
>>>
>>> Am 08.12.20 um 16:56 schrieb libor.peltan:
>>>> Hi Thomas,
>>>>
>>>> could you be more specific about "half of private keys were in the
>>>> backup" ? How many were, how many weren't, and was there some
obvious
>>>> difference between them?
>>>>
>>>> Could you share the log snippets covering the backup and the restore
>>>> procedures?
>>>>
>>>> Thanks,
>>>>
>>>> Libor
>>>>
>>>> Dne 08. 12. 20 v 16:48 Thomas E. napsal(a):
>>>>> Hi (again),
>>>>>
>>>>> I was trying to backup and restore a server with the new knotc
>>>>> zone-backup/restore command.
>>>>>
>>>>> I recognized that only half of the private keys were in the backup,
>>>>> which leads to an error:
>>>>>
>>>>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load
private
>>>>> keys (not exists)
>>>>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load keys
>>>>> (not
>>>>> exists)
>>>>>
>>>>> Shouldn't the backup contain all private keys?
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Thomas