4 Srp
2021
4 Srp
'21
10:56
Hi MJ,
If you're using the same Knot instance to host a mix of primary (signed)
and secondary zones, then I suggest you set "zonefile-load" to "none"
in
your template, and then override it with "difference-no-serial" for the
primary zones. Secondary zones don't need a zone file at all. Incoming
XFRs are stored into the journal, and the zones are loaded entirely from
the journal at startup.
Regards,
Anand
On 04/08/2021 10:47, mj wrote:
Hi Libor,
Thanks again for quick and accurate assistane.
It worked perfectly.
As I took the secondary config from
https://www.knot-dns.cz/docs/3.1/singlehtml/#secondary-slave-zone
should that perhaps be added in the config sample there..?
All the best!
MJ
On 8/3/21 10:20 PM, libor.peltan wrote:
> Hi MJ,
>
> maybe you want to set up zonefile-load to none?
>
> https://www.knot-dns.cz/docs/3.1/singlehtml/index.html#zonefile-load
>
> Thanks,
>
> Libor
>
> Dne 03. 08. 21 v 21:16 mj napsal(a):
>> Hi,
>>
>> Sorry to come back again, but it seems we still have an issue:
>>
>> Knot is not serving our secondary zones after restarting, until we
>> issue a "knotc zone-retransfer sub3.company.com". Then it will start
>> answering queries for the zone.
>>
>> A knot restart logs:
>>
>>> knotd[4436]: info: [sub3.company.com.] zone will be loaded
>>> knotd[4436]: info: [sub3.company.com.] zone loaded from journal,
>>> serial 2016110905
>>> knotd[4436]: info: [sub3.company.com.] failed to parse zone file
>>> (not exists)
>>
>> To demonstrate, after having restarted knot:
>>
>>> root@knot:/etc/knot# kdig sub3.company.com @4.5.6.7
>>> ;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 13771
>>> ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
>>>
>>> ;; QUESTION SECTION:
>>> ;; sub3.company.com. IN A
>>>
>>> ;; Received 30 B
>>> ;; Time 2021-08-03 20:44:29 CEST
>>> ;; From 4.5.6.7@53(UDP) in 0.0 ms
>>
>>
>>> root@knot:/etc/knot# knotc zone-retransfer sub3.company.com
>>> OK
>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] control,
>>> received command 'zone-retransfer'
>>> root@www:/etc/knot# Aug 3 20:44:39 www knotd[4186]: info:
>>> [sub3.company.com.] AXFR, incoming, remote 1.2.3.4@53, started
>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] AXFR,
>>> incoming, remote 1.2.3.4@53, finished, 0.02 seconds, 23 messages,
>>> 1914 bytes
>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] zone
>>> stored to journal, serial 2016090960
>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] refresh,
>>> remote 1.2.3.4@53, zone updated, 0.12 seconds, serial none ->
>>> 2016090960
>>
>>
>>> root@knot:/etc/knot# kdig sub3.company.com @4.5.6.7
>>> ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 44788
>>> ;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0
>>>
>>> ;; QUESTION SECTION:
>>> ;; sub3.company.com. IN A
>>>
>>> ;; ANSWER SECTION:
>>> sub3.company.com. 3600 IN A 1.2.3.4
>>>
>>> ;; Received 46 B
>>> ;; Time 2021-08-03 20:44:44 CEST
>>> ;; From 4.5.6.7@53(UDP) in 0.1 ms
>>
>>
>> In knot.conf, we have set as a template: journal-content: all, and
>> the secondary zone is defined like:
>>
>>> - domain: sub3.company.com
>>> storage: /var/lib/knot/zones
>>> master: zones_master
>>> acl: notify_from_master
>>
>> As a side note: the directory /var/lib/knot/zones contains nothing
>> sub3.company.com related. (which explains the knot startup message
>> "failed to parse zone file (not exists)")
>>
>> Why would knot after restart load the zone from journal, but not
>> start serving it? Have I misconfigured something?
>>
>> Sorry to have asked so many questions in just two days. :-)
>>
>> MJ