26 Čen
2021
26 Čen
'21
9:53
Hi,
i'm trying to setup a knot dns server for my personal domain.
The servers are running and synchronizing between master and slave, but
i cannot figure out why they do not get accepted by my domain hoster.
I do get a 'Parameter value range error' response from them, so i figure
it may be my configuration which is not right.
I'm no pro in this stuff but i'm curious how it works, so if you don't
mind i'll post it here and maybe someone has a thought what could be
going on. Or maybe has some additional test i can run.
I also checked them with nast from denic:
https://www.denic.de/en/service/tools/nast/ (Nameserver Predelegation Check)
Which doesn't complain, if i enter ns1.mydomain.de/ns2.domain.de and
ipv4 / ipv6 ip's and click 'execute check'.
I also checked with dig for response:
dig @ns1.mydomain.de mydomain.de soa
;; BADCOOKIE, retrying.
; <<>> DiG 9.16.18 <<>> @ns1.mydomain.de mydomain.de soa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1174
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 270b9518832d67270100000060d6d65c1844d3479cc64453 (good)
;; QUESTION SECTION:
;mydomain.de. IN SOA
;; ANSWER SECTION:
mydomain.de. 86400 IN SOA ns1.mydomain.de.
dnsadmin.mydomain.de. 2021062526 14400 1800 2419200 900
;; Query time: 63 msec
;; SERVER: aa.bb.cc.dd.ee#53(aa.bb.cc.dd)
;; WHEN: Sa Jun 26 09:25:16 CEST 2021
;; MSG SIZE rcvd: 119
and here is my config:
server:
identity: ns1.mydomain.de
nsid: ns1.mydomain.de
rundir: "/run/knot"
user: knot:knot
listen: [ aa.bb.cc.dd.ee@53, aa:bb:cc:dd@53 ]
mod-rrl:
- id: default
rate-limit: 200
slip: 2
log:
- target: syslog
any: info
policy:
- id: rsa2k
algorithm: RSASHA256
ksk-size: 4096
zsk-size: 2048
nsec3: on
- id: ececc
algorithm: ecdsap384sha384
nsec3: on
template:
- id: default
storage: "/var/lib/knot"
dnssec-signing: on
dnssec-policy: rsa2k
global-module: mod-cookies
global-module: mod-rrl/default
database:
storage: "/var/lib/knot"
key:
- id: dnsmaster
algorithm: hmac-sha512
secret: secret
- id: dnsslave
algorithm: hmac-sha512
secret: secret
remote:
- id: secondary
address: ee.ff.gg.hh@53
key: dnsslave
acl:
- id: acl_secondary
address: ee.ff.gg.hh
key: dnsmaster
action: transfer
zone:
- domain: mydomain.de
file: "/etc/knot/zones/mydomain.de.zone"
notify: secondary
acl: acl_secondary
zonefile-load: difference
and my zone file (without the keys and stuff added from knotd):
;; Zone dump (Knot DNS 3.0.7)
mydomain.de. 86400 SOA ns1.mydomain.de.
dnsadmin.mydomain.de. 2021062526 14400 1800 2419200 900
mydomain.de. 86400 AAAA aa:bb:cc:dd
mydomain.de. 86400 A aa.bb.cc.dd
mydomain.de. 86400 TXT "v=spf1 ip4:aa.bb.cc.dd -all"
mydomain.de. 86400 NS ns1.mydomain.de.
mydomain.de. 86400 NS ns2.mydomain.de.
mydomain.de. 86400 MX 10 mail.mydomain.de.
_dmarc.mydomain.de. 86400 TXT "v=DMARC1; p=reject;
rua=mailto:postmaster@mydomain.de; pct=100; fo=0:d:s; aspf=r; adkim=r;"
_token._dnswl.mydomain.de. 86400 TXT "somestuff"
2020._domainkey.mydomain.de. 86400 TXT "v=DKIM1;k=rsa;p=alongline"
_mta-sts.mydomain.de. 86400 TXT "v=STSv1; id=20210519103000Z;"
_smtp._tls.mydomain.de. 86400 TXT "v=TLSRPTv1;
rua=mailto:postmaster@mydomain.de"
autoconfig.mydomain.de. 86400 AAAA aa:bb:cc:dd
autoconfig.mydomain.de. 86400 A aa.bb.cc.dd
test.mydomain.de. 86400 AAAA ee:ff:gg:hh
test.mydomain.de. 86400 A ee.ff.gg.hh
imap.mydomain.de. 86400 AAAA aa:bb:cc:dd
imap.mydomain.de. 86400 A aa.bb.cc.dd
mail.mydomain.de. 86400 AAAA aa:bb:cc:dd
mail.mydomain.de. 86400 A aa.bb.cc.dd
mta-sts.mydomain.de. 86400 AAAA aa:bb:cc:dd
mta-sts.mydomain.de. 86400 A aa.bb.cc.dd
ns1.mydomain.de. 86400 AAAA aa:bb:cc:dd
ns1.mydomain.de. 86400 A aa.bb.cc.dd
ns2.mydomain.de. 86400 A ee.ff.gg.hh
ns2.mydomain.de. 86400 AAAA ee:ff:gg:hh
smtp.mydomain.de. 86400 AAAA aa:bb:cc:dd
smtp.mydomain.de. 86400 A aa.bb.cc.dd
wiki.mydomain.de. 86400 AAAA aa:bb:cc:dd
wiki.mydomain.de. 86400 A aa.bb.cc.dd
www.mydomain.de. 86400 AAAA aa:bb:cc:dd
www.mydomain.de. 86400 A aa.bb.cc.dd
thanks for listening!
juergen