8 Pro
2020
8 Pro
'20
21:36
Hi Libor,
sorry, I was really too unspecific.
I'm hosting 2 zones. These 4 keys are on the production machine:
root@signer-0:/var/lib/knot/keys/keys# ls -alh
-rw-r----- 1 knot knot 1,7K Nov 5 16:22
087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
-rw-r----- 1 knot knot 916 Nov 5 16:44
1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
-rw-r----- 1 knot knot 916 Nov 5 16:22
6ebb8eb3ec2ddaf150119b4bc11b47dcec91621a.pem
-rw-r----- 1 knot knot 1,7K Nov 5 16:44
d7e47e2909f4d5947d8fb8684cb79ed06feb4b0a.pem
Performing a backup with the following command:
# knotc zone-backup +backupdir /tmp/backup
Backup directory after performing the backup shows:
root@signer-0:/tmp/backup/keys/keys# ls -ahl
-rw-r----- 1 knot knot 1,7K Dez 8 20:21
087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
-rw-r----- 1 knot knot 916 Dez 8 20:21
1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
2 keys are missing.
Hhmm ok, there is an error in the log:
2020-12-08T20:26:43+0000 info: control, received command 'zone-backup'
2020-12-08T20:26:43+0000 warning: [xxx.] zone backup failed (not exists)
2020-12-08T20:26:43+0000 error: [xxx.] zone event 'backup/restore'
failed (not exists)
2020-12-08T20:26:43+0000 warning: [yyy.] zone backup failed (not exists)
2020-12-08T20:26:43+0000 error: [yyy.] zone event 'backup/restore'
failed (not exists)
I'm using the latest knot version.
Best regards,
Thomas
Am 08.12.20 um 16:56 schrieb libor.peltan:
Hi Thomas,
could you be more specific about "half of private keys were in the
backup" ? How many were, how many weren't, and was there some obvious
difference between them?
Could you share the log snippets covering the backup and the restore
procedures?
Thanks,
Libor
Dne 08. 12. 20 v 16:48 Thomas E. napsal(a):
> Hi (again),
>
> I was trying to backup and restore a server with the new knotc
> zone-backup/restore command.
>
> I recognized that only half of the private keys were in the backup,
> which leads to an error:
>
> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load private
> keys (not exists)
> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load keys (not
> exists)
>
> Shouldn't the backup contain all private keys?
>
>
> Thanks,
> Thomas