[knot-dns-users] Re: Why does knot need so much prodding to XFR and sign my zones?

11 Úno 2023

...
 4) The secondary Knot is reloaded:
2023-02-11T14:05:18+0100 info: [055e.] zone will be bootstrapped
2023-02-11T14:05:18+0100 info: [055e.] AXFR, incoming, remote::1@3889, started
2023-02-11T14:05:18+0100 info: [055e.] AXFR, incoming, remote::1@3889, finished, 0.00
seconds, 1 messages, 211 bytes
2023-02-11T14:05:18+0100 info: [055e.] DNSSEC, key, tag 36332, algorithm ECDSAP256SHA256,
KSK, public, active
2023-02-11T14:05:18+0100 info: [055e.] DNSSEC, key, tag 55614, algorithm ECDSAP256SHA256,
public, active
2023-02-11T14:05:19+0100 info: [055e.] DNSSEC, signing started
2023-02-11T14:05:19+0100 info: [055e.] DNSSEC, successfully signed 
...
 What is different? 
The only differences I see:
  - no 'master' remote specified in the zone config (probably in template)
  - you're using algo=13 keys, I algo=8
  - different HSM type
  - your example works, mine doesn't.

As soon as your AXFR completes, the server 'sees' the keys and signs, which is
precisely the behaviour I'd expect.

In my situations, the AXFR completes, and the next log is "DNSSEC, no keys are
available".

	-JP

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[knot-dns-users] Re: Why does knot need so much prodding to XFR and sign my zones?