3 Srp
2021
3 Srp
'21
10:16
On 02/08/2021 17:45, mj wrote:
Next up: configuring knot for the secondary zones that
we host.
A follow-up question on the knot-as-secondary project.
Know has to be secondary (like bind was) for some external zones, hosted
on windows server 2019 dns. (they are just regular public dns zones,
nothing AD related)
I installed knot on the same server as bind, so on the other side all
ACLs etc should still be valid, and yes:
kdig AXFR sub3.company.com @1.2.3.4
on the knot
server returns the complete zone, and it looks good.
(willing to share it if needed)
However, knotd says:
Aug 03 09:52:47 knot systemd[1]: Started Knot DNS
server.
Aug 03 09:52:47 knot knotd[11400]: info: [sub3.company.com.] AXFR, incoming, remote
1.2.3.4@53, started
Aug 03 09:52:47 knot knotd[11400]: debug: [sub3.company.com.] refresh, remote
prim_master, address 1.2.3.4@53, failed (trailing data)
Aug 03 09:52:47 knot knotd[11400]: warning: [sub3.company.com.] refresh, remote
prim_master_master not usable
Aug 03 09:52:47 knot knotd[11400]: error: [sub3.company.com.] refresh, failed (no usable
master)
Aug 03 09:52:47 knot knotd[11400]: error: [sub3.company.com.] zone event
'refresh' failed (no usable master)
Below is the knot config:
server:
rundir: "/run/knot"
user: knot:knot
listen: [ 0.0.0.0@53 ]
log:
- target: syslog
any: debug
database:
storage: "/var/lib/knot"
remote:
- id: prim_master
address: 1.2.3.4
acl:
- id: notify_from_prim
address: 1.2.3.4
action: notify
template:
- id: default
storage: "/var/lib/knot"
file: "%s.zone"
journal-content: all
zonefile-load: difference-no-serial
zonefile-sync: -1
zone:
- domain: sub3.company.com
storage: /var/lib/knot/zones
master: prim_master
acl: notify_from_prim
Switching back to bind, and it all works.
Is there some kind of incompatibility between knot and windows 2019 DNS?
(again: regular public DNS zone, no AD records etc)
Examples above are for sub3.company.com, but the same goes for sub2 and
sub1.
I am also asking my colleages about more details and perhaps logs from
the windows side of things.
But asking here: is there anything wrong in my knot.conf?
Thanks!