11 Dub
2025
11 Dub
'25
12:13
Hi,
This is just a possible feature request. We’re planning on using Knot for user
hosted domains. To do that we’ll have to add and remove zones dynamically,
so we’ve enabled the config db.
What surprised us is that this means that the config file isn’t used at all anymore
(except you can use it to prime the config db).
As it is, we’ll have to embrace the config db, which makes our ansible playbook
more complicated. It’s easy to add a config file template in ansible, it’s more
complicated to issue `knotc conf-begin; knotc conf-set; knotc conf-commit` logic.
I wish knot was more like nsd, where you have the config file nsd.conf, but if
you add zones with `nsd-control addzone ….` it gets added to a seperate zonelist
file, which nsd reads on startup. It means we can have a static config file, but
still be able to add and delete zones dynamically.
nsd doesn’t have automatic DNSSEC key management and catalog zones in knot
are really easy to use, which is why we’re going with knot for this project. I just
wanted to lay it out there as an idea for the future :)
.einar
11 Dub
11 Dub
12:19
Hi Einar,
It's possible to do that by adding
clear: !(zone)
in the beginning of your config file, and running
knotc conf-import -f /etc/knot/knot.conf +nopurge
in your playbook. This will overwrite the configuration database, except for the zones.
HTH,
Peter
On 4/11/25 12:13, Einar Bjarni Halldórsson via knot-dns-users wrote:
Hi,
This is just a possible feature request. We’re planning on using Knot for user
hosted domains. To do that we’ll have to add and remove zones dynamically,
so we’ve enabled the config db.
What surprised us is that this means that the config file isn’t used at all anymore
(except you can use it to prime the config db).
As it is, we’ll have to embrace the config db, which makes our ansible playbook
more complicated. It’s easy to add a config file template in ansible, it’s more
complicated to issue `knotc conf-begin; knotc conf-set; knotc conf-commit` logic.
I wish knot was more like nsd, where you have the config file nsd.conf, but if
you add zones with `nsd-control addzone ….` it gets added to a seperate zonelist
file, which nsd reads on startup. It means we can have a static config file, but
still be able to add and delete zones dynamically.
nsd doesn’t have automatic DNSSEC key management and catalog zones in knot
are really easy to use, which is why we’re going with knot for this project. I just
wanted to lay it out there as an idea for the future :)
.einar
--
--
Like our community service? 💛
Please consider donating at
https://desec.io/
deSEC e.V.
Möckernstraße 74
10965 Berlin
Germany
Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
12:20
Hi Peter,
On 11 Apr 2025, at 10:19, Peter Thomassen
<peter(a)desec.io> wrote:
It's possible to do that by adding
clear: !(zone)
in the beginning of your config file, and running
knotc conf-import -f /etc/knot/knot.conf +nopurge
in your playbook. This will overwrite the configuration database, except for the zones.
Thank you! I’ll try that.
.einar
12:30
Hello Einar!
Did you consider catalog zones?
https://www.knot-dns.cz/docs/3.4/html/configuration.html#catalog-zones
Regards,
David
On 2025-04-11 12:13, Einar Bjarni Halldórsson via knot-dns-users wrote:
Hi,
This is just a possible feature request. We’re planning on using Knot
for user
hosted domains. To do that we’ll have to add and remove zones
dynamically,
so we’ve enabled the config db.
What surprised us is that this means that the config file isn’t used at
all anymore
(except you can use it to prime the config db).
As it is, we’ll have to embrace the config db, which makes our ansible
playbook
more complicated. It’s easy to add a config file template in ansible,
it’s more
complicated to issue `knotc conf-begin; knotc conf-set; knotc
conf-commit` logic.
I wish knot was more like nsd, where you have the config file nsd.conf,
but if
you add zones with `nsd-control addzone ….` it gets added to a seperate
zonelist
file, which nsd reads on startup. It means we can have a static config
file, but
still be able to add and delete zones dynamically.
nsd doesn’t have automatic DNSSEC key management and catalog zones in
knot
are really easy to use, which is why we’re going with knot for this
project. I just
wanted to lay it out there as an idea for the future :)
.einar
--
12:35
Hi David,
On 11 Apr 2025, at 10:30, David Vasek
<david.vasek(a)nic.cz> wrote:
Did you consider catalog zones?
https://www.knot-dns.cz/docs/3.4/html/configuration.html#catalog-zones
I did, and I’ll probably use catalog zones later, but for now we’re
migrating the hidden master in a legacy setup, so I want to avoid
changing much on the public secondaries.
.einar
13:32
Hi Einar,
based on you description, catalog zones seem to be a reasonable solution for you.
You can use an interpreted catalog zone just for the primary server input.
It doesn't affect further secondaries.
Daniel
On 4/11/25 12:35, Einar Bjarni Halldórsson via knot-dns-users wrote:
Hi David,
On 11 Apr 2025, at 10:30, David Vasek
<david.vasek(a)nic.cz> wrote:
Did you consider catalog zones?
https://www.knot-dns.cz/docs/3.4/html/configuration.html#catalog-zones
I did, and I’ll probably use catalog zones later, but for now we’re
migrating the hidden master in a legacy setup, so I want to avoid
changing much on the public secondaries.
.einar
--
7
days inactive
7
days old
5 comments
4 participants
participants (4)
-
Daniel Salzman -
David Vasek -
Einar Bjarni Halldórsson -
Peter Thomassen