Hi MJ, If you're using the same Knot instance to host a mix of primary (signed) and secondary zones, then I suggest you set "zonefile-load" to "none" in your template, and then override it with "difference-no-serial" for the primary zones. Secondary zones don't need a zone file at all. Incoming XFRs are stored into the journal, and the zones are loaded entirely from the journal at startup.
Regards, Anand On 04/08/2021 10:47, mj wrote: > Hi Libor, > > Thanks again for quick and accurate assistane. > > It worked perfectly. > > As I took the secondary config from > https://www.knot-dns.cz/docs/3.1/singlehtml/#secondary-slave-zone > > should that perhaps be added in the config sample there..? > > All the best! > MJ > > On 8/3/21 10:20 PM, libor.peltan wrote: >> Hi MJ, >> >> maybe you want to set up zonefile-load to none? >> >> https://www.knot-dns.cz/docs/3.1/singlehtml/index.html#zonefile-load >> >> Thanks, >> >> Libor >> >> Dne 03. 08. 21 v 21:16 mj napsal(a): >>> Hi, >>> >>> Sorry to come back again, but it seems we still have an issue: >>> >>> Knot is not serving our secondary zones after restarting, until we >>> issue a "knotc zone-retransfer sub3.company.com". Then it will start >>> answering queries for the zone. >>> >>> A knot restart logs: >>> >>>> knotd[4436]: info: [sub3.company.com.] zone will be loaded >>>> knotd[4436]: info: [sub3.company.com.] zone loaded from journal, >>>> serial 2016110905 >>>> knotd[4436]: info: [sub3.company.com.] failed to parse zone file >>>> (not exists) >>> >>> To demonstrate, after having restarted knot: >>> >>>> root@knot:/etc/knot# kdig sub3.company.com @4.5.6.7 >>>> ;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 13771 >>>> ;; Flags: qr rd; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 >>>> >>>> ;; QUESTION SECTION: >>>> ;; sub3.company.com. IN A >>>> >>>> ;; Received 30 B >>>> ;; Time 2021-08-03 20:44:29 CEST >>>> ;; From 4.5.6.7@53(UDP) in 0.0 ms >>> >>> >>>> root@knot:/etc/knot# knotc zone-retransfer sub3.company.com >>>> OK >>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] control, >>>> received command 'zone-retransfer' >>>> root@www:/etc/knot# Aug 3 20:44:39 www knotd[4186]: info: >>>> [sub3.company.com.] AXFR, incoming, remote 1.2.3.4@53, started >>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] AXFR, >>>> incoming, remote 1.2.3.4@53, finished, 0.02 seconds, 23 messages, >>>> 1914 bytes >>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] zone >>>> stored to journal, serial 2016090960 >>>> Aug 3 20:44:39 www knotd[4186]: info: [sub3.company.com.] refresh, >>>> remote 1.2.3.4@53, zone updated, 0.12 seconds, serial none -> >>>> 2016090960 >>> >>> >>>> root@knot:/etc/knot# kdig sub3.company.com @4.5.6.7 >>>> ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 44788 >>>> ;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0 >>>> >>>> ;; QUESTION SECTION: >>>> ;; sub3.company.com. IN A >>>> >>>> ;; ANSWER SECTION: >>>> sub3.company.com. 3600 IN A 1.2.3.4 >>>> >>>> ;; Received 46 B >>>> ;; Time 2021-08-03 20:44:44 CEST >>>> ;; From 4.5.6.7@53(UDP) in 0.1 ms >>> >>> >>> In knot.conf, we have set as a template: journal-content: all, and >>> the secondary zone is defined like: >>> >>>> - domain: sub3.company.com >>>> storage: /var/lib/knot/zones >>>> master: zones_master >>>> acl: notify_from_master >>> >>> As a side note: the directory /var/lib/knot/zones contains nothing >>> sub3.company.com related. (which explains the knot startup message >>> "failed to parse zone file (not exists)") >>> >>> Why would knot after restart load the zone from journal, but not >>> start serving it? Have I misconfigured something? >>> >>> Sorry to have asked so many questions in just two days. :-) >>> >>> MJ -- https://lists.nic.cz/mailman/listinfo/knot-dns-users
