Hello Luveh,
this will backup the KASP DB and all private keys, unless they are
stored in a HSM, and nothing else:
knotc zone-backup +backupdir your_backup_directory +kaspdb +nozonefile
+nojournal +notimers +nocatalog
The details are described here:
https://www.knot-dns.cz/docs/3.1/html/man_knotc.html
This is new in 3.1, in previous versions, KASP DB and private keys
couldn't be backed up separately without the other data. Please don't
forget that the keys are stored in plain in the backup, i.e. in the same
way as Knot stores them in its repository.
Regards,
David
On 2021-08-11 21:39, Luveh Keraph wrote:
According to the documentation, one can back up the KASP using the
mdb_dump command. Now I understand things correctly, this will just
back up the public component of key pairs, plus some metadata for the
zones the public keys are associated with.
Are there any provisions in Knot concerning the backing up of the
private components of key pairs, or is this something that must be
done separately and within the context of whatever cryptographic
provider is used?
--
https://lists.nic.cz/mailman/listinfo/knot-dns-users
