On 12/22/21 1:36 PM, J. Echter wrote: > Hi Daniel, > > i have the same template settings in my master and slave (except for the > dnssec-signing/dnssec-policy on the slave) and no template set explicit > on the zones. > > For example: > > ns1: > > template: > - id: default > storage: "/var/lib/knot" > dnssec-signing: on > dnssec-policy: rsa2048 > global-module: [ "mod-cookies", "mod-rrl/default" ] > > ns2: > > template: > - id: default > storage: "/var/lib/knot" > global-module: [ "mod-cookies", "mod-rrl/default" ] > > If this is the inconsistency, then i was wrong about signing enabled > only on the master?
No, the signing is configured correctly. I have tried almost the same configuration and dnsviz didn't complain. It's strange. Daniel > > Thanks for your fast respone. > > Juergen > > Am 22.12.21 um 13:25 schrieb Daniel Salzman: >> Hi Juergen, >> >> The warning usually appears if the configuration of all nameservers is >> inconsistent. >> For example cookies are enabled on some nameservers only. >> >> Daniel >> >> On 12/22/21 1:07 PM, J. Echter wrote: >>> Hi, >>> >>> i have knot dns setup with dns cookie module enabled but if i check with >>> dnsviz.net i always get: >>> >>> The server appears to support DNS cookies but did not return a COOKIE >>> option. >>> >>> Relevant parts of my knot.conf: >>> >>> template: >>> >>> - id: default storage: "/var/lib/knot" >>> >>> dnssec-signing: on >>> >>> dnssec-policy: rsa2048 >>> >>> global-module: [ "mod-cookies", "mod-rrl/default" ] >>> >>> >>> mod-rrl: >>> >>> - id: default >>> >>> rate-limit: 200 >>> >>> slip: 2 >>> >>> >>> - domain: mydomain.de >>> >>> file: "/etc/knot/zones/mydomain.de.zone" >>> >>> notify: secondary >>> >>> acl: acl_secondary >>> >>> zonefile-load: difference >>> >>> >>> I thought about maybe it's the slip: 2, but that didn't change anything >>> if set to 1 >>> >>> >>> Do you guys see anything obvious causing this "issue"? >>> >>> >>> Thanks for your time >>> >>> Juergen >>> >>> >>> -- >>> > --
