Hi, release from today fixed the issue.
Thanks and have a nice evening/day! Juergen Am 22.12.21 um 13:55 schrieb Daniel Salzman:
On 12/22/21 1:36 PM, J. Echter wrote:Hi Daniel, i have the same template settings in my master and slave (except for the dnssec-signing/dnssec-policy on the slave) and no template set explicit on the zones. For example: ns1: template: - id: default storage: "/var/lib/knot" dnssec-signing: on dnssec-policy: rsa2048 global-module: [ "mod-cookies", "mod-rrl/default" ] ns2: template: - id: default storage: "/var/lib/knot" global-module: [ "mod-cookies", "mod-rrl/default" ] If this is the inconsistency, then i was wrong about signing enabled only on the master?No, the signing is configured correctly. I have tried almost the same configuration and dnsviz didn't complain. It's strange. DanielThanks for your fast respone. Juergen Am 22.12.21 um 13:25 schrieb Daniel Salzman:Hi Juergen, The warning usually appears if the configuration of all nameservers is inconsistent. For example cookies are enabled on some nameservers only. Daniel On 12/22/21 1:07 PM, J. Echter wrote:Hi, i have knot dns setup with dns cookie module enabled but if i check with dnsviz.net i always get: The server appears to support DNS cookies but did not return a COOKIE option. Relevant parts of my knot.conf: template: - id: default storage: "/var/lib/knot" dnssec-signing: on dnssec-policy: rsa2048 global-module: [ "mod-cookies", "mod-rrl/default" ] mod-rrl: - id: default rate-limit: 200 slip: 2 - domain: mydomain.de file: "/etc/knot/zones/mydomain.de.zone" notify: secondary acl: acl_secondary zonefile-load: difference I thought about maybe it's the slip: 2, but that didn't change anything if set to 1 Do you guys see anything obvious causing this "issue"? Thanks for your time Juergen --
smime.p7s
Description: S/MIME Cryptographic Signature
--
