Hi Matt,
On 2/16/22 22:56, Matthew Pounsett wrote:
I'm trying to find a way to poll for any zones where knot is currently
waiting on DS submission to the parent.
I'm aware of the structured logging sent to systemd-journald but I see
this as not particularly useful for monitoring, as the event could be
missed by a dead daemon, bug in code, etc. I'd much prefer to be able
to actively monitor states by polling.
You won't miss the event as it's logged repeatedly - whenever the zone signing
event is started.
Knot DNS 3.1.6 offers another possibility. If you enable `server.dbus-event:
ksk-submission`,
you can listen on the system D-Bus for a specific signal
(https://www.knot-dns.cz/docs/3.1/singlehtml/index.html#dbus-event).
A few sample client scripts can be found here
https://gitlab.nic.cz/knot/knot-dns/-/tree/master/samples
It looks like the only way I can do that right now is to run `keymgr
list` and analyze the output. If I'm reading the documentation
correctly, all I need to look for is a key that is `ksk=yes`, `ready
!= 0`, and `active = 0`.
That is correct.
Does that seem correct? Am I missing something simpler? :)
--
Also if you need to know the submission state for manual DS propagation, you
can use
https://www.knot-dns.cz/docs/3.1/singlehtml/index.html#ds-push
(One recent blog post on this topic
https://www.root.cz/clanky/knot-dns-dalsi-funkce-souvisejici-s-dnssec/ . Sorry
for the Czech version :-))
Daniel
--
