[knot-dns-users] Re: Chained catalog zones

Thu, 07 Mar 2024 13:37:07 -0800 

Hi,

So I've tested chaining 2 catalog zones one after another and it failed with:

error: config, file '/etc/knot/knot.conf', line 95, section 
'zone[crb-m1-signed-catalog.]' ('catalog-role' in a catalog template)
error: failed to load configuration file '/etc/knot/knot.conf' (invalid 
parameter)

Here is the relevant part of the config file (not final by any means):
acl:
  - id: master_acl
    key: koncentrator
    action: notify

  - id: slave-01_acl
    key: dns-sl-01
    action: [transfer, notify]

template:
  - id: koncentrator-signed
    catalog-role: member
    catalog-zone: crb-k-signed-catalog.
    master: master
    acl: master_acl

  - id: master-template
    master: master
    acl: master_acl

zone:
  - domain: crb-k-signed-catalog.
    catalog-role: generate
    acl: slave-01_acl

  - domain: crb-m1-signed-catalog.
    template: master-template
    catalog-role: interpret
#    catalog-template: master-signed
    catalog-template: koncentrator-signed
    master: master
    acl: master_acl

Do anyone knows what is the problem?

Sincerely,
Martin

Dne sobota 17. února 2024 13:44:31 CET, Martin Huněk napsal(a):
> Hi Libor, hi David,
> 
> Thank you for a confirmation. I'll try to configure it and I'll let you know 
> how it goes.
> 
> Martin
> 
> Dne pátek 16. února 2024 18:05:12 CET, libor.peltan napsal(a):
> > Hi Martin,
> > 
> > It's possible to configure Knot in the way that it consumes one or more 
> > catalog zones, and generates another catalog zone, in the way that the 
> > members of the consumed one(s) become members of the produced one. This 
> > can be achieved by carefully preparing and assigning configuration 
> > templates to the members of the consumed catalog.
> > 
> > However, I'd be tentative to construct a production environment this way :)
> > 
> > Libor
> > 
> > Dne 18. 10. 23 v 10:14 Martin Huněk napsal(a):
> > > Hi folks,
> > >
> > > Is it possible to chain multiple upstream catalog zones into one 
> > > downstream one?
> > >
> > > I do have the following topology:
> > >
> > > Multiple DNS hidden masters <-> DNS signer / DNS master for public facing 
> > > slaves <-> public facing slaves
> > >
> > > Can I define catalog zones on hidden masters and use them on 
> > > public-facing signer/master to compose a catalog zone for the slaves?
> > >
> > > Best Regards,
> > > Martin Hunek
> > > Freenet Liberec, z.s.
> > >
> > >
> > > --
> > --
> > 
> 
>

Attachment: signature.asc
Description: This is a digitally signed message part.

--

Reply via email to