Hi Rob,
It's a regression. Funny enough, caused by the commit optimization for you :-D
Daniel
On 10/1/25 14:10, Robert Mueller wrote:
Hi
We recently tried to upgrade to knot 3.5.0, but ran into a problem. It appears
zones added via |conf-set include| are not working until knot is reloaded.
So to reduce calls to knotc when inserting a number of domains, we build a
config fragment and then use |knotc conf-set include fragment.conf| to load it
With 3.4.8 this worked fine. For example:
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
status version
3.4.8
# dig +short foo.com @10.37.129.215 SOA
# cat > /local/knot_dns/zones/foo.com.zone <<EOF
foo.com. 3600 IN SOA ( ns1.fastmaildev.com.
postmaster.fastmaildev.com.
2025091802 ;serial
86133 ;refresh
600 ;retry
1209600 ;expire
3600 ;minimum
)
foo.com. 3600 IN NS ns1.fastmaildev.com.
foo.com. 3600 IN NS ns2.fastmaildev.com.
EOF
# cat > /tmp/zone.conf <<EOF
zone:
- domain: foo.com
template: "default"
EOF
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
conf-begin
OK
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
conf-set include /tmp/zone.conf
OK
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
conf-commit
OK
# dig +short foo.com @10.37.129.215 SOA
ns1.fastmaildev.com. postmaster.fastmaildev.com. 2025091802 86133 600 1209600
3600
As you can see, immediately after the |conf-commit|, the zone can be queried
via dig.
However this doesn't work in 3.5.0.
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
status version
3.5.0
# dig +short foo2.com @10.37.129.215 SOA
# cat > /local/knot_dns/zones/foo2.com.zone <<EOF
foo2.com. 3600 IN SOA ( ns1.fastmaildev.com.
postmaster.fastmaildev.com.
2025091802 ;serial
86133 ;refresh
600 ;retry
1209600 ;expire
3600 ;minimum
)
foo2.com. 3600 IN NS ns1.fastmaildev.com.
foo2.com. 3600 IN NS ns2.fastmaildev.com.
EOF
# cat > /tmp/zone.conf <<EOF
zone:
- domain: foo2.com
template: "default"
EOF
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
conf-begin
OK
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
conf-set include /tmp/zone.conf
OK
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
conf-commit
OK
# dig +short foo2.com @10.37.129.215 SOA
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
zone-status foo2.com
error: [foo2.com] (no such zone found)
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
zone-reload foo2.com
error: [foo2.com] (no such zone found)
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
zone-check foo2.com
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
reload
Reloaded
# dig +short foo2.com @10.37.129.215 SOA
ns1.fastmaildev.com. postmaster.fastmaildev.com. 2025091802 86133 600 1209600
3600
# /opt/knot/sbin/knotc -C /local/knot_dns/conf/ -s /run/knot_dns/knot_dns.sock
zone-status foo2.com
[foo2.com.] role: master | serial: 2025091802
As you can see, after the |conf-commit| the zone isn't visible in knot at all,
either via dig or even via knotc commands |zone-status| or |zone-reload|.
However immediately after a knot server |reload|, it does become visible.
This feels like a bug and regression in 3.5.0 to me, or am I holding something
wrong?
Rob Mueller
[email protected] <mailto:[email protected]>
--
--
