Re: [knot-dns-users] Best practices for knot inline DNSSEC signing and zone loading
* libor.peltan [2018-10-31 11:03]: > Please try purging the journal (or deleting it directly on the filesystem) > and restarting the server. Yeah, that worked... Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
Re: [knot-dns-users] Best practices for knot inline DNSSEC signing and zone loading
Please try purging the journal (or deleting it directly on the filesystem) and restarting the server. Dne 30.10.18 v 17:00 Sebastian Wiesinger napsal(a): * libor.peltan [2018-10-30 15:04]: Hi Sebastian, i don't see clearly what happened in your case. It seems for some reason the history stored in journal (just changes) was no longer appliable on the zonefile. Nothing terrible, just one annoying warning and a bit more annoying AXFR from slaves (instead of IXFR). Anyway, I would suggest trying `journal-content: all`, because it works better together with `zonefile-load: difference-no-serial` - the server can keep track of zone serials and changes even during server restart. I tried changing to journal-content: all which made the zone unloadable: Oct 30 16:57:17 alita knotd[16679]: warning: [dnssec-test.intern.] journal, discontinuity in changes history (1540915037 -> 1540814166), dropping older changesets Oct 30 16:57:17 alita knotd[16679]: error: [dnssec-test.intern.] zone event 'load' failed (value is out of range) I'm trying to figure out how to get out of this state again.. Regards Sebastian -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
Re: [knot-dns-users] (where) is the python control script packaged?
Hi Daniel, On 2018-10-30 19:22, Daniel Kahn Gillmor wrote: [reordering attributed text for chronological sanity] On Tue 2018-10-30 13:04:10 +0100, Daniel Salzman wrote: On 10/30/18 12:37 PM, Rick van Rein wrote: You/Daniel pointed me to the Python control library, but I cannot find it in the 2.7.3 packages -- is that forgotten, or am I missing it? The control library interface in Python is not a part of regular libknot packages. It can be found in Python's pip repository (libknot). Unfortunately, it's not up-to-date :-( For now you have to download it from the repository https://gitlab.labs.nic.cz/knot/knot-dns/tree/2.7/python/libknot or to get from corresponding source package https://secure.nic.cz/files/knot-dns/knot-2.7.3.tar.xz Perhaps we should be shipping this in the knot packages in debian? the first bullet point in debian/TODO is "package python3-libknot". Yes, if it became a python3-libknot package, it would definitely be welcome! Anyway I will try to update the pip package... Is there a reason that we shouldn't be producing python bindings from the same source package for debian? Then each new release would automatically push an updated libknot python package into debian. No, I don't know any reason for that. Your suggestion sound good. Is there any reason to prefer python2 here? I'm assuming that we want to prefer python3 for any new packages, given that py2 is eol relatively soon. Of course, python2 is dead ;-) Please consider python3 only. Thank you, Daniel --dkg -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
Re: [knot-dns-users] Best practices for knot inline DNSSEC signing and zone loading
* libor.peltan [2018-10-30 15:04]: > Hi Sebastian, > > i don't see clearly what happened in your case. It seems for some reason the > history stored in journal (just changes) was no longer appliable on the > zonefile. Nothing terrible, just one annoying warning and a bit more > annoying AXFR from slaves (instead of IXFR). Anyway, I would suggest trying > `journal-content: all`, because it works better together with > `zonefile-load: difference-no-serial` - the server can keep track of zone > serials and changes even during server restart. I tried changing to journal-content: all which made the zone unloadable: Oct 30 16:57:17 alita knotd[16679]: warning: [dnssec-test.intern.] journal, discontinuity in changes history (1540915037 -> 1540814166), dropping older changesets Oct 30 16:57:17 alita knotd[16679]: error: [dnssec-test.intern.] zone event 'load' failed (value is out of range) I'm trying to figure out how to get out of this state again.. Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users