[knot-dns-users] Re: Chained catalog zones

Fri, 08 Mar 2024 00:07:39 -0800 

Hi Martin,

The error is definitely caused by a configuration check to prevent users from 
creating strange configurations :-D
We will revise the check as your configuration makes sense.

Daniel

On 3/7/24 22:00, Martin Huněk wrote:

Hi,

So I've tested chaining 2 catalog zones one after another and it failed with:

error: config, file '/etc/knot/knot.conf', line 95, section 
'zone[crb-m1-signed-catalog.]' ('catalog-role' in a catalog template)
error: failed to load configuration file '/etc/knot/knot.conf' (invalid 
parameter)

Here is the relevant part of the config file (not final by any means):
acl:
   - id: master_acl
     key: koncentrator
     action: notify

   - id: slave-01_acl
     key: dns-sl-01
     action: [transfer, notify]

template:
   - id: koncentrator-signed
     catalog-role: member
     catalog-zone: crb-k-signed-catalog.
     master: master
     acl: master_acl

   - id: master-template
     master: master
     acl: master_acl

zone:
   - domain: crb-k-signed-catalog.
     catalog-role: generate
     acl: slave-01_acl

   - domain: crb-m1-signed-catalog.
     template: master-template
     catalog-role: interpret
#    catalog-template: master-signed
     catalog-template: koncentrator-signed
     master: master
     acl: master_acl

Do anyone knows what is the problem?

Sincerely,
Martin

Dne sobota 17. února 2024 13:44:31 CET, Martin Huněk napsal(a):

Hi Libor, hi David,

Thank you for a confirmation. I'll try to configure it and I'll let you know 
how it goes.

Martin

Dne pátek 16. února 2024 18:05:12 CET, libor.peltan napsal(a):

Hi Martin,

It's possible to configure Knot in the way that it consumes one or more
catalog zones, and generates another catalog zone, in the way that the
members of the consumed one(s) become members of the produced one. This
can be achieved by carefully preparing and assigning configuration
templates to the members of the consumed catalog.

However, I'd be tentative to construct a production environment this way :)

Libor

Dne 18. 10. 23 v 10:14 Martin Huněk napsal(a):

Hi folks,

Is it possible to chain multiple upstream catalog zones into one downstream one?

I do have the following topology:

Multiple DNS hidden masters <-> DNS signer / DNS master for public facing slaves 
<-> public facing slaves

Can I define catalog zones on hidden masters and use them on public-facing 
signer/master to compose a catalog zone for the slaves?

Best Regards,
Martin Hunek
Freenet Liberec, z.s.


--

--







--

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

--

Reply via email to