Hi,
I want to use Ansible to deploy zone files to my Knot signer (hidden
master). The zone files should be generated from the Ansible playbook
data and will not contain any DNSSEC related information, just SOA, NS,
A, , TXT and MX records. I'd like to use Knot DNSSEC auto-signing. I
can
delay: 1d", to
make sure the zone has been propagated to all slaves.
Best regards,
Volker
Am 2018-12-07 12:49, schrieb Ondřej Caletka:
Dne 07. 12. 18 v 11:50 Volker Janzen napsal(a):
When looking at the ZSK rollover timing, I notice that after two hours
Knot stopped signing with t
Hi all,
I made a mistake in the subject, it should say "ZSK rollover".
I have one addition to the problem: one recursive resolver started
reporting these problems:
Dec 6 18:58:14 Drizzt named[5884]: validating voja.de/SOA: no valid
signature found
Dec 6 18:58:14 Drizzt named[5884]:
Hi all,
one of my zones made a ZSK rollover yesterday. I had an some recursive
resolvers validation errors at different times. This is the log output
from knot of the rollover:
Dec 6 17:16:48 a knotd[9924]: info: [voja.de.] DNSSEC, signing zone
Dec 6 17:16:49 a knotd[9924]: info:
Dear Mark,
it is true that the method for creating a CSK is not explicitly
mentioned in the documentation, we shall fix that. You can create a
CSK using our keymgr utility by specifying both 'ksk=yes' and
'zsk=yes' parameters of the 'generate' command. E.g.
$ keymgr -c /path/to/knot.conf
Hi all,
I'd like to test the geoip module with a signed zone. The documentation
recommends using manual mode for signing. As far as I know, the geoip
information is not transferred via AXFR. That would mean, that I've to
transfer the signing key to the secondary servers along with the geoip
Hi Daniel,
Yes, we know. However, the current docker is not suitable for advanced
use or even for production.
That's correct. The entrypoint did not even start. I needed to replace
it with
CMD /usr/local/sbin/knotd
The exposed ports had another syntax error, it should be
# Expose port
Hi Daniel,
All the official repositories are up-to-date now. To get the latest
2.7.1 version,
use "https://deb.knot-dns.cz/knot-latest; instead.
thank you.
Next step is to rework our Dockerfile :-) Any requirements or comments
are welcome!
The current docker file appers to be broken. I
Hi Libor,
thanks for your reply.
> Am 06.09.2017 um 13:15 schrieb "libor.pel...@nic.cz" :
>
> Hi Volker,
> thank you for your question.
>
> Your suggestion is almost correct, just a little correction:
>
> knotc zone-freeze $ZONE
> # wait for possibly still running events
Hi,
I've setup knot to handle DNSSEC signing for a couple of zones. I like to
update zonefiles on disk with an editor and I want to clarify which steps need
to be performed to safely edit the zonefile on disk.
I currently try this:
knotc zone-freeze $ZONE
knotc zone-flush $ZONE
$EDITOR $ZONE
Hi,
I agree with Matthijs and vote NSEC, too.
Regards
Volker
> Am 09.06.2016 um 10:48 schrieb Matthijs Mekking :
>
> Hi Jan,
>
>> On 09-06-16 10:26, Jan Včelák wrote:
>> Hello guys,
>>
>> we are currently tuning the DNSSEC default parameters. And we haven't
>>
--------
>
> - Original Message -
>> From: "Volker Janzen" <v...@voja.de>
>> To: knot-dns-users@lists.nic.cz
>> Sent: Wednesday, March 16, 2016 4:53:03 PM
>> Subject: [knot-dns-users] Knot 2.x Installation instructions
>
>>
Hi,
I tried to install Knot 2.x deb on Debian Jessie. Following the instructions
for Knot 2.x, I got Knot 1.6 installed. Any advice how to install Knot 2 deb on
Jessie?
Regards
Volker
___
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
130 00 Praha 3, Czech Republic
> mailto:ondrej.s...@nic.czhttps://nic.cz/
> --------
>
> - Original Message -
>> From: "Volker Janzen" <v...@voja.de>
>> To: "Ondřej Surý" <ondrej.s...@nic.cz>
&g
.-- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.s...@nic.czhttps://nic.cz/
- Original Message -
From: "Volker Janzen" <v...@voja.de>
To: "Ondřej Surý" <ondrej.s...@nic.cz>
Cc:
Hi,
I did a "apt-get upgrade" on my Knot node.
The package update fails with "Failed to initialize default key store
(unknown error -13)."
Can anyone tell me what that means?
root@localhost:~# knotd --version
knotd (Knot DNS), version 2.1.0
root@localhost:~# ps aux | grep knot
knot
16 matches
Mail list logo