[knot-dns-users] zonefile-load: difference

2019-01-20 Thread Volker Janzen
Hi, I want to use Ansible to deploy zone files to my Knot signer (hidden master). The zone files should be generated from the Ansible playbook data and will not contain any DNSSEC related information, just SOA, NS, A, , TXT and MX records. I'd like to use Knot DNSSEC auto-signing. I can

Re: [knot-dns-users] Question on ZSK rollover

2018-12-07 Thread Volker Janzen
delay: 1d", to make sure the zone has been propagated to all slaves. Best regards, Volker Am 2018-12-07 12:49, schrieb Ondřej Caletka: Dne 07. 12. 18 v 11:50 Volker Janzen napsal(a): When looking at the ZSK rollover timing, I notice that after two hours Knot stopped signing with t

Re: [knot-dns-users] Question on ZSK rollover

2018-12-07 Thread Volker Janzen
Hi all, I made a mistake in the subject, it should say "ZSK rollover". I have one addition to the problem: one recursive resolver started reporting these problems: Dec 6 18:58:14 Drizzt named[5884]: validating voja.de/SOA: no valid signature found Dec 6 18:58:14 Drizzt named[5884]:

[knot-dns-users] Question on KSK rollover

2018-12-07 Thread Volker Janzen
Hi all, one of my zones made a ZSK rollover yesterday. I had an some recursive resolvers validation errors at different times. This is the log output from knot of the rollover: Dec 6 17:16:48 a knotd[9924]: info: [voja.de.] DNSSEC, signing zone Dec 6 17:16:49 a knotd[9924]: info:

Re: [knot-dns-users] geoip secondary DNS with DNSSEC

2018-10-23 Thread Volker Janzen
Dear Mark, it is true that the method for creating a CSK is not explicitly mentioned in the documentation, we shall fix that. You can create a CSK using our keymgr utility by specifying both 'ksk=yes' and 'zsk=yes' parameters of the 'generate' command. E.g. $ keymgr -c /path/to/knot.conf

[knot-dns-users] geoip secondary DNS with DNSSEC

2018-10-19 Thread Volker Janzen
Hi all, I'd like to test the geoip module with a signed zone. The documentation recommends using manual mode for signing. As far as I know, the geoip information is not transferred via AXFR. That would mean, that I've to transfer the signing key to the secondary servers along with the geoip

Re: [knot-dns-users] KNOT Debian repository outdated

2018-08-21 Thread Volker Janzen
Hi Daniel, Yes, we know. However, the current docker is not suitable for advanced use or even for production. That's correct. The entrypoint did not even start. I needed to replace it with CMD /usr/local/sbin/knotd The exposed ports had another syntax error, it should be # Expose port

Re: [knot-dns-users] KNOT Debian repository outdated

2018-08-21 Thread Volker Janzen
Hi Daniel, All the official repositories are up-to-date now. To get the latest 2.7.1 version, use "https://deb.knot-dns.cz/knot-latest; instead. thank you. Next step is to rework our Dockerfile :-) Any requirements or comments are welcome! The current docker file appers to be broken. I

Re: [knot-dns-users] Fwd: Re: Edit zonefile

2017-09-06 Thread Volker Janzen
Hi Libor, thanks for your reply. > Am 06.09.2017 um 13:15 schrieb "libor.pel...@nic.cz" : > > Hi Volker, > thank you for your question. > > Your suggestion is almost correct, just a little correction: > > knotc zone-freeze $ZONE > # wait for possibly still running events

[knot-dns-users] Edit zonefile

2017-09-05 Thread Volker Janzen
Hi, I've setup knot to handle DNSSEC signing for a couple of zones. I like to update zonefiles on disk with an editor and I want to clarify which steps need to be performed to safely edit the zonefile on disk. I currently try this: knotc zone-freeze $ZONE knotc zone-flush $ZONE $EDITOR $ZONE

Re: [knot-dns-users] should NSEC3 be default?

2016-06-09 Thread Volker Janzen
Hi, I agree with Matthijs and vote NSEC, too. Regards Volker > Am 09.06.2016 um 10:48 schrieb Matthijs Mekking : > > Hi Jan, > >> On 09-06-16 10:26, Jan Včelák wrote: >> Hello guys, >> >> we are currently tuning the DNSSEC default parameters. And we haven't >>

Re: [knot-dns-users] Knot 2.x Installation instructions

2016-03-20 Thread Volker Janzen
-------- > > - Original Message - >> From: "Volker Janzen" <v...@voja.de> >> To: knot-dns-users@lists.nic.cz >> Sent: Wednesday, March 16, 2016 4:53:03 PM >> Subject: [knot-dns-users] Knot 2.x Installation instructions > >>

[knot-dns-users] Knot 2.x Installation instructions

2016-03-19 Thread Volker Janzen
Hi, I tried to install Knot 2.x deb on Debian Jessie. Following the instructions for Knot 2.x, I got Knot 1.6 installed. Any advice how to install Knot 2 deb on Jessie? Regards Volker ___ knot-dns-users mailing list knot-dns-users@lists.nic.cz

Re: [knot-dns-users] Knot 2.x Installation instructions

2016-03-19 Thread Volker Janzen
130 00 Praha 3, Czech Republic > mailto:ondrej.s...@nic.czhttps://nic.cz/ > -------- > > - Original Message - >> From: "Volker Janzen" <v...@voja.de> >> To: "Ondřej Surý" <ondrej.s...@nic.cz> &g

Re: [knot-dns-users] Knot Ubuntu update

2016-01-26 Thread Volker Janzen
.-- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.s...@nic.czhttps://nic.cz/ - Original Message - From: "Volker Janzen" <v...@voja.de> To: "Ondřej Surý" <ondrej.s...@nic.cz> Cc:

[knot-dns-users] Knot Ubuntu update

2016-01-22 Thread Volker Janzen
Hi, I did a "apt-get upgrade" on my Knot node. The package update fails with "Failed to initialize default key store (unknown error -13)." Can anyone tell me what that means? root@localhost:~# knotd --version knotd (Knot DNS), version 2.1.0 root@localhost:~# ps aux | grep knot knot