Did that.
Thanks!
On 8/4/21 10:56 AM, Anand Buddhdev wrote:
Hi MJ,
If you're using the same Knot instance to host a mix of primary (signed)
and secondary zones, then I suggest you set "zonefile-load" to "none" in
your template, and then override it with "difference-no-serial" for the
primary
Hi MJ,
If you're using the same Knot instance to host a mix of primary (signed)
and secondary zones, then I suggest you set "zonefile-load" to "none" in
your template, and then override it with "difference-no-serial" for the
primary zones. Secondary zones don't need a zone file at all. Incoming
Hi Libor,
Thanks again for quick and accurate assistane.
It worked perfectly.
As I took the secondary config from
https://www.knot-dns.cz/docs/3.1/singlehtml/#secondary-slave-zone
should that perhaps be added in the config sample there..?
All the best!
MJ
On 8/3/21 10:20 PM, libor.peltan
Hi MJ,
maybe you want to set up zonefile-load to none?
https://www.knot-dns.cz/docs/3.1/singlehtml/index.html#zonefile-load
Thanks,
Libor
Dne 03. 08. 21 v 21:16 mj napsal(a):
Hi,
Sorry to come back again, but it seems we still have an issue:
Knot is not serving our secondary zones after
Hi,
Sorry to come back again, but it seems we still have an issue:
Knot is not serving our secondary zones after restarting, until we issue
a "knotc zone-retransfer sub3.company.com". Then it will start answering
queries for the zone.
A knot restart logs:
knotd[4436]: info:
Yes, we have liftoff!
Haha :-)
What quick and good help here on this mailinglist! *impressed*
Thank you, all!
MJ
On 03/08/2021 12:04, Daniel Salzman wrote:
Hi,
I think I know some medicine for your broken XFR ;-)
Try adding `no-edns: on` to the remote section of the MS primary server.
Hi,
I think I know some medicine for your broken XFR ;-)
Try adding `no-edns: on` to the remote section of the MS primary server. It's
an undocumented option for better interoperability with broken software.
It seems the option is still needed :-/
Daniel
On 8/3/21 11:11 AM, mj wrote:
> Hi,
>
Hi,
Yes, I'm positive, and I've tried kdig on all three subdomains, and they
all look fine:
root@knot:/var/lib/knot/zones# kdig AXFR sub3.company.com @1.2.3.4
;; AXFR for sub3.company.com.
... regular zone records stuff, nothing strange
;; Received 1914 B (23 messages, 23 records)
;;
Hi MJ,
the "trailing data" is quite a specific error. It means that the
incomming DNS packet does not comply with standards in the way that it
contains some garbage data after its end.
Are you sure that you are not getting this error when trying with kdig?
Could you try to capture the
On 03/08/2021 10:16, mj wrote:
I am also asking my colleages about more details and perhaps logs from
the windows side of things.
New info from their side:
On the windows 2019 side, the failing zone transfers are logged as
"Successful zone transfers"
So windows DNS is under the impression
On 02/08/2021 17:45, mj wrote:
Next up: configuring knot for the secondary zones that we host.
A follow-up question on the knot-as-secondary project.
Know has to be secondary (like bind was) for some external zones, hosted
on windows server 2019 dns. (they are just regular public dns zones,
Hi Anand and also Chris,
Thanks for your suggestions!
I implemented
journal-content: all
zonefile-load: difference-no-serial
zonefile-sync: -1
through the template and it worked perfectly.
Next up: configuring knot for the secondary zones that we host.
Thanks for the help again!
MJ
On
On 2021-08-02 08:23, Anand Buddhdev wrote:
On 02/08/2021 16:57, mj wrote:
Hi MJ,
We are testing migration from bind to knot, to implement dnssec. We like
many things about knot! Thank you for making it available!
This is great! You'll love Knot! I'm not a developer, but I use Knot,
and I
On 02/08/2021 16:57, mj wrote:
Hi MJ,
> We are testing migration from bind to knot, to implement dnssec. We like
> many things about knot! Thank you for making it available!
This is great! You'll love Knot! I'm not a developer, but I use Knot,
and I can provide some answers.
> 1) I wanted to
Hi,
We are testing migration from bind to knot, to implement dnssec. We like
many things about knot! Thank you for making it available!
So far many things work, but we do have some uncertainties. Hope they're
not too basic to ask here...
We are using ubuntu, knot 3.1.0, our static bind
15 matches
Mail list logo
