knot-dns-users Květen 2024

knot-dns-users@lists.nic.cz

6 participants
2 discussions

KNOT resolver and NS serverers with CNAME

by Josef Karliak

Good morning, ISC bind is strict about CNAME of NS server: skipping nameserver 'aa.bb.cz' because it is a CNAME, while resolving '9.4/4.3.2.1.in-addr.arpa/PTR'. How about Knot resolver ? Thanks and best regards J.Karliak

3 dny, 15 hodin

module 'mod-onlinesign/authsignal', incompatible with automatic signing

by Erwin Lansing

Howdy, I’m trying to get Knot 3.3.5 to use authenticated DNSSEC bootstrapping following the blog article and docs. However, I’m getting an error for the signalling zones, but I fail to figure out what I may have overlooked. error: [_signal.ns2.droso.dk <http://signal.ns2.droso.dk/>.] module 'mod-onlinesign/authsignal', incompatible with automatic signing Relevant knot.conf snippets (in order): policy: - id: ecc algorithm: ecdsap256sha256 nsec3: on rrsig-refresh: 7d mod-onlinesign: - id: authsignal nsec-bitmap: [CDS, CDNSKEY] policy: ecc template: - id: default … dnssec-signing: on dnssec-policy: ecc … zone: - domain: _signal.ns2.droso.dk <http://signal.ns2.droso.dk/> module: [mod-authsignal, mod-onlinesign/authsignal] Any hint appreciated Best Erwin

6 dní, 20 hodin

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

knot-dns-users Květen 2024