i have had a fun day chasing diags of the form
```
2024-06-22T18:32:57.305472+00:00 ns knotd[24354]: info: [foo.com.] control, received command 'zone-reload'
2024-06-22T18:32:57.307532+00:00 ns knotd[24354]: info: [foo.com.] zone file parsed, serial 1719081134
2024-06-22T18:32:57.307669+00:00 ns knotd[24354]: warning: [foo.com.] zone file changed with decreased SOA serial
2024-06-22T18:32:57.307828+00:00 ns knotd[24354]: error: [foo.com.] zone event 'load' failed (value is out of range)
```
i have the following hypothesis:
- `serial-policy: unixtime` is configured in `/etc/knot/knot.conf`.
- emacs dns-mode sets the SOA serial to the current unixtime when one
saves the zone file
- a few seconds later, i do `knotc zone sign` and `knotc zone-reload`
- knot then says "you have manually specified a new serial, but it is
less than the current unixtime; i.e. you are trying to go backward.
bad geek!"
- i.e. knot did not like me mucking with the SOA serial in the zone
file when `serial-policy: unixtime` was configured.
i tested this hypothesis by putting the serial from the server's current
SOA in the zone file and doing sign & reload. it succeeded, and the new
zone in all servers is the unixtime of the signing, not of the zone
file.
my current conclusion is: do not have both emacs dns-mode with
`serial-policy: unixtime`; use only one or t'other.
especially if doing RFC 1982 serial stepping, remember to first turn off
`serial-policy: unixtime` and `knotc reload`.
does this make sense?
randy
Good morning,
is there some tool to migrate configuration from Knot 2.2 to actual
3.3.x ? There are some configuration changes, they're so far so good,
but I'm stuck on migrating DNSSEC keys now.
Thanks and best regards.
J.Karliak