7 Dub
2016
7 Dub
'16
14:49
Hi,
I installed knot2 to my computer and imported knot1 configuration and
migrated it to 2. Also I've copied zone files from our real server.
The problem is the same, so I think I missed some step. :-/
I send you an attachment to your email, there is a configuration and
knot's run dir.
Thanks and best regards
J.K.
Could you send us your full configuration and keys
directory, just make
sure you don't send any sensitive material, f.e. empty the .pem files (but
include a list of them).
O.
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 8:26:33 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Yes,
the directory is the same from knot 1.6., it worked all fine, keys are
in the same place... And knot is an owner, it is a one of first that I
checked :-/
Best regards
J.K.
Do you have correct permissions on both
/var/lib/knot and
/var/lib/knot/domain.cz.keys? That's the most common source of
troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 5:29:39 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ;
COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed
to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event
'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've
running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
> Hi Josef,
>
> please, try to run 'keymgr init' in your kasp-db directory (with the
> right
> permissions).
>
> Daniel
>
> On 04/07/2016 09:02 AM, Josef Karliak wrote:
>> Good morning,
>> I've migrated to knot2, configuration file was migrated by
>> knot1to2
>> tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
>> NSEC3). Knot2 is installed from suse dns server repo, version
>> "knot2-2.1.1-1.1.x86_64".
>> Error message:
>> Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration
>> file
>> '/etc/knot/knot.conf'
>> Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
>> Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
>> semantic check, completed
>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC,
>> failed
>> to
>> initialize (not found)
>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to
>> store
>> changes into journal (not found)
>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event
>> 'load'
>> failed (not found)
>>
>>
>> Part of the configuration file:
>> ...
>> ...
>> template:
>> - id: "default"
>> storage: "/var/lib/knot"
>>
>> zone:
>> - domain: "domain.cz."
>> file: "domain.cz"
>> notify: "slave"
>> acl: "acl_slave"
>> semantic-checks: "on"
>> ixfr-from-differences: "on"
>> max-journal-size: "1073741824"
>> dnssec-signing: "on"
>> kasp-db: "/var/lib/knot/domain.cz.keys"
>>
>> ...
>> ...
>>
>> Directory "/var/lib/knot/domain.cz.keys" contains zone private
>> and
>> public keys.
>>
>> What did I missed ?
>> Thanks and best regards
>> J.Karliak
>>
>>
>
>
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users