On 12/22/21 1:36 PM, J. Echter wrote:
Hi Daniel,
i have the same template settings in my master and slave (except for the
dnssec-signing/dnssec-policy on the slave) and no template set explicit
on the zones.
For example:
ns1:
template:
- id: default
storage: "/var/lib/knot"
dnssec-signing: on
dnssec-policy: rsa2048
global-module: [ "mod-cookies", "mod-rrl/default" ]
ns2:
template:
- id: default
storage: "/var/lib/knot"
global-module: [ "mod-cookies", "mod-rrl/default" ]
If this is the inconsistency, then i was wrong about signing enabled
only on the master?
No, the signing is configured correctly.
I have tried almost the same configuration and dnsviz didn't complain. It's
strange.
Daniel
Thanks for your fast respone.
Juergen
Am 22.12.21 um 13:25 schrieb Daniel Salzman:
Hi Juergen,
The warning usually appears if the configuration of all nameservers is inconsistent.
For example cookies are enabled on some nameservers only.
Daniel
On 12/22/21 1:07 PM, J. Echter wrote:
> Hi,
>
> i have knot dns setup with dns cookie module enabled but if i check with
>
dnsviz.net i always get:
>
> The server appears to support DNS cookies but did not return a COOKIE
> option.
>
> Relevant parts of my knot.conf:
>
> template:
>
> - id: default storage: "/var/lib/knot"
>
> dnssec-signing: on
>
> dnssec-policy: rsa2048
>
> global-module: [ "mod-cookies", "mod-rrl/default" ]
>
>
> mod-rrl:
>
> - id: default
>
> rate-limit: 200
>
> slip: 2
>
>
> - domain: mydomain.de
>
> file: "/etc/knot/zones/mydomain.de.zone"
>
> notify: secondary
>
> acl: acl_secondary
>
> zonefile-load: difference
>
>
> I thought about maybe it's the slip: 2, but that didn't change anything
> if set to 1
>
>
> Do you guys see anything obvious causing this "issue"?
>
>
> Thanks for your time
>
> Juergen
>
>
> --
>