30 Říj
2018
30 Říj
'18
15:04
Hi Sebastian,
i don't see clearly what happened in your case. It seems for some reason
the history stored in journal (just changes) was no longer appliable on
the zonefile. Nothing terrible, just one annoying warning and a bit more
annoying AXFR from slaves (instead of IXFR). Anyway, I would suggest
trying `journal-content: all`, because it works better together with
`zonefile-load: difference-no-serial` - the server can keep track of
zone serials and changes even during server restart.
For me this is a clear signal to work on some extension of zone load
logging.
Libor
Dne 29.10.18 v 16:30 Sebastian Wiesinger napsal(a):
* libor.peltan <libor.peltan(a)nic.cz> [2018-10-29
16:20]:
2) No, "discontinuity in changes
history" is not expected. Could you please
describe what did you do before such warning appeared, with longer snippets
of the log? In any case, there is no need to be scared of journal getting
full, once you read the documentation ;)
https://www.knot-dns.cz/docs/2.7/singlehtml/index.html#journal-behaviour
I
restarted the server after upgrading it from 2.7.2 to 2.7.3:
Oct 29 10:04:21 alita knotd[8410]: info: stopping server
Oct 29 10:04:21 alita knotd[8410]: info: updating persistent timer DB
Oct 29 10:04:22 alita knotd[8410]: info: shutting down
Oct 29 10:04:22 alita knotd[18283]: info: Knot DNS 2.7.3 starting
Oct 29 10:04:22 alita knotd[18283]: info: binding to interface 127.0.0.1@5354
Oct 29 10:04:22 alita knotd[18283]: info: binding to interface ::1@5354
Oct 29 10:04:22 alita knotd[18283]: info: changing GID to 147
Oct 29 10:04:22 alita knotd[18283]: info: changing UID to 143
Oct 29 10:04:22 alita knotd[18283]: info: process not allowed to set capabilities,
skipping
Oct 29 10:04:22 alita knotd[18283]: info: loading 2 zones
Oct 29 10:04:22 alita knotd[18283]: info: [example.com.] zone will be loaded
Oct 29 10:04:22 alita knotd[18283]: info: [dnssec-test.intern.] zone will be loaded
Oct 29 10:04:22 alita knotd[18283]: info: starting server
Oct 29 10:04:22 alita knotd[18283]: info: [dnssec-test.intern.] DNSSEC, key, tag 41236,
algorithm RSASHA256, KSK, public, active
Oct 29 10:04:22 alita knotd[18283]: info: [dnssec-test.intern.] DNSSEC, key, tag 49126,
algorithm RSASHA256, public, active
Oct 29 10:04:22 alita knotd[18283]: info: [example.com.] DNSSEC, key, tag 38882,
algorithm RSASHA256, KSK, public, active
Oct 29 10:04:22 alita knotd[18283]: info: [example.com.] DNSSEC, key, tag 3505,
algorithm RSASHA256, public, active
Oct 29 10:04:22 alita knotd[18283]: info: [dnssec-test.intern.] DNSSEC, signing started
Oct 29 10:04:22 alita knotd[18283]: info: [dnssec-test.intern.] DNSSEC, successfully
signed
Oct 29 10:04:22 alita knotd[18283]: warning: [dnssec-test.intern.] journal, discontinuity
in changes history (1540307365 -> 28), dropping older changesets
Oct 29 10:04:23 alita knotd[18283]: info: [example.com.] DNSSEC, signing started
Oct 29 10:04:23 alita knotd[18283]: info: [example.com.] DNSSEC, zone is up-to-date
Oct 29 10:04:23 alita knotd[18283]: warning: [example.com.] with automatic DNSSEC signing
and outgoing transfers enabled, 'zonefile-load: difference' should be set to avoid
mal
Oct 29 10:04:23 alita knotd[18283]: info: [example.com.] loaded, serial 1540737051, 4960
bytes
Oct 29 10:04:23 alita knotd[18283]: info: [example.com.] DNSSEC, next signing at
2018-10-31T14:00:50
Oct 29 10:04:24 alita knotd[18283]: info: [dnssec-test.intern.] loaded, serial
1540803862, 2788 bytes
Oct 29 10:04:24 alita knotd[18283]: info: [dnssec-test.intern.] DNSSEC, next signing at
2018-11-05T10:04:22
Serial 28 is the serial from the (unsigned) master file.
Regards
Sebastian