1 Říj
2020
1 Říj
'20
13:34
Hello Libor,
thanks for the fast and clarifying response.
Am 01.10.20 um 11:14 schrieb libor.peltan:
First of all, generating/updating catalog zone
according to primary server
configuration (that means: you change configuration e.g. by 'knotc conf-set',
and the catalog zone would be updated automatically), is not implemented yet
in Knot DNS 3.0. This will be 'catalog-role:generate' in some of the future
versions. For now, you can only create and update the catalog zone by
yourself, probably by similar means as you are used to create/update the
primary server's configuration file.
Ok, the version dot 0 problem ;-)
I can see that you, at the primary server, configured
the zone
dom-siew9tho.invalid. by both configuration file and catalog zone, creating a
conflict. Probably Knot warned you about this in the log.
This was on of the trail and error steps. My first assumption was exactly
this, that you do not need to add the new zone via "conf-set zone.domain ...".
I will remove that from the config.
The expected usage of current implementation of
catalog zone is that, you put
the list of member zones only in the catalog zone, and not mention them in
neither primary's nor secondary's configuration file. Both servers will
interpret the same catalog zone. Just configure the templates carefully, so
that the primary will be a "master" for the member zones, and the secondary a
"slave".
Ok, so my showstopper seems to be the missing parts of master/notify and acl
entries in the template "catalog-zone-template"?
How do i query the config of the member zones, except to query the catalog zone?
The acl/remotes on primary and secondary are set:
primary:
template:
- id: "catalog-zone-template"
storage: "/var/lib/knot/zones"
file: "%s"
notify: [ "ns1.frank.REDACTED.DOM", "ns2.frank.REDACTED.DOM" ]
acl: [ "ns1.frank.REDACTED.DOM", "ns2.frank.REDACTED.DOM" ]
semantic-checks: "on"
dnssec-signing: "off"
serial-policy: "unixtime"
kasp-db: "/var/lib/knot/kasp-db"
- id: "default"
global-module: "mod-cookies/default"
storage: "/var/lib/knot/zones"
file: "%s"
semantic-checks: "on"
dnssec-signing: "off"
serial-policy: "unixtime"
kasp-db: "/var/lib/knot/kasp-db"
zone:
- domain: "zone.catalog."
file: "%s"
notify: [ "ns1.frank.REDACTED.DOM", "ns2.frank.REDACTED.DOM" ]
acl: [ "ns1.frank.REDACTED.DOM", "ns2.frank.REDACTED.DOM" ]
catalog-role: "interpret"
catalog-template: "catalog-zone-template"
secondary (ns1/ns2):
template:
- id: "catalog-zone-template"
storage: "/var/lib/knot/zones"
file: "%s"
master: "nshp.frank.REDACTED.DOM"
acl: "nshp.frank.REDACTED.DOM"
semantic-checks: "on"
dnssec-signing: "off"
serial-policy: "unixtime"
kasp-db: "/var/lib/knot/kasp-db"
- id: "default"
global-module: "mod-cookies/default"
storage: "/var/lib/knot/zones"
file: "%s"
semantic-checks: "on"
dnssec-signing: "off"
serial-policy: "unixtime"
kasp-db: "/var/lib/knot/kasp-db"
zone:
- domain: "zone.catalog."
file: "%s"
master: "nshp.frank.REDACTED.DOM"
acl: "nshp.frank.REDACTED.DOM"
catalog-role: "interpret"
catalog-template: "catalog-zone-template"
After that, i try to create new zone:
root@nshp:~# su -c "/usr/bin/knotc zone-read
zone.catalog" knot
[zone.catalog.] zone.catalog. 60 NS nshp.frank.REDACTED.DOM.
[zone.catalog.] zone.catalog. 60 SOA nshp.frank.REDACTED.DOM. hostmaster.REDACTED.DOM.
1601550797 16384 2048 1048576 2560
[zone.catalog.] id-41dc0b92-e73d-5112-ad4d-dc362d6fd993.zone.catalog. 0 PTR zone.check.
[zone.catalog.] id-iechaag4deo9kogahfee.zone.catalog. 0 PTR dom-watooc9i.invalid.
[zone.catalog.] version.zone.catalog. 0 TXT "2"
root@nshp:~# export DOM="dom-watooc9i.invalid"
root@nshp:~# cat<<EOZ | su -c /usr/bin/knotc knot
zone-begin ${DOM%.}.
zone-set ${DOM%.}. @ 60 SOA nshp.frank.REDACTED.DOM. hostmaster.REDACTED.DOM. 1 16384
2048 1048576 2560
zone-set ${DOM%.}. @ 60 NS nshp.frank.REDACTED.DOM.
zone-commit ${DOM%.}.
EOZ
error: [dom-watooc9i.invalid.] (no such zone found)
error: (no such zone found) [dom-watooc9i.invalid.] @ 60 SOA nshp.frank.REDACTED.DOM.
hostmaster.REDACTED.DOM. 1 16384 2048 1048576 2560
error: (no such zone found) [dom-watooc9i.invalid.] @ 60 NS nshp.frank.REDACTED.DOM.
error: [dom-watooc9i.invalid.] (no such zone found)
What i'm missing? My understanding was, the adding a PTR rr will create a new
zone with the referenced catalog-template "catalog-zone-template", that i'm
able to add directly rr's to this zone. But, as you can see, this failed.
I hope I made it somewhat clearer,
Absolutly, yes ;-)
- frank
--
Frank Matthieß Mail: frank.matthiess(a)virtion.de
phone: +49 521 44 81 58 17
GnuPG: 9F81 BD57 C898 6059 86AA 0E9B 6B23 DE93 01BB 63D1
virtion GmbH Südring 11, DE 33647 Bielefeld
Geschäftsführer: Michael Kutzner
Handelsregister HRB 40374, Amtsgericht Bielefeld, USt-IdNr.: DE278312983