13 Čec
2023
13 Čec
'23
11:04
Hi Jan-Piet,
thank you for reaching us.
Let me start with an explanation. Whereas `catalog-role: generate`
replaces zone file loading, making the `zonefile-load` configuration
option irrelevant, it still allows zone file writing, which is
controlled by `zonefile-sync` option, defaulting to 0 (i.e. immediate).
For the sake of understandability, we decided this default not to be
altered by `catalog-role` setting.
So Knot still tries to write the generated zone file (despite not trying
to read it ever), which fails for some reason in your setup, probably
due to filesystem permissions.
I guess you just need to set `zonefile-sync: -1` for the generated
catalog zone explicitly.
Cheers,
Libor
Dne 13. 07. 23 v 6:41 Jan-Piet Mens napsal(a):
Hello!
I have here a catalog zone with roughly 230 member zones in it, and I
occasionally see the following warning/error in the log:
2023-07-12T18:01:17+0200 warning: [k-catalog.] failed to update zone
file (operation not permitted)
2023-07-12T18:01:17+0200 error: [k-catalog.] zone event 'flush' failed
(operation not permitted)
The catalog itself appears to work correctly; it's transferred to
secondary
BIND servers and they correctly process member zones.
template:
- id: default
storage: "..."
zonefile-load: difference
file: "%s"
serial-policy: dateserial
master: pdns
catalog-role: member
catalog-zone: k-catalog
acl: [ xfr, notify_from_pdns, xfer_to_bind ]
- id: catzonetemplate
catalog-role: generate
acl: xfer_to_bind
zone:
- domain: k-catalog
semantic-checks: off
template: catzonetemplate
journal-content: none
acl: [ xfr, xfer_to_bind ]
While pasting the configuration it occurs to me it might be due to
there not
being a 'backing' file for the catalog. Is that the problem? Is it even
possible on a catalog-role:generate to have a file?
Thanks for your help.
-JP
--