7 Dub
2016
7 Dub
'16
12:44
Do you have correct permissions on both /var/lib/knot and /var/lib/knot/domain.cz.keys?
That's the most common source of troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 5:29:39 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ; COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event 'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
Hi Josef,
please, try to run 'keymgr init' in your kasp-db directory (with the right
permissions).
Daniel
On 04/07/2016 09:02 AM, Josef Karliak wrote:
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users Good morning,
I've migrated to knot2, configuration file was migrated by knot1to2
tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
NSEC3). Knot2 is installed from suse dns server repo, version
"knot2-2.1.1-1.1.x86_64".
Error message:
Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event 'load'
failed (not found)
Part of the configuration file:
...
...
template:
- id: "default"
storage: "/var/lib/knot"
zone:
- domain: "domain.cz."
file: "domain.cz"
notify: "slave"
acl: "acl_slave"
semantic-checks: "on"
ixfr-from-differences: "on"
max-journal-size: "1073741824"
dnssec-signing: "on"
kasp-db: "/var/lib/knot/domain.cz.keys"
...
...
Directory "/var/lib/knot/domain.cz.keys" contains zone private and
public keys.
What did I missed ?
Thanks and best regards
J.Karliak