9 Pro
2020
9 Pro
'20
13:34
Hi Thomas,
would you try attaching `strace` to the running Knot and try the backup
again, in order to see if some syscall(s) return error codes?
Thanks much!
Libor
Dne 09. 12. 20 v 12:25 Thomas E. napsal(a):
Hi Libor,
# knotc -V
knotc (Knot DNS), version 3.0.2
Thomas
On 09.12.20 12:16, libor.peltan wrote:
> Hi Thomas,
>
> aren't you using Knot version 3.0.0 (thus lower than 3.0.1) ?
>
> Libor
>
> Dne 09. 12. 20 v 11:39 Thomas E. napsal(a):
>> Hi Libor,
>>
>> I deleted the backup directory a few times, but I receive the same error
>> every time:
>>
>> 2020-12-09T10:31:52+0000 info: control, received command 'zone-backup'
>> 2020-12-09T10:31:52+0000 warning: [xxx.] zone backup failed (not exists)
>> 2020-12-09T10:31:52+0000 error: [xxx.] zone event 'backup/restore'
>> failed (not exists)
>> 2020-12-09T10:31:52+0000 warning: [yyy.] zone backup failed (not exists)
>> 2020-12-09T10:31:52+0000 error: [yyy.] zone event 'backup/restore'
>> failed (not exists)
>>
>>
>>
>> One of the keys is the ZSK of zone xxx and the oterh the KSKS of zone
>> yyy.
>>
>>
>> root@signer-0:/# keymgr xxx list human | grep
>> 1fb3900b2e5ac72d30f927016ea4546ca561a5da
>>
>> 1fb3900b2e5ac72d30f927016ea4546ca561a5da ksk=no zsk=yes tag=39969
>> algorithm=7 size=1024 public-only=no pre-active=0
>> publish=-1M3D17h49m4s ready=0 active=-1M3D17h49m4s retire-active=0
>> retire=0 post-active=0 revoke=0 remove=0
>>
>>
>> root@signer-0:/# keymgr yyy list human | grep
>> 087cc573318e070befff1d9cbcf07e3b5cf5444d
>>
>> 087cc573318e070befff1d9cbcf07e3b5cf5444d ksk=yes zsk=no tag=37419
>> algorithm=7 size=2048 public-only=no pre-active=0
>> publish=-1M3D18h11m7s ready=-1M3D18h11m7s active=-26D12h49m4s
>> retire-active=0 retire=0 post-active=0 revoke=0 remove=0
>>
>> Best regards,
>> Thomas
>>
>> On 09.12.20 11:15, libor.peltan wrote:
>>> Hi Thomas,
>>>
>>> could you please try if this issue is reproducible: if whenever you
>>> attempt the backup (to a fresh empty target directory), it fails with
>>> "not exists"?
>>>
>>> Could you please check if the keys that happen to make it to the backup
>>> belong to the same zone, or that it's one from each zone? (You light use
>>> `keymgr list` to check which key ID belongs to which zone.)
>>>
>>> Thanks,
>>>
>>> Libor
>>>
>>> Dne 08. 12. 20 v 21:36 Thomas napsal(a):
>>>> Hi Libor,
>>>>
>>>> sorry, I was really too unspecific.
>>>>
>>>> I'm hosting 2 zones. These 4 keys are on the production machine:
>>>>
>>>> root@signer-0:/var/lib/knot/keys/keys# ls -alh
>>>>
>>>>
>>>> -rw-r----- 1 knot knot 1,7K Nov 5 16:22
>>>> 087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
>>>> -rw-r----- 1 knot knot 916 Nov 5 16:44
>>>> 1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
>>>> -rw-r----- 1 knot knot 916 Nov 5 16:22
>>>> 6ebb8eb3ec2ddaf150119b4bc11b47dcec91621a.pem
>>>> -rw-r----- 1 knot knot 1,7K Nov 5 16:44
>>>> d7e47e2909f4d5947d8fb8684cb79ed06feb4b0a.pem
>>>>
>>>>
>>>> Performing a backup with the following command:
>>>>
>>>> # knotc zone-backup +backupdir /tmp/backup
>>>>
>>>> Backup directory after performing the backup shows:
>>>>
>>>> root@signer-0:/tmp/backup/keys/keys# ls -ahl
>>>>
>>>> -rw-r----- 1 knot knot 1,7K Dez 8 20:21
>>>> 087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
>>>> -rw-r----- 1 knot knot 916 Dez 8 20:21
>>>> 1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
>>>>
>>>> 2 keys are missing.
>>>>
>>>> Hhmm ok, there is an error in the log:
>>>>
>>>> 2020-12-08T20:26:43+0000 info: control, received command
'zone-backup'
>>>> 2020-12-08T20:26:43+0000 warning: [xxx.] zone backup failed (not
>>>> exists)
>>>> 2020-12-08T20:26:43+0000 error: [xxx.] zone event
'backup/restore'
>>>> failed (not exists)
>>>> 2020-12-08T20:26:43+0000 warning: [yyy.] zone backup failed (not
>>>> exists)
>>>> 2020-12-08T20:26:43+0000 error: [yyy.] zone event
'backup/restore'
>>>> failed (not exists)
>>>>
>>>> I'm using the latest knot version.
>>>>
>>>>
>>>> Best regards,
>>>>
>>>> Thomas
>>>>
>>>>
>>>>
>>>> Am 08.12.20 um 16:56 schrieb libor.peltan:
>>>>> Hi Thomas,
>>>>>
>>>>> could you be more specific about "half of private keys were in
the
>>>>> backup" ? How many were, how many weren't, and was there
some obvious
>>>>> difference between them?
>>>>>
>>>>> Could you share the log snippets covering the backup and the restore
>>>>> procedures?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Libor
>>>>>
>>>>> Dne 08. 12. 20 v 16:48 Thomas E. napsal(a):
>>>>>> Hi (again),
>>>>>>
>>>>>> I was trying to backup and restore a server with the new knotc
>>>>>> zone-backup/restore command.
>>>>>>
>>>>>> I recognized that only half of the private keys were in the
backup,
>>>>>> which leads to an error:
>>>>>>
>>>>>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load
private
>>>>>> keys (not exists)
>>>>>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load
keys
>>>>>> (not
>>>>>> exists)
>>>>>>
>>>>>> Shouldn't the backup contain all private keys?
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Thomas