7 Dub
2016
7 Dub
'16
9:02
Good morning,
I've migrated to knot2, configuration file was migrated by knot1to2
tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
NSEC3). Knot2 is installed from suse dns server repo, version
"knot2-2.1.1-1.1.x86_64".
Error message:
Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event 'load'
failed (not found)
Part of the configuration file:
...
...
template:
- id: "default"
storage: "/var/lib/knot"
zone:
- domain: "domain.cz."
file: "domain.cz"
notify: "slave"
acl: "acl_slave"
semantic-checks: "on"
ixfr-from-differences: "on"
max-journal-size: "1073741824"
dnssec-signing: "on"
kasp-db: "/var/lib/knot/domain.cz.keys"
...
...
Directory "/var/lib/knot/domain.cz.keys" contains zone private and
public keys.
What did I missed ?
Thanks and best regards
J.Karliak
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
7 Dub
7 Dub
9:16
New subject: knot 2 do not load zone after migrated from 1.6
Hi Josef,
please, try to run 'keymgr init' in your kasp-db directory (with the right
permissions).
Daniel
On 04/07/2016 09:02 AM, Josef Karliak wrote:
Good morning,
I've migrated to knot2, configuration file was migrated by knot1to2
tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
NSEC3). Knot2 is installed from suse dns server repo, version
"knot2-2.1.1-1.1.x86_64".
Error message:
Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event 'load'
failed (not found)
Part of the configuration file:
...
...
template:
- id: "default"
storage: "/var/lib/knot"
zone:
- domain: "domain.cz."
file: "domain.cz"
notify: "slave"
acl: "acl_slave"
semantic-checks: "on"
ixfr-from-differences: "on"
max-journal-size: "1073741824"
dnssec-signing: "on"
kasp-db: "/var/lib/knot/domain.cz.keys"
...
...
Directory "/var/lib/knot/domain.cz.keys" contains zone private and
public keys.
What did I missed ?
Thanks and best regards
J.Karliak
10:29
New subject: knot 2 do not load zone after migrated from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ; COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event 'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
Hi Josef,
please, try to run 'keymgr init' in your kasp-db directory (with the right
permissions).
Daniel
On 04/07/2016 09:02 AM, Josef Karliak wrote:
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
Good morning,
I've migrated to knot2, configuration file was migrated by knot1to2
tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
NSEC3). Knot2 is installed from suse dns server repo, version
"knot2-2.1.1-1.1.x86_64".
Error message:
Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event 'load'
failed (not found)
Part of the configuration file:
...
...
template:
- id: "default"
storage: "/var/lib/knot"
zone:
- domain: "domain.cz."
file: "domain.cz"
notify: "slave"
acl: "acl_slave"
semantic-checks: "on"
ixfr-from-differences: "on"
max-journal-size: "1073741824"
dnssec-signing: "on"
kasp-db: "/var/lib/knot/domain.cz.keys"
...
...
Directory "/var/lib/knot/domain.cz.keys" contains zone private and
public keys.
What did I missed ?
Thanks and best regards
J.Karliak
12:44
New subject: knot 2 do not load zone after migrated from 1.6
Do you have correct permissions on both /var/lib/knot and /var/lib/knot/domain.cz.keys?
That's the most common source of troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 5:29:39 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ; COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event 'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
Hi Josef,
please, try to run 'keymgr init' in your kasp-db directory (with the right
permissions).
Daniel
On 04/07/2016 09:02 AM, Josef Karliak wrote:
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users Good morning,
I've migrated to knot2, configuration file was migrated by knot1to2
tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
NSEC3). Knot2 is installed from suse dns server repo, version
"knot2-2.1.1-1.1.x86_64".
Error message:
Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event 'load'
failed (not found)
Part of the configuration file:
...
...
template:
- id: "default"
storage: "/var/lib/knot"
zone:
- domain: "domain.cz."
file: "domain.cz"
notify: "slave"
acl: "acl_slave"
semantic-checks: "on"
ixfr-from-differences: "on"
max-journal-size: "1073741824"
dnssec-signing: "on"
kasp-db: "/var/lib/knot/domain.cz.keys"
...
...
Directory "/var/lib/knot/domain.cz.keys" contains zone private and
public keys.
What did I missed ?
Thanks and best regards
J.Karliak
13:26
New subject: knot 2 do not load zone after migrated from 1.6
Yes,
the directory is the same from knot 1.6., it worked all fine, keys are
in the same place... And knot is an owner, it is a one of first that I
checked :-/
Best regards
J.K.
Do you have correct permissions on both /var/lib/knot
and
/var/lib/knot/domain.cz.keys? That's the most common source of troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 5:29:39 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ; COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event 'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
Hi Josef,
please, try to run 'keymgr init' in your kasp-db directory (with the
right
permissions).
Daniel
On 04/07/2016 09:02 AM, Josef Karliak wrote:
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users Good morning,
I've migrated to knot2, configuration file was migrated by knot1to2
tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
NSEC3). Knot2 is installed from suse dns server repo, version
"knot2-2.1.1-1.1.x86_64".
Error message:
Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed
to
initialize (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event
'load'
failed (not found)
Part of the configuration file:
...
...
template:
- id: "default"
storage: "/var/lib/knot"
zone:
- domain: "domain.cz."
file: "domain.cz"
notify: "slave"
acl: "acl_slave"
semantic-checks: "on"
ixfr-from-differences: "on"
max-journal-size: "1073741824"
dnssec-signing: "on"
kasp-db: "/var/lib/knot/domain.cz.keys"
...
...
Directory "/var/lib/knot/domain.cz.keys" contains zone private and
public keys.
What did I missed ?
Thanks and best regards
J.Karliak
14:38
New subject: knot 2 do not load zone after migrated from 1.6
Could you send us your full configuration and keys directory, just make sure you don't
send any sensitive material, f.e. empty the .pem files (but include a list of them).
O.
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 8:26:33 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated from 1.6
Yes,
the directory is the same from knot 1.6., it worked all fine, keys are
in the same place... And knot is an owner, it is a one of first that I
checked :-/
Best regards
J.K.
Do you have correct permissions on both
/var/lib/knot and
/var/lib/knot/domain.cz.keys? That's the most common source of troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 5:29:39 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ; COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event 'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
Hi Josef,
please, try to run 'keymgr init' in your kasp-db directory (with the
right
permissions).
Daniel
On 04/07/2016 09:02 AM, Josef Karliak wrote:
> Good morning,
> I've migrated to knot2, configuration file was migrated by knot1to2
> tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
> NSEC3). Knot2 is installed from suse dns server repo, version
> "knot2-2.1.1-1.1.x86_64".
> Error message:
> Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration file
> '/etc/knot/knot.conf'
> Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
> Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
> semantic check, completed
> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC, failed
> to
> initialize (not found)
> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to store
> changes into journal (not found)
> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event
> 'load'
> failed (not found)
>
>
> Part of the configuration file:
> ...
> ...
> template:
> - id: "default"
> storage: "/var/lib/knot"
>
> zone:
> - domain: "domain.cz."
> file: "domain.cz"
> notify: "slave"
> acl: "acl_slave"
> semantic-checks: "on"
> ixfr-from-differences: "on"
> max-journal-size: "1073741824"
> dnssec-signing: "on"
> kasp-db: "/var/lib/knot/domain.cz.keys"
>
> ...
> ...
>
> Directory "/var/lib/knot/domain.cz.keys" contains zone private and
> public keys.
>
> What did I missed ?
> Thanks and best regards
> J.Karliak
>
>
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
14:49
New subject: knot 2 do not load zone after migrated from 1.6
Hi,
I installed knot2 to my computer and imported knot1 configuration and
migrated it to 2. Also I've copied zone files from our real server.
The problem is the same, so I think I missed some step. :-/
I send you an attachment to your email, there is a configuration and
knot's run dir.
Thanks and best regards
J.K.
Could you send us your full configuration and keys
directory, just make
sure you don't send any sensitive material, f.e. empty the .pem files (but
include a list of them).
O.
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 8:26:33 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Yes,
the directory is the same from knot 1.6., it worked all fine, keys are
in the same place... And knot is an owner, it is a one of first that I
checked :-/
Best regards
J.K.
Do you have correct permissions on both
/var/lib/knot and
/var/lib/knot/domain.cz.keys? That's the most common source of
troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 5:29:39 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Hi,
thanks for the answer, but still no luck:
Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
PWD=/var/lib/knot/domain.cz.keys ; USER=knot ;
COMMAND=/usr/sbin/keymgr
init
Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
'/etc/knot/knot.conf'
Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
semantic check, completed
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed
to
initialize (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
changes into journal (not found)
Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event
'load'
failed (not found)
I entered to keys directory and ran the command with sudo (I've
running
knot with user "knot"):
sudo -u knot keymgr init
In "/var/lib/knot/domain.cz.keys" were created some .json files and
"keys" directory. I copied my dnssec keys to new created "keys"
directory, problem persist :-/
Still some missed.
Thanks and best regards
J.K.
> Hi Josef,
>
> please, try to run 'keymgr init' in your kasp-db directory (with the
> right
> permissions).
>
> Daniel
>
> On 04/07/2016 09:02 AM, Josef Karliak wrote:
>> Good morning,
>> I've migrated to knot2, configuration file was migrated by
>> knot1to2
>> tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
>> NSEC3). Knot2 is installed from suse dns server repo, version
>> "knot2-2.1.1-1.1.x86_64".
>> Error message:
>> Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration
>> file
>> '/etc/knot/knot.conf'
>> Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
>> Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
>> semantic check, completed
>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC,
>> failed
>> to
>> initialize (not found)
>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to
>> store
>> changes into journal (not found)
>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event
>> 'load'
>> failed (not found)
>>
>>
>> Part of the configuration file:
>> ...
>> ...
>> template:
>> - id: "default"
>> storage: "/var/lib/knot"
>>
>> zone:
>> - domain: "domain.cz."
>> file: "domain.cz"
>> notify: "slave"
>> acl: "acl_slave"
>> semantic-checks: "on"
>> ixfr-from-differences: "on"
>> max-journal-size: "1073741824"
>> dnssec-signing: "on"
>> kasp-db: "/var/lib/knot/domain.cz.keys"
>>
>> ...
>> ...
>>
>> Directory "/var/lib/knot/domain.cz.keys" contains zone private
>> and
>> public keys.
>>
>> What did I missed ?
>> Thanks and best regards
>> J.Karliak
>>
>>
>
>
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
15:03
New subject: knot 2 do not load zone after migrated from 1.6
Hi,
I see, there are several things:
- the kasp-db: should point to /var/lib/knot/kasp/, e.g. change your template to:
template:
- id: default
storage: /var/lib/knot/
dnssec-signing: off
kasp-db: /var/lib/knot/kasp/
# you can still use relative path to storage
# just remove all the 'dnssec-signing: off' from individual domains
#
# you can also move all your master, acl, notify, semantic-checks, ixfr-from-differences
to the template and remove them from individual domains
Then you must add the zone the the default policy and convert the old BIND keys to the
format Knot DNS understands with `keymgr zone key import <zone-name>
<key-file>`, see:
https://www.knot-dns.cz/docs/2.x/html/man_keymgr.html
and more examples here (See the point 4. which is exactly your case):
https://www.knot-dns.cz/docs/2.x/html/man_keymgr.html#examples
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 9:49:10 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated from 1.6
Hi,
I installed knot2 to my computer and imported knot1 configuration and
migrated it to 2. Also I've copied zone files from our real server.
The problem is the same, so I think I missed some step. :-/
I send you an attachment to your email, there is a configuration and
knot's run dir.
Thanks and best regards
J.K.
Could you send us your full configuration and
keys directory, just make
sure you don't send any sensitive material, f.e. empty the .pem files (but
include a list of them).
O.
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 8:26:33 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Yes,
the directory is the same from knot 1.6., it worked all fine, keys are
in the same place... And knot is an owner, it is a one of first that I
checked :-/
Best regards
J.K.
Do you have correct permissions on both
/var/lib/knot and
/var/lib/knot/domain.cz.keys? That's the most common source of
troubles.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
> From: "Josef Karliak" <karliak(a)ajetaci.cz>
> To: knot-dns-users(a)lists.nic.cz
> Sent: Thursday, April 7, 2016 5:29:39 AM
> Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
> from 1.6
> Hi,
> thanks for the answer, but still no luck:
>
> Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
> PWD=/var/lib/knot/domain.cz.keys ; USER=knot ;
> COMMAND=/usr/sbin/keymgr
> init
> Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration file
> '/etc/knot/knot.conf'
> Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
> Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
> semantic check, completed
> Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC, failed
> to
> initialize (not found)
> Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to store
> changes into journal (not found)
> Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event
> 'load'
> failed (not found)
>
> I entered to keys directory and ran the command with sudo (I've
> running
> knot with user "knot"):
> sudo -u knot keymgr init
>
>
> In "/var/lib/knot/domain.cz.keys" were created some .json files and
> "keys" directory. I copied my dnssec keys to new created "keys"
> directory, problem persist :-/
> Still some missed.
> Thanks and best regards
> J.K.
>
>
>
>> Hi Josef,
>>
>> please, try to run 'keymgr init' in your kasp-db directory (with the
>> right
>> permissions).
>>
>> Daniel
>>
>> On 04/07/2016 09:02 AM, Josef Karliak wrote:
>>> Good morning,
>>> I've migrated to knot2, configuration file was migrated by
>>> knot1to2
>>> tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC, not
>>> NSEC3). Knot2 is installed from suse dns server repo, version
>>> "knot2-2.1.1-1.1.x86_64".
>>> Error message:
>>> Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration
>>> file
>>> '/etc/knot/knot.conf'
>>> Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
>>> Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
>>> semantic check, completed
>>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC,
>>> failed
>>> to
>>> initialize (not found)
>>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to
>>> store
>>> changes into journal (not found)
>>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event
>>> 'load'
>>> failed (not found)
>>>
>>>
>>> Part of the configuration file:
>>> ...
>>> ...
>>> template:
>>> - id: "default"
>>> storage: "/var/lib/knot"
>>>
>>> zone:
>>> - domain: "domain.cz."
>>> file: "domain.cz"
>>> notify: "slave"
>>> acl: "acl_slave"
>>> semantic-checks: "on"
>>> ixfr-from-differences: "on"
>>> max-journal-size: "1073741824"
>>> dnssec-signing: "on"
>>> kasp-db: "/var/lib/knot/domain.cz.keys"
>>>
>>> ...
>>> ...
>>>
>>> Directory "/var/lib/knot/domain.cz.keys" contains zone private
>>> and
>>> public keys.
>>>
>>> What did I missed ?
>>> Thanks and best regards
>>> J.Karliak
>>>
>>>
>>
>>
>
>
> --
> Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
> DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
> dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
> zminene vyse. Dekuji.
> My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
> policy and implementation of the DMARC. If you've problem with sending
> emails to me, start using email origin methods mentioned above. Thank
> you.
>
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
15:29
New subject: knot 2 do not load zone after migrated from 1.6
Ohh,
I missed importing old keys, thank you very much. I see some complains
about not finding ZSK, KSK is imported and loaded.
I'll try to find it @home.
Thank you very much for your time and kick me to right way :)
Best regards
J.K.
Hi,
I see, there are several things:
- the kasp-db: should point to /var/lib/knot/kasp/, e.g. change your
template to:
template:
- id: default
storage: /var/lib/knot/
dnssec-signing: off
kasp-db: /var/lib/knot/kasp/
# you can still use relative path to storage
# just remove all the 'dnssec-signing: off' from individual domains
#
# you can also move all your master, acl, notify, semantic-checks,
ixfr-from-differences to the template and remove them from individual
domains
Then you must add the zone the the default policy and convert the old BIND
keys to the format Knot DNS understands with `keymgr zone key import
<zone-name> <key-file>`, see:
https://www.knot-dns.cz/docs/2.x/html/man_keymgr.html
and more examples here (See the point 4. which is exactly your case):
https://www.knot-dns.cz/docs/2.x/html/man_keymgr.html#examples
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 9:49:10 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Hi,
I installed knot2 to my computer and imported knot1 configuration and
migrated it to 2. Also I've copied zone files from our real server.
The problem is the same, so I think I missed some step. :-/
I send you an attachment to your email, there is a configuration and
knot's run dir.
Thanks and best regards
J.K.
Could you send us your full configuration and
keys directory, just make
sure you don't send any sensitive material, f.e. empty the .pem files
(but
include a list of them).
O.
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users From: "Josef Karliak"
<karliak(a)ajetaci.cz>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, April 7, 2016 8:26:33 AM
Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
from 1.6
Yes,
the directory is the same from knot 1.6., it worked all fine, keys
are
in the same place... And knot is an owner, it is a one of first that I
checked :-/
Best regards
J.K.
> Do you have correct permissions on both /var/lib/knot and
> /var/lib/knot/domain.cz.keys? That's the most common source of
> troubles.
>
> Cheers,
> Ondrej
>
> --
> Ondřej Surý -- Technical Fellow
> --------------------------------------------
> CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
> Milesovska 5, 130 00 Praha 3, Czech Republic
> mailto:ondrej.sury@nic.cz https://nic.cz/
> --------------------------------------------
>
> ----- Original Message -----
>> From: "Josef Karliak" <karliak(a)ajetaci.cz>
>> To: knot-dns-users(a)lists.nic.cz
>> Sent: Thursday, April 7, 2016 5:29:39 AM
>> Subject: Re: [knot-dns-users] knot 2 do not load zone after migrated
>> from 1.6
>
>> Hi,
>> thanks for the answer, but still no luck:
>>
>> Apr 7 10:19:29 celer sudo: root : TTY=pts/1 ;
>> PWD=/var/lib/knot/domain.cz.keys ; USER=knot ;
>> COMMAND=/usr/sbin/keymgr
>> init
>> Apr 7 10:19:43 celer knotd[29767]: info: reloading configuration
>> file
>> '/etc/knot/knot.conf'
>> Apr 7 10:19:44 celer knotd[29767]: info: configuration reloaded
>> Apr 7 10:19:44 celer knotd[29767]: info: [domain.cz] zone loader,
>> semantic check, completed
>> Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] DNSSEC,
>> failed
>> to
>> initialize (not found)
>> Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] failed to
>> store
>> changes into journal (not found)
>> Apr 7 10:19:44 celer knotd[29767]: error: [domain.cz] zone event
>> 'load'
>> failed (not found)
>>
>> I entered to keys directory and ran the command with sudo (I've
>> running
>> knot with user "knot"):
>> sudo -u knot keymgr init
>>
>>
>> In "/var/lib/knot/domain.cz.keys" were created some .json files and
>> "keys" directory. I copied my dnssec keys to new created
"keys"
>> directory, problem persist :-/
>> Still some missed.
>> Thanks and best regards
>> J.K.
>>
>>
>>
>>> Hi Josef,
>>>
>>> please, try to run 'keymgr init' in your kasp-db directory (with
>>> the
>>> right
>>> permissions).
>>>
>>> Daniel
>>>
>>> On 04/07/2016 09:02 AM, Josef Karliak wrote:
>>>> Good morning,
>>>> I've migrated to knot2, configuration file was migrated by
>>>> knot1to2
>>>> tool. Knot 2 loads, but to not load my DNSSEC signed zone (NSEC,
>>>> not
>>>> NSEC3). Knot2 is installed from suse dns server repo, version
>>>> "knot2-2.1.1-1.1.x86_64".
>>>> Error message:
>>>> Apr 7 08:57:39 celer knotd[21676]: info: reloading configuration
>>>> file
>>>> '/etc/knot/knot.conf'
>>>> Apr 7 08:57:39 celer knotd[21676]: info: configuration reloaded
>>>> Apr 7 08:57:39 celer knotd[21676]: info: [domain.cz] zone loader,
>>>> semantic check, completed
>>>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] DNSSEC,
>>>> failed
>>>> to
>>>> initialize (not found)
>>>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] failed to
>>>> store
>>>> changes into journal (not found)
>>>> Apr 7 08:57:39 celer knotd[21676]: error: [domain.cz] zone event
>>>> 'load'
>>>> failed (not found)
>>>>
>>>>
>>>> Part of the configuration file:
>>>> ...
>>>> ...
>>>> template:
>>>> - id: "default"
>>>> storage: "/var/lib/knot"
>>>>
>>>> zone:
>>>> - domain: "domain.cz."
>>>> file: "domain.cz"
>>>> notify: "slave"
>>>> acl: "acl_slave"
>>>> semantic-checks: "on"
>>>> ixfr-from-differences: "on"
>>>> max-journal-size: "1073741824"
>>>> dnssec-signing: "on"
>>>> kasp-db: "/var/lib/knot/domain.cz.keys"
>>>>
>>>> ...
>>>> ...
>>>>
>>>> Directory "/var/lib/knot/domain.cz.keys" contains zone
private
>>>> and
>>>> public keys.
>>>>
>>>> What did I missed ?
>>>> Thanks and best regards
>>>> J.Karliak
>>>>
>>>>
>>>
>>>
>>
>>
>> --
>> Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
>> DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
>> dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
>> zminene vyse. Dekuji.
>> My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
>> policy and implementation of the DMARC. If you've problem with
>> sending
>> emails to me, start using email origin methods mentioned above.
>> Thank
>> you.
>>
>> _______________________________________________
>> knot-dns-users mailing list
>> knot-dns-users(a)lists.nic.cz
>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
3150
days inactive
3150
days old
8 comments
3 participants
participants (3)
-
Daniel Salzman -
Josef Karliak -
Ondřej Surý