[knot-dns-users] Manage zonefile directory in git
tore at fud.no
Mon Jan 4 12:47:17 CET 2016
* Tobias Brunner <tobias at tobru.ch>
> Hi Ondrej,
> Thanks for your fast answer!
> > We don't have an option to write signed zonefile elsewhere, but you can set
> > `zonefile-sync: -1` to disable syncing of the zones to the disk. That
> > way the signatures will be kept only in the zone journal.
> > 1. https://www.knot-dns.cz/docs/2.0/html/reference.html#zonefile-sync
> That's great! This solves all of my "troubles" I had...
Be aware that with "zonefile-sync: -1" the journal will grow and grow
until it is full, as it doesn't only contain a simple diff/delta from
the original file (in git), but every single change applied - even
those changes that have been cancelled out by later changes (like old
When the journal is full, you cannot submit further nsupdate changes
and I think DNSSEC re-signing is prevented from happening. Therefore,
as I understand it, "zonefile-sync: -1" is not suited for production
See also https://gitlab.labs.nic.cz/labs/knot/issues/164#note_12079
More information about the knot-dns-users