[knot-dns-users] zonefile-load: difference

Daniel Stirnimann daniel.stirnimann at switch.ch
Mon Jan 21 09:13:02 CET 2019

Hello Volker,

I have been using this setup for about two years now. You need:

zonefile-sync: -1
zonefile-load: difference-no-serial
serial-policy: unixtime

Maybe as a side effect of this setup, on some very rare occasions I had
to purge the journal for my zone after a knot upgrade. You find out
about this if you reload knot after the upgrade and it fails to load the

knotc -f zone-purge +journal <zone>

Best regards,

On 20.01.19 20:31, Volker Janzen wrote:
> Hi,
> I want to use Ansible to deploy zone files to my Knot signer (hidden 
> master). The zone files should be generated from the Ansible playbook 
> data and will not contain any DNSSEC related information, just SOA, NS, 
> A, AAAA, TXT and MX records. I'd like to use Knot DNSSEC auto-signing. I 
> can stop the Knot process before deploying new zone files. I use 
> zonefile-load: difference in this case, as of the DNSKEY / CDNSKEY / CDS 
> data should not be replaced with something new. Should this work for me, 
> or is there anything I miss or is there even a better option?
> Kind regards,
>      Volker

More information about the knot-dns-users mailing list