knot is particular about ownership and permissions. If
knot's home directory or config file have incorrect attributes
it won't run. Once running, the zone files and timers must also have
correct attributes or it will fail, sometimes silently. Check the log files.
The zone file directory is specified in the config files at template:
storage:
I prefer /var/lib/knot/
.
Each nameserver has one configuration file. Regardless of role, it is
always named /etc/knot/knot.conf
.
Permissions are:chmod 660 /etc/knot/knot.conf
chmod -R 660 /var/lib/knot/
chmod 750 /etc/knot/
chmod 750 /var/lib/knot/
chmod 750 /var/lib/knot/timers/
Ownership is:chown -R knot:knot /etc/knot
chown -R knot:knot /var/lib/knot
For convenience I place a link to the zone files in the config directory.ln -s /var/lib/knot/ /etc/knot/zones
Basic KAMATERA VMs - 1GB Ram - 20G Storage - 1 CPU - $4 USD / month Host operating system isUbuntu 22.04 Jammy Jellyfish
knot version 3.1.6
was installed from an Ubuntuapt
package No BS, solid service, highly recommended Kamatera Cloud Platform
The generated configs are valid and can be used as-is for your knot.conf files When knot.conf changes a "systemctl restart knot
" is required When a zone file changes a "systemctl reload knot
" is required SOA records must be on a single line (tricky to debug this one) Zone file changes won't propagate until the serial number on each modified zone has been increased and knot has been reloaded If you want to Listen on a localhost address it MUST be 127.0.0.1 If you don't need to Listen on a localhost address delete the "listen: 127.0.0.1" line To use only the Public network leave the form's Private IP boxes empty If available the servers will synchronize over the private network This will get you started. Basic setup, works good, lasts a long time
rundir: "/run/knot" user: knot:knot listen: 127.0.0.1 listen: <Public IP> listen: <Private IP>
- target: syslog any: info
- id: secondary
address: <Remote IP>
- id: transfer_to_secondary
address: <Remote IP>
action: [ update, transfer ]
- id: default acl: transfer_to_secondary notify: secondary storage: /var/lib/knot
- domain: example.net file: example.net
rundir: "/run/knot" user: knot:knot listen: 127.0.0.1 listen: <Public IP> listen: <Private IP>
- target: syslog any: info
- id: primary
address: <Remote IP>
- id: notify_primary
address: <Remote IP>
action: notify
- id: default acl: notify_primary master: primary storage: /var/lib/knot
- domain: example.net file: example.net