knot is particular about ownership and permissions. If
knot's home directory or config file have incorrect attributes
it won't run. Once running, the zone files and timers must also have
correct attributes or it will fail, sometimes silently. Check the log files.
The zone file directory is specified in the config files at template:
storage:
I prefer /var/lib/knot/
.
Each nameserver has one configuration file. Regardless of role, it is
always named /etc/knot/knot.conf
.
Permissions are:chmod 660 /etc/knot/knot.conf
chmod -R 660 /var/lib/knot/
chmod 750 /etc/knot/
chmod 750 /var/lib/knot/
chmod 750 /var/lib/knot/timers/
Ownership is:chown -R knot:knot /etc/knot
chown -R knot:knot /var/lib/knot
For convenience add a link to the zone files.ln -s /var/lib/knot/ /etc/knot/zones
Basic DigitalOcean Droplets - 1GB Ram - 25G Storage - 1 CPU - $5US/month per Two network adapters: one internet facing, one facing a private subnet Host operating system isUbuntu 18.04.5 Bionic Beaver
knot version 2.6.5-35
was installed from an Ubuntuapt
package
The generated configs are valid and can be used as-is for your knot.conf files When knot.conf changes a "systemctl restart knot
" is required When a zone file changes a "systemctl reload knot
" is required SOA records must be on a single line (tricky to debug this one) Zone file changes won't propagate until the serial number on each modified zone has been increased and knot has been reloaded To use only the Public network leave the form's Private IP boxes empty When it's available the servers' synchronize over the private network This will get you started. Basic setup, works good, lasts a long time
rundir: "/run/knot" user: knot:knot listen: 127.0.0.1 listen: Public IP listen: Private IP
- target: syslog any: info
- id: secondary
address: Remote IP
- id: transfer_to_secondary
address: Remote IP
action: [ update, transfer ]
- id: default acl: transfer_to_secondary notify: secondary storage: /var/lib/knot
- domain: example.net file: example.net
rundir: "/run/knot" user: knot:knot listen: 127.0.0.1 listen: Public IP listen: Private IP
- target: syslog any: info
- id: primary
address: Remote IP
- id: notify_primary
address: Remote IP
action: notify
- id: default acl: notify_primary master: primary storage: /var/lib/knot
- domain: example.net file: example.net