knot

an uncomplicated dual nameserver setup

knot is particular about ownership and permissions. If knot's home directory or config file have incorrect attributes it won't run. Once running, the zone files and timers must also have correct attributes or it will fail, sometimes silently. Check the log files. The zone file directory is specified in the config files at   template: storage:   I prefer /var/lib/knot/.

Each nameserver has one configuration file. Regardless of role, it is always named /etc/knot/knot.conf. 

           Permissions are:
  
                chmod 660 /etc/knot/knot.conf
                chmod -R 660 /var/lib/knot/
                chmod 750 /etc/knot/
                chmod 750 /var/lib/knot/
                chmod 750 /var/lib/knot/timers/
  
           Ownership is:
  
                chown -R knot:knot /etc/knot
                chown -R knot:knot /var/lib/knot
  
           For convenience add a link to the zone files.
  
                ln -s /var/lib/knot/ /etc/knot/zones

Ownership and Permissions

            Basic DigitalOcean Droplets - 1GB Ram - 25G Storage - 1 CPU - $5US/month per
            Two network adapters: one internet facing, one facing a private subnet
            Host operating system is Ubuntu 18.04.5 Bionic Beaver 
            knot version 2.6.5-35 was installed from an Ubuntu apt package

System Description

            The generated configs are valid and can be used as-is for your knot.conf files
            When knot.conf changes a "systemctl restart knot" is required
            When a zone file changes a "systemctl reload knot" is required
            SOA records must be on a single line (tricky to debug this one)
            Zone file changes won't propagate until the serial number on each modified
                      zone has been increased and knot has been reloaded
            To use only the Public network leave the form's Private IP boxes empty
            When it's available the servers' synchronize over the private network
            This will get you started. Basic setup, works good, lasts a long time

Notes and Warnings

Primary

Secondary

Addresses
server:
    rundir:    "/run/knot"
    user:      knot:knot
    listen:    127.0.0.1
    listen:    Public IP
    listen:    Private IP
log:
  - target:    syslog
    any:       info
remote:
  - id:        secondary
    address:   Remote IP
acl:
  - id:        transfer_to_secondary
    address:   Remote IP
    action:    [ update, transfer ]
template:
  - id:        default
    acl:       transfer_to_secondary
    notify:    secondary
    storage:   /var/lib/knot
zone:
  - domain:    example.net
    file:      example.net
knot.conf - primary
server:
    rundir:    "/run/knot"
    user:      knot:knot
    listen:    127.0.0.1
    listen:    Public IP
    listen:    Private IP
log:
  - target:    syslog
    any:       info
remote:
  - id:        primary
    address:   Remote IP
acl:
  - id:        notify_primary
    address:   Remote IP
    action:    notify
template:
  - id:        default
    acl:       notify_primary
    master:    primary
    storage:   /var/lib/knot
zone:
  - domain:    example.net
    file:      example.net
knot.conf - secondary