knotd

primary/secondary config generator

home

knot is particular about ownership and permissions. If knot's home directory or config file have incorrect attributes it won't run. Once running, the zone files and timers must also have correct attributes or it will fail, sometimes silently. Check the log files. The zone file directory is specified in the config files at   template: storage:   I prefer /var/lib/knot/.

Each nameserver has one configuration file. Regardless of role, it is always named /etc/knot/knot.conf. 

           Permissions are:
  
                chmod 660 /etc/knot/knot.conf
                chmod -R 660 /var/lib/knot/
                chmod 750 /etc/knot/
                chmod 750 /var/lib/knot/
                chmod 750 /var/lib/knot/timers/
  
           Ownership is:
  
                chown -R knot:knot /etc/knot
                chown -R knot:knot /var/lib/knot
  
           For convenience I place a link to the zone files in the config directory.
  
                ln -s /var/lib/knot/ /etc/knot/zones

Ownership and Permissions

            Basic KAMATERA VMs - 1GB Ram - 20G Storage - 1 CPU - $4 USD / month
            Host operating system is Ubuntu 22.04 Jammy Jellyfish 
            knot version 3.1.6 was installed from an Ubuntu apt package

            No BS, solid service, highly recommended Kamatera Cloud Platform

System Description

            The generated configs are valid and can be used as-is for your knot.conf files
            When knot.conf changes a "systemctl restart knot" is required
            When a zone file changes a "systemctl reload knot" is required
            SOA records must be on a single line (tricky to debug this one)
            Zone file changes won't propagate until the serial number on each modified
                      zone has been increased and knot has been reloaded
            If you want to Listen on a localhost address it MUST be 127.0.0.1
            If you don't need to Listen on a localhost address delete the "listen: 127.0.0.1" line
            To use only the Public network leave the form's Private IP boxes empty
            If available the servers will synchronize over the private network
            This will get you started. Basic setup, works good, lasts a long time

Notes and Warnings

Primary

Secondary

Addresses
server:
    rundir:    "/run/knot"
    user:      knot:knot
    listen:    127.0.0.1
    listen:    <Public IP>
    listen:    <Private IP>
log:
  - target:    syslog
    any:       info
remote:
  - id:        secondary
    address:   <Remote IP>
acl:
  - id:        transfer_to_secondary
    address:   <Remote IP>
    action:    [ update, transfer ]
template:
  - id:        default
    acl:       transfer_to_secondary
    notify:    secondary
    storage:   /var/lib/knot
zone:
  - domain:    example.net
    file:      example.net
knot.conf - primary
server:
    rundir:    "/run/knot"
    user:      knot:knot
    listen:    127.0.0.1
    listen:    <Public IP>
    listen:    <Private IP>
log:
  - target:    syslog
    any:       info
remote:
  - id:        primary
    address:   <Remote IP>
acl:
  - id:        notify_primary
    address:   <Remote IP>
    action:    notify
template:
  - id:        default
    acl:       notify_primary
    master:    primary
    storage:   /var/lib/knot
zone:
  - domain:    example.net
    file:      example.net
knot.conf - secondary