.. Copyright 2016 Hewlett Packard Enterprise Development Company LP Author: Federico Ceratto Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Knot DNS 2 Agent backend ************************ Knot DNS 2 User documentation ============================= This page documents the Agent backend for `Knot DNS `_. The agent runs on the same host as the resolver. It receives DNS messages from Mini DNS using private DNS OPCODEs and classes and creates or deletes zones on Knot using the knotc tool. It also instructs Knot to request AXFR from MiniDNS when a zone is created or updated. Support matrix: * 2.0 and older: not supported * 2.2.0: `affected by a bug `_ `Knot DNS documentation `_ Configuring Knot DNS -------------------- Assuming Knot has been freshly installed on the system, run as root: .. code-block:: bash # Monitor syslog during the next steps tail -f /var/log/syslog # Start the daemon, ensure it's running service knot start netstat -npltu | grep knotd # Create the config database knotc conf-init # Edit /etc/default/knot # Set the variable: # KNOTD_ARGS="-C /var/lib/knot/confdb" # Restart service knot restart # Check if the deamon is still running from the conf file in /etc/knot/ ps axuw | grep knotd # if so, apply this workaround for bug # https://gitlab.labs.nic.cz/labs/knot/issues/455 ( cd /etc/default/ && ln -s knot knotd ) service knot restart ps axuw | grep knotd # Ensure the confdb is present test -f /var/lib/knot/confdb/data.mdb && echo OK # Create the configuration # Populate the variable with the MiniDNS ipaddr: MINIDNS_IPADDR= knotc conf-begin knotc conf-set server.listen 0.0.0.0@53 # To listen on IPv6 as well, also run this: # knotc conf-set server.listen '::@53' knotc conf-set remote[minidns] knotc conf-set remote[minidns].address $MINIDNS_IPADDR@5354 knotc conf-set template[default] knotc conf-set template[default].master minidns knotc conf-set template[default].acl acl_minidns knotc conf-set template[default].semantic-checks on knotc conf-set zone[example.com] knotc conf-set log.any info knotc conf-set log.target syslog knotc conf-set acl[acl_minidns] knotc conf-set acl[acl_minidns].address $MINIDNS_IPADDR knotc conf-set acl[acl_minidns].action notify # Review the changes and commit knotc conf-diff knotc conf-commit # Optionally check and back up the conf knotc conf-check knotc conf-export knot.conf.bak && cat knot.conf.bak # Ensure the zone survives a restart service knot restart knotc zone-status example.com # Test Knot: this should return the version dig @127.0.0.1 version.server CH TXT If needed, create a rootwrap filter, as root: .. code-block:: bash cat > /etc/designate/rootwrap.d/knot2.filters < port: 5354 options: {} options: - host: port: 5358 type: agent Developer documentation ======================= Devstack testbed ---------------- Follow "Setting up Knot DNS on Ubuntu Trusty" Configure Knot to slave from MiniDNS on 192.168.121.131 Knotd configuration example (sudo knotc conf-export ): .. code-block:: yaml # Configuration export (Knot DNS 2.1.1) server: listen: "0.0.0.0@53" log: - target: "syslog" any: "debug" acl: - id: "acl_minidns" address: [ "192.168.121.131" ] action: [ "notify" ] remote: - id: "minidns" address: "192.168.121.131@5354" template: - id: "default" master: "minidns" acl: "acl_minidns" semantic-checks: "on"