Le lundi 28 août 2023 à 14:25 +0200, Daniel Salzman a écrit : > Hello Knot DNS users, > > CZ.NIC has released Knot DNS 3.3.0! > > This version brings full DNS/XFR over QUIC support, multi-signer > operation mode, and many more. See the changelog.
Hello,
I upgrade to 3.3 today, and mod-onlinesign (or at least my config)
seems to be broken :
2023-08-28T10:23:17+0200 error: [8.e.d.0.8.7.6.0.1.0.0.2.ip6.arpa.] module
'mod-onlinesign/online_long', incompatible with automatic signing
2023-08-28T10:23:17+0200 error: [8.e.d.0.8.7.6.0.1.0.0.2.ip6.arpa.] module
'mod-onlinesign/online_long', failed to load (operation not supported)
here is the relevant config :
zone:
- domain: "8.e.d.0.8.7.6.0.1.0.0.2.ip6.arpa."
file: "8.e.d.0.8.7.6.0.1.0.0.2.ip6.arpa"
notify: "corrin"
dnssec-signing: "on"
dnssec-policy: "default_long"
module: [ mod-synthrecord/revas, mod-onlinesign/online_long ]
mod-onlinesign:
- id: online_long
policy: default_long
policy:
- id: default_long
algorithm: ECDSAP256SHA256
rrsig-lifetime: 240h
rrsig-refresh: 192h
ksk-submission: validating-resolver
nsec3-iterations: 0
single-type-signing: on
As I don't see anything related to onlinesign in the changelog, I don't
know where to search :/ Can you help me ?
Thanks,
--
Bastien
signature.asc
Description: This is a digitally signed message part
--
