Is the term "catalog zone" misleading?
Installed Knot from git to test key revocation. I have the following knot.conf:
server:
rundir: "/usr/local/knotrev/var/run/knot"
user: knot:knot
listen: [ 127.0.0.1@54, ::1@54, 192.168.1.150@54 ]
log:
- target: k.log
any: info
database:
storage: "/usr/local/knotrev/var/lib/knot"
remote:
acl:
- id: anyxfer
address: [ 127.0.0.1, ::1, 192.168.1.154 , 192.168.1.140]
action: transfer
policy:
- id: manual2
manual: on
zone:
- domain: example.com
storage: "/usr/local/knotrev/etc/knot/zones"
file: "example.com"
dnssec-signing: on
dnssec-policy: manual2
acl: [ anyxfer ]I launch knotd -v with example.com as described above.
In a second terminal I create two keys and reload:
$ keymgr example.com. generate algorithm=8 size=1024 ksk=no
5ff7c44fc5fc5443ad0afd3f5d9b2a649d22c22d
$ keymgr example.com. generate algorithm=8 size=2048 ksk=yes
7107427333a3db4658e69118547841ced5df1e48
$ knotc -b reloadI note the following error message:
2020-07-17T10:22:10 info: configuration reloaded
2020-07-17T10:22:10 info: [example.com.] DNSSEC, signing zone
2020-07-17T10:22:10 error: [example.com.] zone event 'DNSSEC re-sign' failed (invalid parameter)What does invalid parameter mean and why am I seeing that?
I stop and restart the server:
2020-07-17T10:22:31 info: starting server
2020-07-17T10:22:31 info: [example.com.] zone file parsed, serial 2010111213
2020-07-17T10:22:31 info: [example.com.] DNSSEC, key, tag 27424, algorithm RSASHA256, KSK, public, active
2020-07-17T10:22:31 info: [example.com.] DNSSEC, key, tag 58971, algorithm RSASHA256, public, active
2020-07-17T10:22:31 info: [example.com.] DNSSEC, signing started
2020-07-17T10:22:31 info: [example.com.] DNSSEC, successfully signedthat looks fine.
2020-07-17T10:22:31 warning: [example.com.] catalog zone not fully populated (invalid identifier)But then I see something referring to a catalog zone (likely an internal name), but I find this a bit confusing in view of existence of DNS catalog zones.
Can this term be renamed, or is that asking too much? :-)