dustri.org
might have been unavailable for you since a couple of days, and
here is why: I'm using knot as
authoritative DNS server, from the official deb repository. Everything was fine, until the
last update, from version 2.0 to 2.1.0, who cames with interesting
changes, like
changing the fucking key-storage format, resulting in:
root@frollo 19:43 service knot status
● knot.service - Knot DNS server
Loaded: loaded (/lib/systemd/system/knot.service; enabled)
Active: active (running) since Sun 2016-01-31 19:43:48 CET; 1s ago
Main PID: 13870 (knotd)
CGroup: /system.slice/knot.service
└─13870 /usr/sbin/knotd -c /etc/knot/knot.conf
Jan 31 19:43:48 frollo knotd[13870]: info: loading zones
Jan 31 19:43:48 frollo knotd[13870]: info: [dustri.org] zone will be loaded, serial 0
Jan 31 19:43:48 frollo knotd[13870]: info: starting server
Jan 31 19:43:48 frollo knotd[13870]: warning: [dustri.org] semantic check, node 'dustri.org.' (RRSIG, expired signature record type 'SOA')
Jan 31 19:43:48 frollo knotd[13870]: info: [dustri.org] zone loader, semantic check, completed
Jan 31 19:43:48 frollo knotd[13870]: error: [dustri.org] DNSSEC, failed to initialize (invalid parameter)
Jan 31 19:43:48 frollo knotd[13870]: error: [dustri.org] failed to store changes into journal (invalid parameter)
Jan 31 19:43:48 frollo knotd[13870]: error: [dustri.org] zone load failed (invalid parameter)
Jan 31 19:43:48 frollo knotd[13870]: info: server started in the foreground, PID 13870
Jan 31 19:43:48 frollo knotd[13870]: info: remote control, binding to '/run/knot/knot.sock'
Fortunately, to fix this, you just have to run keymgr init
in your KASP directory.
Don't worry, this won't rewrite your existing settings.