operation.rst 8.99 KB
Newer Older
1
.. highlight:: console
2
.. _Operation:
3

4
*********
5
Operation
6
*********
7

8 9 10
The Knot DNS server part ``knotd`` can run either in the foreground, or in the background
using the ``-d`` option. When run in the foreground, it doesn't create a PID file.
Other than that, there are no differences and you can control both the same way.
11

12
The tool ``knotc`` is designed as a user front-end, making it easier to control running
13
server daemon. If you want to control the daemon directly, use ``SIGINT`` to quit
14
the process or ``SIGHUP`` to reload the configuration.
15

16
If you pass neither configuration file (``-c`` parameter) nor configuration
17
database (``-C`` parameter), the server will first attempt to use the default
Daniel Salzman's avatar
Daniel Salzman committed
18 19 20
configuration database stored in ``/var/lib/knot/confdb`` or the
default configuration file stored in ``/etc/knot/knot.conf``. Both the
default paths can be reconfigured with ``--with-storage=path`` or
21
``--with-configdir=path`` respectively.
22 23 24 25 26

Example of server start as a daemon::

    $ knotd -d -c knot.conf

27
Example of server shutdown::
28 29 30

    $ knotc -c knot.conf stop

31 32
For a complete list of actions refer to the program help (``-h`` parameter)
or to the corresponding manual page.
Daniel Salzman's avatar
Daniel Salzman committed
33

34
Also, the server needs to create :ref:`server_rundir` and :ref:`zone_storage`
35
directories in order to run properly.
36

37
.. _Configuration database:
38

39 40 41
Configuration database
======================

42 43
In the case of a huge configuration file, the configuration can be stored
in a binary database. Such a database can be simply initialized::
44

45
    $ knotc conf-init
46

47
or preloaded from a file::
48

49 50 51 52 53
    $ knotc conf-import input.conf

Also the configuration database can be exported into a textual file::

    $ knotc conf-export output.conf
54

55 56 57 58
.. WARNING::
   The import and export commands access the configuration database
   directly, without any interaction with the server. So it is strictly
   recommended to perform these operations when the server is not running.
59 60 61 62 63 64

.. _Dynamic configuration:

Dynamic configuration
=====================

65
The configuration database can be accessed using the server control interface
66
during the running server. To get the full power of the dynamic configuration,
67 68 69
the server must be started with a specified configuration database location
or with the default database initialized. Otherwise all the changes to the
configuration will be temporary (until the server stop).
70

71 72
.. NOTE::
   The database can be :ref:`imported<Configuration database>` in advance.
73

74 75
Most of the commands get an item name and value parameters. The item name is
in the form of ``section[identifier].name``. If the item is multivalued,
76 77 78
more values can be specified as individual (command line) arguments. Beware of
the possibility of pathname expansion by the shell. For this reason, slashed
square brackets or quoted parameters is advisable.
79 80 81

To get the list of configuration sections or to get the list of section items::

82
    $ knotc conf-list
83
    $ knotc conf-list 'server'
84 85 86 87 88

To get the whole configuration or to get the whole configuration section or
to get all section identifiers or to get a specific configuration item::

    $ knotc conf-read
89 90 91
    $ knotc conf-read 'remote'
    $ knotc conf-read 'zone.domain'
    $ knotc conf-read 'zone[example.com].master'
92

93 94
.. WARNING::
   The following operations don't work on OpenBSD!
95 96 97

Modifying operations require an active configuration database transaction.
Just one transaction can be active at a time. Such a transaction then can
98
be aborted or committed. A semantic check is executed automatically before
99 100 101 102 103 104 105 106 107
every commit::

    $ knotc conf-begin
    $ knotc conf-abort
    $ knotc conf-commit

To set a configuration item value or to add more values or to add a new
section identifier or to add a value to all identified sections::

108 109 110 111
    $ knotc conf-set 'server.identity' 'Knot DNS'
    $ knotc conf-set 'server.listen' '0.0.0.0@53' '::@53'
    $ knotc conf-set 'zone[example.com]'
    $ knotc conf-set 'zone.slave' 'slave2'
112

113 114 115 116
.. NOTE::
   Also the include operation can be performed. A non-absolute file
   location is relative to the server binary path, not to the control binary
   path!::
117

118
      $ knotc conf-set 'include' '/tmp/new_zones.conf'
119 120 121 122 123 124

To unset the whole configuration or to unset the whole configuration section
or to unset an identified section or to unset an item or to unset a specific
item value::

    $ knotc conf-unset
125 126 127 128
    $ knotc conf-unset 'zone'
    $ knotc conf-unset 'zone[example.com]'
    $ knotc conf-unset 'zone[example.com].master'
    $ knotc conf-unset 'zone[example.com].master' 'remote2' 'remote5'
129 130 131 132 133 134

To get the change between the current configuration and the active transaction
for the whole configuration or for a specific section or for a specific
identified section or for a specific item::

    $ knotc conf-diff
135 136 137
    $ knotc conf-diff 'zone'
    $ knotc conf-diff 'zone[example.com]'
    $ knotc conf-diff 'zone[example.com].master'
138 139 140 141

An example of possible configuration initialization::

    $ knotc conf-begin
142 143 144 145 146 147 148
    $ knotc conf-set 'server.listen' '0.0.0.0@53' '::@53'
    $ knotc conf-set 'remote[master_server]'
    $ knotc conf-set 'remote[master_server].address' '192.168.1.1'
    $ knotc conf-set 'template[default]'
    $ knotc conf-set 'template[default].storage' '/var/lib/knot/zones/'
    $ knotc conf-set 'template[default].master' 'master_server'
    $ knotc conf-set 'zone[example.com]'
149 150 151
    $ knotc conf-diff
    $ knotc conf-commit

152 153
.. _Running a slave server:

154
Slave mode
155
==========
156 157

Running the server as a slave is very straightforward as you usually
158
bootstrap zones over AXFR and thus avoid any manual zone operations.
159
In contrast to AXFR, when the incremental transfer finishes, it stores
160
the differences in the journal file and doesn't update the zone file
161
immediately but after the :ref:`zone_zonefile-sync` period elapses.
162 163 164

.. _Running a master server:

165
Master mode
166
===========
167

168
If you just want to check the zone files before starting, you can use::
169

170
    $ knotc zone-check example.com
171

172 173 174 175 176 177 178
For an approximate estimation of server's memory consumption, you can use::

    $ knotc zone-memstats example.com

This action prints the count of resource records, percentage of signed
records and finally estimation of memory consumption for each zone, unless
specified otherwise. Please note that the estimated values may differ from the
179 180
actual consumption. Also, for slave servers with incoming transfers
enabled, be aware that the actual memory consumption might be double
181
or higher during transfers.
182

183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
.. _Editing zones:

Reading and editing zones
=========================

Knot DNS allows you to read or change zone contents online using server
control interface.

To get contents of all configured zones, or a specific zone contents, or zone
records with a specific owner, or even with a specific record type::

    $ knotc zone-read --
    $ knotc zone-read example.com
    $ knotc zone-read example.com ns1
    $ knotc zone-read example.com ns1 NS

.. NOTE::
   If the record owner is not a fully qualified domain name, then it is
   considered as a relative name to the zone name.

To start a writing transaction on all zones or on specific zones::

    $ knotc zone-begin --
    $ knotc zone-begin example.com example.net

Now you can list all nodes within the transaction using the ```zone-get```
command, which always returns current data with all changes included. The
command has the same syntax as ```zone-read```.

Within the transaction, you can add a record to a specific zone or to all
zones with an open transaction::

215 216
    $ knotc zone-set example.com ns1 3600 A 192.168.0.1
    $ knotc zone-set -- ns1 3600 A 192.168.0.1
217 218 219 220

To remove all records with a specific owner, or a specific rrset, or a
specific record data::

221 222 223
    $ knotc zone-unset example.com ns1
    $ knotc zone-unset example.com ns1 A
    $ knotc zone-unset example.com ns1 A 192.168.0.2
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239

To see the difference between the original zone and the current version::

    $ knotc zone-diff example.com

Finally, either commit or abort your transaction::

    $ knotc zone-commit example.com
    $ knotc zone-abort example.com

A full example of setting up a completely new zone from scratch::

    $ knotc conf-begin
    $ knotc conf-set zone.domain example.com
    $ knotc conf-commit
    $ knotc zone-begin example.com
240 241 242
    $ knotc zone-set example.com @ 7200 SOA ns hostmaster 1 86400 900 691200 3600
    $ knotc zone-set example.com ns 3600 A 192.168.0.1
    $ knotc zone-set example.com www 3600 A 192.168.0.100
243 244
    $ knotc zone-commit example.com

245 246
.. _Controlling running daemon:

247
Daemon controls
248
===============
249 250

Knot DNS was designed to allow server reconfiguration on-the-fly
251
without interrupting its operation. Thus it is possible to change
252
both configuration and zone files and also add or remove zones without
253
restarting the server. This can be done with::
254

255
    $ knotc reload
256

257
If you want to enable ixfr differences creation from changes you make to a
258
zone file, enable :ref:`zone_ixfr-from-differences` in the zone configuration
259 260
and reload your server as seen above. If *SOA*'s *serial* is not changed,
no differences will be created.
261

262
If you want to refresh the slave zones, you can do this with::
263

264
    $ knotc zone-refresh