Commit 291676ae authored by Jan Včelák's avatar Jan Včelák 🚀

Merge branch 'master' into libdnssec

* master: (161 commits)
parents df68e86d 02bd45f4
......@@ -58,6 +58,7 @@
/src/knot/conf/libknotd_la-cf-lex.c
/src/knot/conf/libknotd_la-cf-parse.c
/src/knot/conf/libknotd_la-cf-parse.h
/libknot.pc
# dnstap
/src/dnstap/Makefile
......
......@@ -38,7 +38,7 @@ PROJECT_NAME = Knot
# could be handy for archiving the generated documentation or if some version
# control system is used.
PROJECT_NUMBER = 1.5
PROJECT_NUMBER = 1.6
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
......@@ -753,12 +753,11 @@ WARN_LOGFILE =
# spaces.
# Note: If this tag is empty the current directory is searched.
INPUT = src/common \
src/libknot \
src/common \
INPUT = src/dnstap \
src/knot \
src/zscanner \
src/libknot \
src/utils \
src/zscanner \
Doxy.page.h
# This tag can be used to specify the character encoding of the source files
......
// ADD PREDEFINED MACROS HERE!
......@@ -27,62 +27,6 @@ man/Makefile.am
patches/Makefile.am
samples/Makefile.am
src/Makefile.am
src/common-knot/crc.h
src/common-knot/evsched.c
src/common-knot/evsched.h
src/common-knot/fdset.c
src/common-knot/fdset.h
src/common-knot/heap.c
src/common-knot/heap.h
src/common-knot/hex.c
src/common-knot/hex.h
src/common-knot/ref.c
src/common-knot/ref.h
src/common-knot/strlcat.c
src/common-knot/strlcat.h
src/common-knot/strtonum.h
src/common-knot/trim.h
src/common/array-sort.h
src/common/base32hex.c
src/common/base32hex.h
src/common/base64.c
src/common/base64.h
src/common/binsearch.h
src/common/debug.h
src/common/errors.c
src/common/errors.h
src/common/getline.c
src/common/getline.h
src/common/hhash.c
src/common/hhash.h
src/common/lists.c
src/common/lists.h
src/common/log.c
src/common/log.h
src/common/macros.h
src/common/mem.c
src/common/mem.h
src/common/mempattern.c
src/common/mempattern.h
src/common/mempool.c
src/common/mempool.h
src/common/namedb/namedb.h
src/common/namedb/namedb_lmdb.c
src/common/namedb/namedb_lmdb.h
src/common/namedb/namedb_trie.c
src/common/namedb/namedb_trie.h
src/common/net.c
src/common/net.h
src/common/print.c
src/common/print.h
src/common/sockaddr.c
src/common/sockaddr.h
src/common/strlcpy.c
src/common/strlcpy.h
src/common/trie/hat-trie.c
src/common/trie/hat-trie.h
src/common/trie/murmurhash3.c
src/common/trie/murmurhash3.h
src/dnstap/Makefile.am
src/dnstap/convert.c
src/dnstap/convert.h
......@@ -94,6 +38,17 @@ src/dnstap/reader.c
src/dnstap/reader.h
src/dnstap/writer.c
src/dnstap/writer.h
src/knot/common/debug.h
src/knot/common/evsched.c
src/knot/common/evsched.h
src/knot/common/fdset.c
src/knot/common/fdset.h
src/knot/common/log.c
src/knot/common/log.h
src/knot/common/ref.c
src/knot/common/ref.h
src/knot/common/time.h
src/knot/common/trim.h
src/knot/conf/cf-lex.l
src/knot/conf/cf-parse.y
src/knot/conf/conf.c
......@@ -121,7 +76,6 @@ src/knot/dnssec/zone-nsec.c
src/knot/dnssec/zone-nsec.h
src/knot/dnssec/zone-sign.c
src/knot/dnssec/zone-sign.h
src/knot/knot.h
src/knot/main.c
src/knot/modules/dnstap.c
src/knot/modules/dnstap.h
......@@ -144,39 +98,26 @@ src/knot/nameserver/nsec_proofs.h
src/knot/nameserver/process_answer.c
src/knot/nameserver/process_answer.h
src/knot/nameserver/process_query.c
src/knot/nameserver/process_query.c
src/knot/nameserver/process_query.c
src/knot/nameserver/process_query.h
src/knot/nameserver/query_module.c
src/knot/nameserver/query_module.h
src/knot/nameserver/tsig_ctx.c
src/knot/nameserver/tsig_ctx.h
src/knot/nameserver/update.c
src/knot/nameserver/update.c
src/knot/nameserver/update.c
src/knot/nameserver/update.h
src/knot/other/debug.h
src/knot/server/dthreads.c
src/knot/server/dthreads.h
src/knot/server/journal.c
src/knot/server/journal.h
src/knot/server/rrl.c
src/knot/server/rrl.c
src/knot/server/rrl.c
src/knot/server/rrl.h
src/knot/server/serialization.c
src/knot/server/serialization.h
src/knot/server/server.c
src/knot/server/server.c
src/knot/server/server.c
src/knot/server/server.h
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.h
src/knot/server/udp-handler.c
src/knot/server/udp-handler.c
src/knot/server/udp-handler.c
src/knot/server/udp-handler.h
src/knot/updates/acl.c
src/knot/updates/acl.h
......@@ -197,8 +138,6 @@ src/knot/zone/contents.h
src/knot/zone/events/events.c
src/knot/zone/events/events.h
src/knot/zone/events/handlers.c
src/knot/zone/events/handlers.c
src/knot/zone/events/handlers.c
src/knot/zone/events/handlers.h
src/knot/zone/events/replan.c
src/knot/zone/events/replan.h
......@@ -227,10 +166,6 @@ src/knot/zone/zonefile.h
src/libknot/binary.c
src/libknot/binary.h
src/libknot/consts.c
src/libknot/consts.c
src/libknot/consts.c
src/libknot/consts.h
src/libknot/consts.h
src/libknot/consts.h
src/libknot/descriptor.c
src/libknot/descriptor.h
......@@ -241,13 +176,56 @@ src/libknot/dnssec/key.h
src/libknot/dnssec/policy.c
src/libknot/dnssec/policy.h
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.h
src/libknot/dnssec/rrset-sign.h
src/libknot/dnssec/rrset-sign.h
src/libknot/errcode.c
src/libknot/errcode.h
src/libknot/internal/array-sort.h
src/libknot/internal/base32hex.c
src/libknot/internal/base32hex.h
src/libknot/internal/base64.c
src/libknot/internal/base64.h
src/libknot/internal/binsearch.h
src/libknot/internal/endian.h
src/libknot/internal/errors.c
src/libknot/internal/errors.h
src/libknot/internal/getline.c
src/libknot/internal/getline.h
src/libknot/internal/heap.c
src/libknot/internal/heap.h
src/libknot/internal/hhash.c
src/libknot/internal/hhash.h
src/libknot/internal/lists.c
src/libknot/internal/lists.h
src/libknot/internal/macros.h
src/libknot/internal/mem.c
src/libknot/internal/mem.h
src/libknot/internal/mempattern.c
src/libknot/internal/mempattern.h
src/libknot/internal/mempool.c
src/libknot/internal/mempool.h
src/libknot/internal/namedb/namedb.h
src/libknot/internal/namedb/namedb_lmdb.c
src/libknot/internal/namedb/namedb_lmdb.h
src/libknot/internal/namedb/namedb_trie.c
src/libknot/internal/namedb/namedb_trie.h
src/libknot/internal/net.c
src/libknot/internal/net.h
src/libknot/internal/print.c
src/libknot/internal/print.h
src/libknot/internal/sockaddr.c
src/libknot/internal/sockaddr.h
src/libknot/internal/strlcat.c
src/libknot/internal/strlcat.h
src/libknot/internal/strlcpy.c
src/libknot/internal/strlcpy.h
src/libknot/internal/tolower.c
src/libknot/internal/tolower.h
src/libknot/internal/trie/hat-trie.c
src/libknot/internal/trie/hat-trie.h
src/libknot/internal/trie/murmurhash3.c
src/libknot/internal/trie/murmurhash3.h
src/libknot/internal/utils.c
src/libknot/internal/utils.h
src/libknot/libknot.h
src/libknot/packet/compr.c
src/libknot/packet/compr.h
......@@ -267,8 +245,6 @@ src/libknot/rdata.h
src/libknot/rdataset.c
src/libknot/rdataset.h
src/libknot/rrset-dump.c
src/libknot/rrset-dump.c
src/libknot/rrset-dump.c
src/libknot/rrset-dump.h
src/libknot/rrset.c
src/libknot/rrset.h
......@@ -286,22 +262,13 @@ src/libknot/rrtype/rdname.h
src/libknot/rrtype/rrsig.h
src/libknot/rrtype/soa.h
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.h
src/libknot/rrtype/tsig.h
src/libknot/rrtype/tsig.h
src/libknot/tsig-op.c
src/libknot/tsig-op.c
src/libknot/tsig-op.c
src/libknot/tsig-op.h
src/libknot/util/endian.h
src/libknot/util/tolower.c
src/libknot/util/tolower.h
src/libknot/util/utils.c
src/libknot/util/utils.h
src/utils/common/exec.c
src/utils/common/exec.h
src/utils/common/hex.c
src/utils/common/hex.h
src/utils/common/msg.c
src/utils/common/msg.h
src/utils/common/netio.c
......@@ -310,22 +277,23 @@ src/utils/common/params.c
src/utils/common/params.h
src/utils/common/resolv.c
src/utils/common/resolv.h
src/utils/common/strtonum.h
src/utils/common/token.c
src/utils/common/token.h
src/utils/dig/dig_exec.c
src/utils/dig/dig_exec.h
src/utils/dig/dig_main.c
src/utils/dig/dig_params.c
src/utils/dig/dig_params.h
src/utils/host/host_main.c
src/utils/host/host_params.c
src/utils/host/host_params.h
src/utils/nsec3hash/nsec3hash_main.c
src/utils/nsupdate/nsupdate_exec.c
src/utils/nsupdate/nsupdate_exec.h
src/utils/nsupdate/nsupdate_main.c
src/utils/nsupdate/nsupdate_params.c
src/utils/nsupdate/nsupdate_params.h
src/utils/kdig/kdig_exec.c
src/utils/kdig/kdig_exec.h
src/utils/kdig/kdig_main.c
src/utils/kdig/kdig_params.c
src/utils/kdig/kdig_params.h
src/utils/khost/khost_main.c
src/utils/khost/khost_params.c
src/utils/khost/khost_params.h
src/utils/knsec3hash/knsec3hash_main.c
src/utils/knsupdate/knsupdate_exec.c
src/utils/knsupdate/knsupdate_exec.h
src/utils/knsupdate/knsupdate_main.c
src/utils/knsupdate/knsupdate_params.c
src/utils/knsupdate/knsupdate_params.h
src/zscanner/Makefile.am
src/zscanner/error.c
src/zscanner/error.h
......@@ -349,6 +317,7 @@ tests/descriptor.c
tests/dname.c
tests/dthreads.c
tests/edns.c
tests/endian.c
tests/fake_server.h
tests/fdset.c
tests/hattrie.c
......@@ -369,6 +338,7 @@ tests/rrset.c
tests/rrset_wire.c
tests/sample_conf.h
tests/server.c
tests/utils.c
tests/wire.c
tests/worker_pool.c
tests/worker_queue.c
......
src
tests
src/common
src/knot
src/libknot
src/utils
src/zscanner
src
\ No newline at end of file
......@@ -7,9 +7,9 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \
CODE_COVERAGE_INFO = coverage.info
CODE_COVERAGE_HTML = coverage.html
CODE_COVERAGE_DIRS = \
src/common src/knot src/libknot \
src/knot/conf \
src/zscanner \
src/knot \
src/libknot \
src/zscanner
dnssec/lib dnssec/shared
code_coverage_quiet = --quiet
......
......@@ -85,8 +85,8 @@ NOTE: If you want to reduce zscanner compile time, use configure option --disabl
Running
=======
1) Each server needs configuration file. Please see samples/knot.sample.conf
for reference or samples/knot.full.conf for more examples.
1) Each server needs configuration file. Please see samples/knot.sample.conf,
project documentation, or man 5 knot.conf for more details.
Configuration file has to specify:
- storage for PID files, journal files etc.
- network interfaces
......@@ -111,4 +111,3 @@ $ knotd -c myserver.conf
For more information, refer to the user manual or:
$ knotc -h
$ knotd -h
......@@ -9,6 +9,7 @@ AC_CONFIG_HEADERS([src/config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_USE_SYSTEM_EXTENSIONS([_GNU_SOURCE])
AC_CANONICAL_HOST
AX_SET_VERSION_INFO
# Automatically update release date based on configure.ac date
case "$host_os" in
......@@ -38,7 +39,8 @@ AC_PROG_LIBTOOL
LT_INIT
# Use pkg-config
PKG_PROG_PKG_CONFIG
m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR], [AC_SUBST([pkgconfigdir], ['${libdir}/pkgconfig'])])
AC_CONFIG_FILES([libknot.pc])
AC_CACHE_CHECK([for reentrant lex], [ac_cv_path_LEX],
[AC_PATH_PROGS_FEATURE_CHECK([LEX], [$LEX flex gflex],
......@@ -102,16 +104,13 @@ PKG_CHECK_MODULES([jansson], [jansson >= 2.5])
# Debug modules
AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug=server,zones,xfr,packet,rr,ns,loader,dnssec],
AS_HELP_STRING([--enable-debug=server,zones,ns,loader,dnssec],
[compile selected debug modules [default=none]]),
[
echo ${enableval}|tr "," "\n"|while read val; do
case "${val}" in
server) AC_DEFINE([KNOTD_SERVER_DEBUG], [1], [Server debug.]) ;;
zones) AC_DEFINE([KNOT_ZONES_DEBUG], [1], [Zones debug.]) ;;
xfr) AC_DEFINE([KNOT_XFR_DEBUG], [1], [XFR debug.]) ;;
packet) AC_DEFINE([KNOT_PACKET_DEBUG], [1], [Packet debug.]) ;;
rr) AC_DEFINE([KNOT_RR_DEBUG], [1], [RR debug.]) ;;
ns) AC_DEFINE([KNOT_NS_DEBUG], [1], [Nameserver debug.]) ;;
loader) AC_DEFINE([KNOT_LOADER_DEBUG], [1], [Zone loading debug.]) ;;
dnssec) AC_DEFINE([KNOT_DNSSEC_DEBUG], [1], [DNSSEC debug.]) ;;
......@@ -272,7 +271,6 @@ AC_SEARCH_LIBS([pthread_create], [pthread], [], [AC_MSG_ERROR([pthreads not foun
AC_SEARCH_LIBS([dlopen], [dl])
AC_SEARCH_LIBS([clock_gettime], [rt])
AC_SEARCH_LIBS([capng_apply], [cap-ng])
AC_SEARCH_LIBS([adler32], [z])
# Checks for header files.
AC_HEADER_RESOLV
......@@ -285,7 +283,7 @@ AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
# Checks for library functions.
AC_CHECK_FUNCS([clock_gettime gettimeofday fgetln getline madvise malloc_trim poll posix_memalign pselect pthread_setaffinity_np regcomp select setgroups strlcat strlcpy initgroups])
AC_CHECK_FUNCS([clock_gettime gettimeofday fgetln getline madvise malloc_trim poll posix_memalign pthread_setaffinity_np regcomp select setgroups strlcat strlcpy initgroups])
# Check for be64toh function
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <endian.h>]], [[return be64toh(0);]])],
......@@ -299,15 +297,14 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread_np.h>]], [[cpuset_t set; CPU
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sched.h>]], [[cpuset_t* set = cpuset_create(); cpuset_destroy(set);]])],
[AC_DEFINE(HAVE_CPUSET_NETBSD, 1, [Define if cpuset_t and cpuset(3) exists.])])
# Use -fvisibility=hidden when linking.
# Let's leave it default now and use -export-symbols-regex in LDFLAGS
# Hide all exported symbols by default
gl_VISIBILITY()
CFLAGS="$CFLAGS $CFLAG_VISIBILITY"
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
# Add code coverage macro
AX_CODE_COVERAGE
AC_PATH_PROG([SPHINXBUILD], [sphinx-build], [false])
AC_PATH_PROGS([SPHINXBUILD], [sphinx-build sphinx-build-3], [false])
AS_IF([test "$SPHINXBUILD" = "false"],
[AC_MSG_WARN([Could not find the 'sphinx-build' executable, you will be unable to regenerate documentation.])],
[AC_PATH_PROG([PDFLATEX], [pdflatex], [false])
......@@ -345,6 +342,7 @@ AC_CONFIG_FILES([Makefile
man/knsec3hash.1
])
AC_OUTPUT
AC_MSG_RESULT([
......
......@@ -293,7 +293,6 @@ only and there are some limitations:
(even for verification only).
* There cannot be more than eight keys per zone. Keys which are not
published are not included in this number.
* Single-Type Signing Scheme is not supported.
Example how to generate NSEC3 capable zone signing key (ZSK) and key
signing key (KSK) for zone ``example.com``::
......@@ -325,8 +324,9 @@ The signing process consists of the following steps:
for any keys that are present in keydir, but missing in zone file.
* Removing expired signatures, invalid signatures, signatures expiring
in a short time, and signatures with unknown key.
* Creating any missing signatures. ``DNSKEY`` records are signed by
both ZSK and KSK keys, other records are signed only by ZSK keys.
* Creating missing signatures. Unless the Single-Type Signing Scheme
is used, ``DNSKEY`` records in a zone apex are signed by KSK keys and
all other records are signed by ZSK keys.
* SOA record is updated and resigned if any changes were performed.
The zone signing is performed when the zone is loaded into server, on
......
......@@ -33,7 +33,6 @@ Required libraries
Knot DNS requires few libraries to be compiled:
* OpenSSL, at least 1.0.0 (1.0.1 is required for ECDSA)
* zlib
* Userspace RCU, at least 0.5.4
* libcap-ng, at least 0.6.4 (optional library)
* lmdb (optional library)
......@@ -50,9 +49,9 @@ server restarts.
If the libsystemd library is available, the server will use systemd's startup
notifications mechanism and journald for logging.
You can probably find OpenSSL and zlib libraries already included in
your system or distribution. If not, zlib resides at http://zlib.net,
and OpenSSL can be found at http://www.openssl.org.
You can probably find OpenSSL library already included in
your system or distribution. If not, OpenSSL can be found at
http://www.openssl.org.
.. _Userspace RCU:
......@@ -116,7 +115,7 @@ resulting binaries.
If you want to add debug messages, there are two steps to do that.
First you have to enable modules you are interested in.
Available are: ``server, zones, xfr, packet, dname, rr, ns, hash, compiler``.
Available are: ``server, zones, ns, loader, dnssec``.
You can combine multiple modules as a comma-separated list.
Then you can narrow the verbosity of the debugging message by specifying the
verbosity as ``brief, verbose, details``.
......
......@@ -4,60 +4,28 @@
Running Knot DNS
****************
Knot DNS can run either in the foreground or in a background, with the ``-d``
option. When run in foreground, it doesn't create a PID file. Other than that,
there are no differences and you can control it just the same way.
::
Usage: knotd [parameters]
Parameters:
-c, --config <file> Select configuration file.
-d, --daemonize=[dir] Run server as a daemon. Working directory may
be set.
-V, --version Print version of the server.
-h, --help Print help and usage.
Use knotc tool for convenience when working with the server daemon.
As of Knot DNS 1.3.0, the zones are not compiled anymore. That makes working
with the server much more user friendly.
::
$ knotc -c knot.conf reload
The tool ``knotc`` is designed as a front-end for user, making it easier to control running server daemon.
If you want to control the daemon directly, use ``SIGINT`` to quit the process or ``SIGHUP`` to reload configuration.
::
Usage: knotc [parameters] <action> [action_args]
Parameters:
-c, --config <file> Select configuration file.
-s <server> Remote UNIX socket/IP address (default
${rundir}/knot.sock).
-p <port> Remote server port (only for IP).
-y <[hmac:]name:key> Use key specified on the command line
(default algorithm is hmac-md5).
-k <file> Use key file (as in config section 'keys').
-f, --force Force operation - override some checks.
-v, --verbose Verbose mode - additional runtime information.
-V, --version Print knot server version.
-h, --help Print help and usage.
Actions:
stop Stop server.
reload Reload configuration and changed zones.
refresh <zone> Refresh slave zone (all if not specified).
flush <zone> Flush journal and update zone files. (all if not specified)
status Check if server is running.
zonestatus Show status of configured zones.
checkconf Check current server configuration.
checkzone <zone> Check zone (all if not specified).
memstats <zone> Estimate memory consumption for zone (all if not
specified).
The Knot DNS server part ``knotd`` can run either in the foreground or in the background,
with the ``-d`` option. When run in the foreground, it doesn't create a PID file.
Other than that, there are no differences and you can control it just the same way.
The tool ``knotc`` is designed as a front-end for user, making it easier to control running
server daemon. If you want to control the daemon directly, use ``SIGINT`` to quit
the process or ``SIGHUP`` to reload configuration.
If you do not pass any configuration via ``-c`` option, it will try to
search configuration in default path that is ``SYSCONFDIR/knot.conf``. The ``SYSCONFDIR``
depends on what you passed to the ``./configure``, usually ``/etc``.
Example of server start as a daemon::
$ knotd -d -c knot.conf
Example of server stop::
$ knotc -c knot.conf stop
For a complete list of actions refer to ``knotd -h`` and ``knotc -h``
or corresponding man pages.
Also, the server needs to create several files in order to run properly. These
files are stored in the folowing directories.
......@@ -87,27 +55,10 @@ Running the server as a slave is very straightforward as you usually
bootstrap zones over AXFR and thus avoid any manual zone compilation.
In contrast to AXFR, when the incremental transfer finishes, it stores
the differences in a journal file and doesn't update the zone file
immediately. There is a timer that checks periodically for new
immediately. There is a timer that checks periodically for new
differences and updates the zone file. You can configure this timer
with the ``zonefile-sync`` statement in ``zones`` (:ref:`zones`).
There are two ways to start the server - in foreground or background.
First, let's start in foreground. If you do not pass any configuration, it will try to
search configuration in default path that is ``SYSCONFDIR/knot.conf``. The ``SYSCONFDIR``
depends on what you passed to the ``./configure``, usually ``/etc``.
::
$ knotd -c slave.conf
To start it as a daemon, just add a ``-d`` parameter. Unlike the foreground mode,
PID file will be created in ``rundir`` directory.
$ knotd -d -c slave.conf # start the daemon
$ knotc -c slave.conf stop # stop the daemon
When the server is running, you can control the daemon, see :ref:`Controlling running daemon`.
.. _Running a master server:
Running a master server
......@@ -119,44 +70,37 @@ can use ``knotc checkzone`` action::
$ knotc -c master.conf checkzone example.com
For an approximate estimate of server's memory consumption, you can
use the ``knotc memstats`` action. This action prints count of
use the ``knotc memstats`` action. This action prints count of
resource records, percentage of signed records and finally estimation
of memory consumption for each zone, unless specified
otherwise. Please note that estimated values might differ from the
of memory consumption for each zone, unless otherwise
specified. Please note that estimated values might differ from the
actual consumption. Also, for slave servers with incoming transfers
enabled, be aware that the actual memory consumption might be double
or more during transfers.
::
or more during transfers::
$ knotc -c master.conf memstats example.com
Starting and stopping the daemon is the same as with the slave server in the previous section.
.. _Controlling running daemon:
Controlling running daemon
==========================
Knot DNS was designed to allow server reconfiguration on-the-fly
without interrupting its operation. Thus it is possible to change
without interrupting its operation. Thus it is possible to change
both configuration and zone files and also add or remove zones without
restarting the server. This can be done with the ``knotc reload``
action.
::
restarting the server. This can be done with the ``knotc reload``
action::
$ knotc -c master.conf reload # reconfigure and load updated zones
$ knotc -c master.conf reload
If you want *IXFR-out* differences created from changes you make to a
zone file, enable :ref:`ixfr-from-differences` in ``zones`` statement,
then reload your server as seen above. If *SOA*'s *serial* is not
then reload your server as seen above. If *SOA*'s *serial* is not
changed no differences will be created.
If you want to force refresh the slave zones, you can do this with the
If you want to refresh the slave zones, you can do this with the
``knotc refresh`` action::
$ knotc -c slave.conf refresh
For a complete list of actions refer to ``knotc --help`` command
output.
For the zone retransfer, there is also additional command ``-f``.
prefix=@prefix@