Commit 7c1a1f5e authored by Jan Včelák's avatar Jan Včelák 🚀

Merge branch 'knotc_cleanup' into 'master'

parents 3bc04de8 943dfada
......@@ -77,7 +77,9 @@ src/contrib/sockaddr.c
src/contrib/sockaddr.h
src/contrib/string.c
src/contrib/string.h
src/contrib/time.h
src/contrib/tolower.h
src/contrib/trim.h
src/contrib/ucw/array-sort.h
src/contrib/ucw/binsearch.h
src/contrib/ucw/heap.c
......@@ -237,10 +239,10 @@ src/knot/common/fdset.c
src/knot/common/fdset.h
src/knot/common/log.c
src/knot/common/log.h
src/knot/common/process.c
src/knot/common/process.h
src/knot/common/ref.c
src/knot/common/ref.h
src/knot/common/time.h
src/knot/common/trim.h
src/knot/conf/base.c
src/knot/conf/base.h
src/knot/conf/conf.c
......@@ -253,11 +255,8 @@ src/knot/conf/scheme.c
src/knot/conf/scheme.h
src/knot/conf/tools.c
src/knot/conf/tools.h
src/knot/ctl/estimator.c
src/knot/ctl/estimator.h
src/knot/ctl/knotc_main.c
src/knot/ctl/process.c
src/knot/ctl/process.h
src/knot/ctl/commands.c
src/knot/ctl/commands.h
src/knot/ctl/remote.c
src/knot/ctl/remote.h
src/knot/dnssec/context.c
......@@ -492,6 +491,13 @@ src/utils/knot1to2/includes.c
src/utils/knot1to2/includes.h
src/utils/knot1to2/main.c
src/utils/knot1to2/scheme.h
src/utils/knotc/commands.c
src/utils/knotc/commands.h
src/utils/knotc/estimator.c
src/utils/knotc/estimator.h
src/utils/knotc/main.c
src/utils/knotc/remote.c
src/utils/knotc/remote.h
src/utils/knsupdate/knsupdate_exec.c
src/utils/knsupdate/knsupdate_exec.h
src/utils/knsupdate/knsupdate_main.c
......
......@@ -351,7 +351,7 @@ acl:
\- id: STR
address: ADDR[/INT] | ADDR\-ADDR ...
key: key_id ...
action: transfer | notify | update | control ...
action: notify | transfer | update ...
deny: BOOL
.ft P
.fi
......@@ -385,8 +385,6 @@ Possible values:
\fBnotify\fP – Allow incoming notify
.IP \(bu 2
\fBupdate\fP – Allow zone updates
.IP \(bu 2
\fBcontrol\fP – Allow remote control
.UNINDENT
.sp
\fIDefault:\fP not set
......@@ -398,38 +396,23 @@ Deny if \fI\%address\fP, \fI\%key\fP and
\fIDefault:\fP off
.SH CONTROL SECTION
.sp
Configuration of the server remote control.
.sp
\fICaution:\fP The control protocol is not encrypted and is susceptible to replay
attacks in a short timeframe until message digest expires. For that reason,
it is recommended to use default UNIX socket.
Configuration of the server control interface.
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
control:
listen: ADDR[@INT]
acl: acl_id ...
listen: STR
.ft P
.fi
.UNINDENT
.UNINDENT
.SS listen
.sp
A UNIX socket path or IP address where the server listens for remote control
commands. Optional port specification (default is 5533) can be appended to the
address using \fB@\fP separator.
A UNIX socket path where the server listens for remote control commands.
.sp
\fIDefault:\fP \fI\%rundir\fP/knot.sock
.SS acl
.sp
An ordered list of \fI\%references\fP to ACL rules allowing the remote
control.
.sp
\fICaution:\fP This option has no effect with UNIX socket.
.sp
\fIDefault:\fP not set
.SH REMOTE SECTION
.sp
Definitions of remote servers for outgoing connections (source of a zone
......
......@@ -38,167 +38,131 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.INDENT 0.0
.TP
\fB\-c\fP, \fB\-\-config\fP \fIfile\fP
Use a textual configuration file (default is \fB@conf_dir@/knot.conf\fP).
Use a textual configuration file (default is \fB@config_dir@/knot.conf\fP).
.TP
\fB\-C\fP, \fB\-\-confdb\fP \fIdirectory\fP
Use a binary configuration database.
Use a binary configuration database directory (default is \fB@storage_dir@/confdb\fP).
The default configuration database, if exists, has a preference to the default
configuration file.
.TP
\fB\-s\fP, \fB\-\-server\fP \fIserver\fP
Remote UNIX socket/IP address (default is \fB@run_dir@/knot.sock\fP).
.TP
\fB\-p\fP, \fB\-\-port\fP \fIport\fP
Remote server port (only for IP).
.TP
\fB\-y\fP, \fB\-\-key\fP [\fIalg\fP:]\fIname\fP:\fIkey\fP
Use the TSIG key specified on the command line (default algorithm is hmac\-md5).
.TP
\fB\-k\fP, \fB\-\-keyfile\fP \fIfile\fP
Use the TSIG key stored in a file \fIfile\fP to authenticate the request. The
file must contain the key in the same format, which is accepted by the
\fB\-y\fP option.
\fB\-s\fP, \fB\-\-socket\fP \fIpath\fP
Use a remote control UNIX socket path (default is \fB@run_dir@/knot.sock\fP).
.TP
\fB\-f\fP, \fB\-\-force\fP
Force operation. Overrides some checks.
Forced operation. Overrides some checks.
.TP
\fB\-v\fP, \fB\-\-verbose\fP
Verbose mode. Print additional runtime information.
Enable debug output.
.TP
\fB\-h\fP, \fB\-\-help\fP
Print the program help.
.TP
\fB\-V\fP, \fB\-\-version\fP
Print the program version.
.TP
\fB\-h\fP, \fB\-\-help\fP
Print help and usage.
.UNINDENT
.SS Actions
.sp
If the optional \fIzone\fP argument is not specified, the command is applied to all
zones.
Configuration \fIitem\fP is in the \fIsection\fP[\fB[\fP\fIid\fP\fB]\fP][\fB\&.\fP\fIitem\fP]
format.
.INDENT 0.0
.TP
\fBstatus\fP
Check if the server is running.
.TP
\fBstop\fP
Stop server (no\-op if not running).
Stop the server if running.
.TP
\fBreload\fP [\fIzone\fP\&...]
Reload particular zones or reload the whole configuration and changed zones.
\fBreload\fP
Reload the server configuration.
.TP
\fBflush\fP [\fIzone\fP\&...]
Flush journal and update zone files.
\fBzone\-check\fP [\fIzone\fP\&...]
Check the zone. (*)
.TP
\fBstatus\fP
Check if server is running.
\fBzone\-memstats\fP [\fIzone\fP\&...]
Estimate memory use for the zone. (*)
.TP
\fBzone\-status\fP [\fIzone\fP\&...]
Show the status of the zone. (*)
.TP
\fBzone\-reload\fP [\fIzone\fP\&...]
Trigger a zone reload.
.TP
\fBzonestatus\fP [\fIzone\fP\&...]
Show the status of listed zones.
\fBzone\-refresh\fP [\fIzone\fP\&...]
Trigger a zone refresh (if slave).
.TP
\fBrefresh\fP [\fIzone\fP\&...]
Refresh slave zones. The \fB\-f\fP flag forces re\-transfer (zones must be specified).
\fBzone\-retransfer\fP [\fIzone\fP\&...]
Trigger a zone retransfer (if slave).
.TP
\fBcheckconf\fP
Check the current configuration.
\fBzone\-flush\fP [\fIzone\fP\&...]
Trigger a zone journal flush into the zone file.
.TP
\fBcheckzone\fP [\fIzone\fP\&...]
Check zones.
\fBzone\-sign\fP [\fIzone\fP\&...]
Trigger a zone resign (if enabled).
.TP
\fBmemstats\fP [\fIzone\fP\&...]
Estimate memory consumption for zones.
\fBconf\-init\fP
Initialize the configuration database. (*)
.TP
\fBsignzone\fP \fIzone\fP\&...
Re\-sign the zone (drop all existing signatures and create new ones).
\fBconf\-check\fP
Check the server configuration. (*)
.TP
\fBconf\-import\fP \fIfilename\fP
Offline import of the configuration DB from a file. This is a
potentially dangerous operation so the \fB\-f\fP flag is required. Also the
destination configuration DB must be specified via \fB\-C\fP\&. Ensure the server
is not running!
Import a configuration file into the configuration database. Ensure the
server is not using the configuration database! (*)
.TP
\fBconf\-export\fP \fIfilename\fP
Export the configuration DB to a file. If no source configuration DB is
specified, the temporary DB, corresponding to textual configuration file, is
used.
Export the configuration database into a config file. (*)
.TP
\fBconf\-desc\fP [\fIsection\fP]
Get the configuration section items list. If no section is specified,
the list of sections is returned.
\fBconf\-list\fP [\fIitem\fP]
List the configuration database sections or section items.
.TP
\fBconf\-read\fP [\fIitem\fP]
Read from the current configuration DB.
Read the item from the active configuration database.
.TP
\fBconf\-begin\fP
Begin a writing configuration DB transaction. Only one transaction can be
opened at a time.
Begin a writing configuration database transaction. Only one transaction
can be opened at a time.
.TP
\fBconf\-commit\fP
Commit the current writing configuration DB transaction.
Commit the configuration database transaction.
.TP
\fBconf\-abort\fP
Abort the current writing configuration DB transaction.
Rollback the configuration database transaction.
.TP
\fBconf\-diff\fP [\fIitem\fP]
Get the difference between the active writing transaction and the current
configuration DB. Requires active writing configuration DB transaction.
Get the item difference in the transaction.
.TP
\fBconf\-get\fP [\fIitem\fP]
Read from the active writing configuration DB transaction.
Requires active writing configuration DB transaction.
Get the item data from the transaction.
.TP
\fBconf\-set\fP \fIitem\fP [\fIdata\fP\&...]
Write to the active writing configuration DB transaction.
Requires active writing configuration DB transaction.
Set the item data in the transaction.
.TP
\fBconf\-unset\fP [\fIitem\fP] [\fIdata\fP\&...]
Delete from the active writing configuration DB transaction.
Requires active writing configuration DB transaction.
Unset the item data in the transaction.
.UNINDENT
.SH EXAMPLES
.SS Setup a key file for remote control
.INDENT 0.0
.INDENT 3.5
.SH NOTE
.sp
.nf
.ft C
$ keymgr tsig generate knotc\-key > knotc\-key.conf
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
The generated key file contains a key in the server configuration format and
thus can be directly included into the server configuration file.
.sp
Knot DNS utilities accept one\-line format which is included in the generated
key file on the first line as a comment. It can be extracted easily:
.INDENT 0.0
.INDENT 3.5
Empty \fIzone\fP parameter means all zones.
.sp
.nf
.ft C
$ head \-1 knotc\-key.conf | sed \(aqs/^#\es*//\(aq > knotc.key
.ft P
.fi
.UNINDENT
.UNINDENT
Type \fIitem\fP parameter in the form of \fIsection\fP[\fB[\fP\fIid\fP\fB]\fP][\fB\&.\fP\fIname\fP].
.sp
Make sure the key file can be read only by the owner for security reasons.
.SS Reload server remotely
(*) indicates a local operation which requires a configuration.
.SH EXAMPLES
.SS Reload the whole server configuration
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knotc \-s 127.0.0.1 \-k knotc.key reload
$ knotc reload
.ft P
.fi
.UNINDENT
.UNINDENT
.SS Flush all zones locally
.SS Flush the example.com and example.org zones
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knotc \-c knot.conf flush
$ knotc zone\-flush example.com example.org
.ft P
.fi
.UNINDENT
......@@ -236,15 +200,15 @@ $ knotc conf\-read zone[example.com].master
.fi
.UNINDENT
.UNINDENT
.SS Add example.eu zone with a zonefile location
.SS Add example.org zone with a zonefile location
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knotc conf\-begin
$ knotc conf\-set zone[example.eu]
$ knotc conf\-set zone[example.eu].file "/var/zones/example.eu.zone"
$ knotc conf\-set zone[example.org]
$ knotc conf\-set zone[example.org].file "/var/zones/example.org.zone"
$ knotc conf\-commit
.ft P
.fi
......
......@@ -41,7 +41,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
Use a textual configuration file (default is \fB@config_dir@/knot.conf\fP).
.TP
\fB\-C\fP, \fB\-\-confdb\fP \fIdirectory\fP
Use a binary configuration database directory.
Use a binary configuration database directory (default is \fB@storage_dir@/confdb\fP).
The default configuration database, if exists, has a preference to the default
configuration file.
.TP
\fB\-d\fP, \fB\-\-daemonize\fP [\fIdirectory\fP]
Run the server as a daemon. New root directory may be specified
......
......@@ -15,152 +15,132 @@ Parameters
..........
**-c**, **--config** *file*
Use a textual configuration file (default is :file:`@conf_dir@/knot.conf`).
Use a textual configuration file (default is :file:`@config_dir@/knot.conf`).
**-C**, **--confdb** *directory*
Use a binary configuration database.
Use a binary configuration database directory (default is :file:`@storage_dir@/confdb`).
The default configuration database, if exists, has a preference to the default
configuration file.
**-s**, **--server** *server*
Remote UNIX socket/IP address (default is :file:`@run_dir@/knot.sock`).
**-p**, **--port** *port*
Remote server port (only for IP).
**-y**, **--key** [*alg*:]\ *name*:*key*
Use the TSIG key specified on the command line (default algorithm is hmac-md5).
**-k**, **--keyfile** *file*
Use the TSIG key stored in a file *file* to authenticate the request. The
file must contain the key in the same format, which is accepted by the
**-y** option.
**-s**, **--socket** *path*
Use a remote control UNIX socket path (default is :file:`@run_dir@/knot.sock`).
**-f**, **--force**
Force operation. Overrides some checks.
Forced operation. Overrides some checks.
**-v**, **--verbose**
Verbose mode. Print additional runtime information.
Enable debug output.
**-h**, **--help**
Print the program help.
**-V**, **--version**
Print the program version.
**-h**, **--help**
Print help and usage.
Actions
.......
If the optional *zone* argument is not specified, the command is applied to all
zones.
Configuration *item* is in the *section*\ [**[**\ *id*\ **]**\ ][**.**\ *item*]
format.
**status**
Check if the server is running.
**stop**
Stop server (no-op if not running).
Stop the server if running.
**reload** [*zone*...]
Reload particular zones or reload the whole configuration and changed zones.
**reload**
Reload the server configuration.
**flush** [*zone*...]
Flush journal and update zone files.
**status**
Check if server is running.
**zone-check** [*zone*...]
Check the zone. (*)
**zone-memstats** [*zone*...]
Estimate memory use for the zone. (*)
**zone-status** [*zone*...]
Show the status of the zone. (*)
**zonestatus** [*zone*...]
Show the status of listed zones.
**zone-reload** [*zone*...]
Trigger a zone reload.
**refresh** [*zone*...]
Refresh slave zones. The **-f** flag forces re-transfer (zones must be specified).
**zone-refresh** [*zone*...]
Trigger a zone refresh (if slave).
**checkconf**
Check the current configuration.
**zone-retransfer** [*zone*...]
Trigger a zone retransfer (if slave).
**checkzone** [*zone*...]
Check zones.
**zone-flush** [*zone*...]
Trigger a zone journal flush into the zone file.
**memstats** [*zone*...]
Estimate memory consumption for zones.
**zone-sign** [*zone*...]
Trigger a zone resign (if enabled).
**signzone** *zone*...
Re-sign the zone (drop all existing signatures and create new ones).
**conf-init**
Initialize the configuration database. (*)
**conf-check**
Check the server configuration. (*)
**conf-import** *filename*
Offline import of the configuration DB from a file. This is a
potentially dangerous operation so the **-f** flag is required. Also the
destination configuration DB must be specified via **-C**. Ensure the server
is not running!
Import a configuration file into the configuration database. Ensure the
server is not using the configuration database! (*)
**conf-export** *filename*
Export the configuration DB to a file. If no source configuration DB is
specified, the temporary DB, corresponding to textual configuration file, is
used.
Export the configuration database into a config file. (*)
**conf-desc** [*section*]
Get the configuration section items list. If no section is specified,
the list of sections is returned.
**conf-list** [*item*]
List the configuration database sections or section items.
**conf-read** [*item*]
Read from the current configuration DB.
Read the item from the active configuration database.
**conf-begin**
Begin a writing configuration DB transaction. Only one transaction can be
opened at a time.
Begin a writing configuration database transaction. Only one transaction
can be opened at a time.
**conf-commit**
Commit the current writing configuration DB transaction.
Commit the configuration database transaction.
**conf-abort**
Abort the current writing configuration DB transaction.
Rollback the configuration database transaction.
**conf-diff** [*item*]
Get the difference between the active writing transaction and the current
configuration DB. Requires active writing configuration DB transaction.
Get the item difference in the transaction.
**conf-get** [*item*]
Read from the active writing configuration DB transaction.
Requires active writing configuration DB transaction.
Get the item data from the transaction.
**conf-set** *item* [*data*...]
Write to the active writing configuration DB transaction.
Requires active writing configuration DB transaction.
Set the item data in the transaction.
**conf-unset** [*item*] [*data*...]
Delete from the active writing configuration DB transaction.
Requires active writing configuration DB transaction.
Examples
--------
Unset the item data in the transaction.
Setup a key file for remote control
...................................
Note
----
::
$ keymgr tsig generate knotc-key > knotc-key.conf
The generated key file contains a key in the server configuration format and
thus can be directly included into the server configuration file.
Empty *zone* parameter means all zones.
Knot DNS utilities accept one-line format which is included in the generated
key file on the first line as a comment. It can be extracted easily::
Type *item* parameter in the form of *section*\ [**[**\ *id*\ **]**\ ][**.**\ *name*].
$ head -1 knotc-key.conf | sed 's/^#\s*//' > knotc.key
(*) indicates a local operation which requires a configuration.
Make sure the key file can be read only by the owner for security reasons.
Examples
--------
Reload server remotely
......................
Reload the whole server configuration
.....................................
::
$ knotc -s 127.0.0.1 -k knotc.key reload
$ knotc reload
Flush all zones locally
.......................
Flush the example.com and example.org zones
...........................................
::
$ knotc -c knot.conf flush
$ knotc zone-flush example.com example.org
Get the current server configuration
....................................
......@@ -183,14 +163,14 @@ Get the master remotes for the example.com zone
$ knotc conf-read zone[example.com].master
Add example.eu zone with a zonefile location
............................................
Add example.org zone with a zonefile location
.............................................
::
$ knotc conf-begin
$ knotc conf-set zone[example.eu]
$ knotc conf-set zone[example.eu].file "/var/zones/example.eu.zone"
$ knotc conf-set zone[example.org]
$ knotc conf-set zone[example.org].file "/var/zones/example.org.zone"
$ knotc conf-commit
See Also
......
......@@ -18,7 +18,9 @@ Parameters
Use a textual configuration file (default is :file:`@config_dir@/knot.conf`).
**-C**, **--confdb** *directory*
Use a binary configuration database directory.
Use a binary configuration database directory (default is :file:`@storage_dir@/confdb`).
The default configuration database, if exists, has a preference to the default
configuration file.
**-d**, **--daemonize** [*directory*]
Run the server as a daemon. New root directory may be specified
......
......@@ -11,12 +11,14 @@ Other than that, there are no differences and you can control both the same way.
The tool ``knotc`` is designed as a user front-end, making it easier to control running
server daemon. If you want to control the daemon directly, use ``SIGINT`` to quit
the process or ``SIGHUP`` to reload configuration.
the process or ``SIGHUP`` to reload the configuration.
If you pass neither configuration file (``-c`` parameter) nor configuration
database (``-C`` parameter), server will attempt to use the default configuration
file stored in ``SYSCONFDIR/knot/knot.conf`` (the path can be reconfigured with
``--with-configdir=path``).
database (``-C`` parameter), the server will first attempt to use the default
configuration database stored in ``/var/lib/knot/confdb`` or the
default configuration file stored in ``/etc/knot/knot.conf``. Both the
default paths can be reconfigured with ``--with-storage=path`` or
``--with-configdir=path`` respectively.
Example of server start as a daemon::
......@@ -26,8 +28,8 @@ Example of server shutdown::
$ knotc -c knot.conf stop
For a complete list of actions refer to ``knotd -h`` and ``knotc -h``
or corresponding man pages.
For a complete list of actions refer to the program help (``-h`` parameter)
or to the corresponding manual page.
Also, the server needs to create :ref:`server_rundir` and :ref:`zone_storage`
directories in order to run properly.
......@@ -37,14 +39,18 @@ directories in order to run properly.
Configuration database
======================
In the case of a huge configuration file, the configuration can be preloaded
into the server's configuration database::
In the case of a huge configuration file, the configuration can be stored
in a binary database. Such a database can be simply initialized::
$ knotc -C db_path conf-import input.conf
$ knotc conf-init
Also the configuration database can be exported into a configuration file::
or preloaded from a file::
$ knotc -C db_path conf-export output.conf
$ knotc conf-import input.conf
Also the configuration database can be exported into a textual file::
$ knotc conf-export output.conf
*Caution:* The import and export commands access the configuration database
directly, without any interaction with the server. So it is strictly
......@@ -55,25 +61,22 @@ recommended to perform these operations when the server is not running.
Dynamic configuration
=====================
The configuration database can be accessed using the server remote control
The configuration database can be accessed using the server control interface
during the running server. To get the full power of the dynamic configuration,
the server must be started with a specified configuration database location::
$ knotd -C db_path
the server must be started with a specified configuration database location
or with the default database initialized. Otherwise all the changes to the
configuration will be temporary (until the server stop).
*Note:* The database can be :ref:`imported<Configuration database>` in advance.
Otherwise all the changes to the configuration are temporary (until the server
stop).
Most of the commands get item name and value parameters. An item is in the form
of ``section[identifier].item``. If the item is multivalued, more values
can be specified with a space separation.
Most of the commands get an item name and value parameters. The item name is
in the form of ``section[identifier].name``. If the item is multivalued,
more values can be specified as individual (command line) arguments.
To get the list of configuration sections or to get the list of section items::
$ knotc conf-desc
$ knotc conf-desc server
$ knotc conf-list
$ knotc conf-list server
To get the whole configuration or to get the whole configuration section or
to get all section identifiers or to get a specific configuration item::
......@@ -102,8 +105,8 @@ section identifier or to add a value to all identified sections::
$ knotc conf-set zone[example.com]
$ knotc conf-set zone.slave slave2
*Note:* Also the include operation can be performed (the file location is
relative to the server binary!)::
*Note:* Also the include operation can be performed. A non-absolute file
location is relative to the server binary path, not to the control binary path!::
$ knotc conf-set include /tmp/new_zones.conf
......@@ -155,21 +158,20 @@ immediately but after the :ref:`zone_zonefile-sync` period elapses.
Master mode
===========
If you just want to check the zone files before starting, you
can use the ``knotc checkzone`` action::
If you just want to check the zone files before starting, you can use::
$ knotc -c master.conf checkzone example.com
$ knotc zone-check example.com
For an approximate estimation of server's memory consumption, you can
use the ``knotc memstats`` action. This action prints the count of
resource records, percentage of signed records and finally estimation
of memory consumption for each zone, unless specified otherwise.
Please note that the estimated values may differ from the
For an approximate estimation of server's memory consumption, you can use::
$ knotc zone-memstats example.com
This action prints the count of resource records, percentage of signed
records and finally estimation of memory consumption for each zone, unless
specified otherwise. Please note that the estimated values may differ from the
actual consumption. Also, for slave servers with incoming transfers
enabled, be aware that the actual memory consumption might be double
or higher during transfers::
$ knotc -c master.conf memstats example.com
or higher during transfers.
.. _Controlling running daemon:
......@@ -179,19 +181,15 @@ Daemon controls
Knot DNS was designed to allow server reconfiguration on-the-fly
without interrupting its operation. Thus it is possible to change
both configuration and zone files and also add or remove zones without
restarting the server. This can be done with the ``knotc reload``
action::
restarting the server. This can be done with::
$ knotc -c master.conf reload
$ knotc reload
If you want to enable ixfr differences creation from changes you make to a
zone file, enable :ref:`zone_ixfr-from-differences` in the zone configuration
and reload your server as seen above. If *SOA*'s *serial* is not changed,
no differences will be created.
If you want to refresh the slave zones, you can do this with the
``knotc refresh`` action::
$ knotc -c slave.conf refresh
If you want to refresh the slave zones, you can do this with::