Configuring KNOT

1. Log into your AUTH1 machine (10.192.X.1) and :

    # cd /etc/knot/

    Now edit the file knot.conf, and make the following changes:

	Now let's add your TLD zone.  Insert the following lines,
	replacing the appropriate values for your own and slave zones:

- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - 

remote:
  - id: slave
    address: 10.192.Y.1@53

  - id: master
    address: 10.192.Y.1@53

acl:
  - id: acl_slave
    address: 10.192.Y.1
    action: transfer

  - id: acl_master
    address: 10.192.Y.1
    action: notify

template:
  - id: default
    storage: "/var/lib/knot"

zone:
    # Master zone.
  - domain: mytld
    file: "/etc/bind/master/mytld"
    notify: slave
    acl: acl_slave

    # Slave zone.
  - domain: othertld
    master: master
    acl: acl_master

  
- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - 

        10.192.Y.1 is the master server for OTHERTLD and typically
	your slave.  It is assumed you have completed the BIND
	exercize and hence the zonefile is in /etc/bind/master/MYTLD

	Note: Knot likes lower case names in the conf file so
	make sure to replace MYTLD with your tld in lower case.
	Same for the TLD you are slave for OTHERTLD.

	- Save the file, exit

	Increment the SOA serial in /etc/bind/master/MYTLD so
	that we can see chages on the slave.

	For more info, "man knot.conf"

2. Start KNOT !

    If BIND is running, disable starting it

    # update-rc.d bind9 disable

    and stop it.

    # service bind9 stop

    If NSD is running, disable starting it

    # echo "manual" > /etc/init/nsd.override

    and stop it.

    # service nsd stop
    
    Make sure KNOT is not disabled by removing:

    # rm /etc/init/knot.override
    
    Next start KNOT.
    
    # service knot start

    and check that knot is running with

    # tail /var/log/syslog
    # ps ax | grep knot

    Errors can be checked with:

    # knotc conf-check
    # knotc zone-check
    
    Correct and errors and restart knot. (hint: "knotd" will run in forground)

    # service knot restart

3. Test that your new server is answering:

    # dig @127.0.0.1 MYTLD SOA

4. Controlling KNOT

   To cause the KNOT daemon to reload the zone and config:

   # knotc reload

   To stop the KNOT program:

   # knotc stop

   To check if it is running:

   # ps ax | grep knot
   OR
   # knotc zone-status

5. Verify that your slave has picked up a new copy of the zone:

   # dig @10.192.Y.1 SOA MYTLD

   and on the class resolver...
   
   # dig @10.192.0.230 SOA MYTLD

   Do the SOA serial numbers match?

6. [OPTIONAL] Test Knot's response rate limiting capabilities by modifying 
   knot.conf with the following:

- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
mod-rrl:
  - id: defaultr
    rate-limit: 2
    slip: 0

template:
  - id: default
    storage: "/var/lib/knot"
    global-module: mod-rrl/defaultr

- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
   
   then executing:

   # knotc reload

   From another terminal window you can then test rate limiting by 
   executing multiple queries using something like:

   # cnt=1; while [ $cnt -lt 100 ]; do echo -n "$cnt "; \
   dig +short @10.192.X.1 www.othertld.; cnt=$(( $cnt + 1 )); done

   What do you see?  "tail -f /var/log/syslog" in another terminal window
   may be helpful.

7. Return to using BIND for the rest of the class labs.

   # service knot stop
   # echo "manual" > /etc/init/knot.override
   # update-rc.d bind9 enable
   # service bind9 start