[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: doc: Add example for generating a secret key with knot DNS.
From: |
guix-commits |
Subject: |
01/01: doc: Add example for generating a secret key with knot DNS. |
Date: |
Tue, 23 Jul 2019 15:18:04 -0400 (EDT) |
roptat pushed a commit to branch master
in repository guix.
commit c42db89ff992037841e7937059db952571af86fa
Author: Julien Lepiller <address@hidden>
Date: Tue Jul 23 21:15:43 2019 +0200
doc: Add example for generating a secret key with knot DNS.
* doc/guix.texi (DNS Services): Add an example and more context to the
includes field of the knot-configuration record.
---
doc/guix.texi | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 107c16b..8c5fa5f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20598,6 +20598,21 @@ thus not visible in @file{/gnu/store}---e.g., you
could store secret
key configuration in @file{/etc/knot/secrets.conf} and add this file
to the @code{includes} list.
+One can generate a secret tsig key (for nsupdate and zone transfers with the
+keymgr command from the knot package. Note that the package is not
automatically
+installed by the service. The following example shows how to generate a new
+tsig key:
+
+@example
+keymgr -t mysecret > /etc/knot/secrets.conf
+chmod 600 /etc/knot/secrets.conf
+@end example
+
+Also note that the generated key will be named @var{mysecret}, so it is the
+name that needs to be used in the @var{key} field of the
+@code{knot-acl-configuration} record and in other places that need to refer
+to that key.
+
It can also be used to add configuration not supported by this interface.
@item @code{listen-v4} (default: @code{"0.0.0.0"})