summary refs log tree commit diff
diff options
context:
space:
mode:
authorJulien Lepiller <julien@lepiller.eu>2019-07-23 21:15:43 +0200
committerJulien Lepiller <julien@lepiller.eu>2019-07-23 21:17:04 +0200
commitc42db89ff992037841e7937059db952571af86fa (patch)
tree6968a8eb578005ee770b0b4ab605f5a02d889cf7
parent4d3a2b5ac7e6b7c8b896869ceadea8317b38c746 (diff)
downloadguix-c42db89ff992037841e7937059db952571af86fa.tar.gz
doc: Add example for generating a secret key with knot DNS.
* doc/guix.texi (DNS Services): Add an example and more context to the
includes field of the knot-configuration record.
-rw-r--r--doc/guix.texi15
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 107c16b8db..8c5fa5f741 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20598,6 +20598,21 @@ thus not visible in @file{/gnu/store}---e.g., you could store secret
 key configuration in @file{/etc/knot/secrets.conf} and add this file
 to the @code{includes} list.
 
+One can generate a secret tsig key (for nsupdate and zone transfers with the
+keymgr command from the knot package.  Note that the package is not automatically
+installed by the service.  The following example shows how to generate a new
+tsig key:
+
+@example
+keymgr -t mysecret > /etc/knot/secrets.conf
+chmod 600 /etc/knot/secrets.conf
+@end example
+
+Also note that the generated key will be named @var{mysecret}, so it is the
+name that needs to be used in the @var{key} field of the
+@code{knot-acl-configuration} record and in other places that need to refer
+to that key.
+
 It can also be used to add configuration not supported by this interface.
 
 @item @code{listen-v4} (default: @code{"0.0.0.0"})