diff options
author | Julien Lepiller <julien@lepiller.eu> | 2019-07-23 21:15:43 +0200 |
---|---|---|
committer | Julien Lepiller <julien@lepiller.eu> | 2019-07-23 21:17:04 +0200 |
commit | c42db89ff992037841e7937059db952571af86fa (patch) | |
tree | 6968a8eb578005ee770b0b4ab605f5a02d889cf7 | |
parent | 4d3a2b5ac7e6b7c8b896869ceadea8317b38c746 (diff) | |
download | guix-c42db89ff992037841e7937059db952571af86fa.tar.gz |
doc: Add example for generating a secret key with knot DNS.
* doc/guix.texi (DNS Services): Add an example and more context to the includes field of the knot-configuration record.
-rw-r--r-- | doc/guix.texi | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 107c16b8db..8c5fa5f741 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20598,6 +20598,21 @@ thus not visible in @file{/gnu/store}---e.g., you could store secret key configuration in @file{/etc/knot/secrets.conf} and add this file to the @code{includes} list. +One can generate a secret tsig key (for nsupdate and zone transfers with the +keymgr command from the knot package. Note that the package is not automatically +installed by the service. The following example shows how to generate a new +tsig key: + +@example +keymgr -t mysecret > /etc/knot/secrets.conf +chmod 600 /etc/knot/secrets.conf +@end example + +Also note that the generated key will be named @var{mysecret}, so it is the +name that needs to be used in the @var{key} field of the +@code{knot-acl-configuration} record and in other places that need to refer +to that key. + It can also be used to add configuration not supported by this interface. @item @code{listen-v4} (default: @code{"0.0.0.0"}) |