summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi15
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 107c16b8db..8c5fa5f741 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20598,6 +20598,21 @@ thus not visible in @file{/gnu/store}---e.g., you could store secret
 key configuration in @file{/etc/knot/secrets.conf} and add this file
 to the @code{includes} list.
 
+One can generate a secret tsig key (for nsupdate and zone transfers with the
+keymgr command from the knot package.  Note that the package is not automatically
+installed by the service.  The following example shows how to generate a new
+tsig key:
+
+@example
+keymgr -t mysecret > /etc/knot/secrets.conf
+chmod 600 /etc/knot/secrets.conf
+@end example
+
+Also note that the generated key will be named @var{mysecret}, so it is the
+name that needs to be used in the @var{key} field of the
+@code{knot-acl-configuration} record and in other places that need to refer
+to that key.
+
 It can also be used to add configuration not supported by this interface.
 
 @item @code{listen-v4} (default: @code{"0.0.0.0"})