From c42db89ff992037841e7937059db952571af86fa Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Tue, 23 Jul 2019 21:15:43 +0200 Subject: doc: Add example for generating a secret key with knot DNS. * doc/guix.texi (DNS Services): Add an example and more context to the includes field of the knot-configuration record. --- doc/guix.texi | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 107c16b8db..8c5fa5f741 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20598,6 +20598,21 @@ thus not visible in @file{/gnu/store}---e.g., you could store secret key configuration in @file{/etc/knot/secrets.conf} and add this file to the @code{includes} list. +One can generate a secret tsig key (for nsupdate and zone transfers with the +keymgr command from the knot package. Note that the package is not automatically +installed by the service. The following example shows how to generate a new +tsig key: + +@example +keymgr -t mysecret > /etc/knot/secrets.conf +chmod 600 /etc/knot/secrets.conf +@end example + +Also note that the generated key will be named @var{mysecret}, so it is the +name that needs to be used in the @var{key} field of the +@code{knot-acl-configuration} record and in other places that need to refer +to that key. + It can also be used to add configuration not supported by this interface. @item @code{listen-v4} (default: @code{"0.0.0.0"}) -- cgit v1.2.3