Commit 4fea1ab5 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[1643] Documentation

parent 719a5941
......@@ -1629,31 +1629,23 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default)</screen>
If you want to require TSIG in access control, a separate TSIG
"key ring" must be configured specifically
for <command>b10-xfrout</command> as well as a system wide
key ring, both containing a consistent set of keys.
If you want to require TSIG in access control, a system wide TSIG
"key ring" must be configured.
For example, to change the previous example to allowing requests
from signed by a TSIG with a key name of
"key.example", you'll need to do this:
<screen>&gt; <userinput>config set tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
&gt; <userinput>config set Xfrout/tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
&gt; <userinput>config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "", "key": "key.example"}]</userinput>
&gt; <userinput>config commit</userinput></screen>
The first line of configuration defines a system wide key ring.
This is necessary because the <command>b10-auth</command> server
also checks TSIGs and it uses the system wide configuration.
<param>Both Xfrout and Auth will use the system wide keyring to check
TSIGs in the incomming messages and to sign responses.</param>
In a future version, <command>b10-xfrout</command> will also
use the system wide TSIG configuration.
The way to specify zone specific configuration (ACLs, etc) is
likely to be changed, too.
likely to be changed.
......@@ -97,13 +97,6 @@
defines the maximum number of outgoing zone transfers
that can run concurrently. The default is 10.
A list of TSIG keys (each of which is in the form of
used for access control on transfer requests.
The default is an empty list.
A list of ACL elements that apply to all transfer requests by
......@@ -160,13 +153,6 @@
tsig_key_ring list of
tsig_key string
<!-- TODO: formating -->
The configuration commands are:
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment