From 10da91d4dcb3baf1b040864bf60cd89d82a80e8f Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 26 Sep 2012 09:31:51 -0500 Subject: [PATCH] [2189] various minor changes minor grammar or wording changes use mdash xml entity instead of unicode character fix typo for Trac fix example out of the configuration name use xref tag instead of link tag (so reference is not lost in non-hyperlink document) keyring to key ring fix punctuation (mistake in original) minor grammar (mistake also in original) --- doc/guide/bind10-guide.xml | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml index fcb55fe826..4b2061f2f3 100644 --- a/doc/guide/bind10-guide.xml +++ b/doc/guide/bind10-guide.xml @@ -1332,14 +1332,14 @@ TODO Each key has three attributes. One is a name by which it is referred both in DNS packets and the rest of the configuration. Another is the - algorithm used to compute the signature. And the last part is base64 - encoded secret, which might be any blob of data. + algorithm used to compute the signature. And the last part is a + base64 encoded secret, which might be any blob of data. The parts are written into a string, concatenated together by colons. - So if you wanted to have a key called "example.key", used as HMAC-MD5 - key with secret "secret", you'd write it as: + So if you wanted to have a key called "example.key", used as a + HMAC-MD5 key with secret "secret", you'd write it as: "example.key.:c2VjcmV0:hmac-md5" @@ -1370,25 +1370,25 @@ TODO Key ring The key ring lives in the configuration in "tsig_keys/keys". Most of - the system uses the keys from there ‒ ACLs, authoritative server to - sign responses to signed queries, the b10-xfrout + the system uses the keys from there — ACLs, authoritative server to + sign responses to signed queries, and b10-xfrout to sign transfers. The b10-xfrin uses its own - configuration for keys, but that will be fixed in track ticket + configuration for keys, but that will be fixed in Trac ticket #1351. The key ring is just a list of strings, each describing one key. So, to add a new key, you can do this: - > config add tsig_keyring/keys "example.key.:c2VjcmV0" -> config show tsig_keyring/keys + > config add tsig_keys/keys "example.key.:c2VjcmV0" +> config show tsig_keys/keys tsig_keys/keys[0] "example.key.:c2VjcmV0" string (modified) > config commit - You can keep as many keys as you want in the key ring, but they must - have a different name each. + You can keep as many keys as you want in the key ring, but each must + have a different name. @@ -1458,8 +1458,9 @@ AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ] The other is TSIG key by which the message was signed. The ACL contains only the name (under the name "key"), the key itself - must be stored in the global key ring. This - property is applicable only to the DNS context. + must be stored in the global key ring (see ). + This property is applicable only to the DNS context. @@ -2233,7 +2234,7 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default) If you want to require TSIG in access control, a system wide TSIG - key ring must be configured. + key ring must be configured (see ). In this example, we allow client matching both the IP address and key. @@ -2243,7 +2244,7 @@ Xfrout/transfer_acl[0] {"action": "ACCEPT"} any (default) > config commit Both b10-xfrout and b10-auth - will use the system wide keyring to check + will use the system wide key ring to check TSIGs in the incoming messages and to sign responses. @@ -2453,11 +2454,12 @@ what is XfroutClient xfr_client?? > config commit The TSIG key must be configured system wide - (see .) + (see ). - Full description of ACLs can be found in . + The full description of ACLs can be found in .