diff options
| author | Daniel Salzman <daniel.salzman@nic.cz> | 2015-05-12 13:05:04 +0200 |
|---|---|---|
| committer | Daniel Salzman <daniel.salzman@nic.cz> | 2015-05-12 13:05:04 +0200 |
| commit | 1a6f7db4ba43b653f084dd223ec53a5d192d9311 (patch) | |
| tree | eb51d5ca719d2c7c83558459596ff43c973c4637 | |
| parent | mod-synthetic: rename zone to origin and address to network (diff) | |
| download | knot-1a6f7db4ba43b653f084dd223ec53a5d192d9311.tar.xz knot-1a6f7db4ba43b653f084dd223ec53a5d192d9311.zip | |
conf: rename server.dnssec-keydir to server.kasp-db
| -rw-r--r-- | doc/configuration.rst | 6 | ||||
| -rw-r--r-- | doc/man/knot.conf.5in | 8 | ||||
| -rw-r--r-- | doc/migration.rst | 14 | ||||
| -rw-r--r-- | doc/reference.rst | 12 | ||||
| -rw-r--r-- | src/knot/conf/scheme.c | 2 | ||||
| -rw-r--r-- | src/knot/conf/scheme.h | 2 | ||||
| -rw-r--r-- | src/knot/dnssec/zone-events.c | 10 | ||||
| -rw-r--r-- | src/utils/knot1to2/cf-parse.tab.c | 4 | ||||
| -rw-r--r-- | src/utils/knot1to2/cf-parse.y | 4 | ||||
| -rw-r--r-- | src/utils/knot1to2/scheme.h | 2 | ||||
| -rw-r--r-- | tests-extra/tools/dnstest/server.py | 2 |
11 files changed, 33 insertions, 33 deletions
diff --git a/doc/configuration.rst b/doc/configuration.rst index 062f6fe70..3b6f8cc8f 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -271,7 +271,7 @@ can operate in two modes: No zone operator intervention is necessary. The DNSSEC signing is controlled by the :ref:`template_dnssec-enable` and -:ref:`template_dnssec-keydir` configuration options. The first option states +:ref:`template_kasp_db` configuration options. The first option states if the signing is enabled for a particular zone, the second option points to a KASP database holding the signing configuration. @@ -287,7 +287,7 @@ default template, but the signing is explicitly disabled for zone template: - id: default dnssec-enable: on - dnssec-keydir: /var/lib/knot/kasp + kasp-db: /var/lib/knot/kasp zone: - domain: example.com @@ -356,7 +356,7 @@ The configuration fragment might look similar to:: template: - id: default storage: /var/lib/knot - dnssec-keydir: kasp + kasp-db: kasp zone: - domain: myzone.test diff --git a/doc/man/knot.conf.5in b/doc/man/knot.conf.5in index 91f24f65a..224138079 100644 --- a/doc/man/knot.conf.5in +++ b/doc/man/knot.conf.5in @@ -433,7 +433,7 @@ template: ixfr\-from\-differences: BOOL ixfr\-fslimit: SIZE dnssec\-enable: BOOL - dnssec\-keydir: STR + kasp\-db: STR signature\-lifetime: TIME serial\-policy: increment | unixtime module: STR/STR ... @@ -571,10 +571,10 @@ Default: unlimited If enabled, automatic DNSSEC signing for the zone is turned on. .sp Default: off -.SS dnssec\-keydir +.SS kasp_db .sp -A data directory for storing DNSSEC signing keys. Non absolute path is -relative to \fI\%storage\fP\&. +A KASP database path. Non absolute path is relative to +\fI\%storage\fP\&. .sp Default: \fI\%storage\fP/keys .SS signature\-lifetime diff --git a/doc/migration.rst b/doc/migration.rst index da0880575..47b6a04cf 100644 --- a/doc/migration.rst +++ b/doc/migration.rst @@ -23,21 +23,21 @@ generated by Bind. example.com``. Note: If dynamic updates (DDNS) are enabled for the given zone, you - might need to freeze the zone before flushing it. That can be done + might need to freeze the zone before flushing it. That can be done similarly: ``rndc freeze example.com`` 2. Copy the fresh zone file into the zones storage directory of Knot - DNS. It's default location is ``/var/lib/knot``. + DNS. It's default location is ``/var/lib/knot``. 3. We recommend to store DNSSEC keys for each zone in a separate - directory. For this purpose, create a directory - ``example.com.keys`` in zones storage directory. Then copy all + directory. For this purpose, create a directory + ``example.com.keys`` in zones storage directory. Then copy all DNSSEC keys (``*.key`` and ``*.private``) from Bind key directory (configured as ``key-directory``) into the newly created one. -4. Add the zone into the Knot DNS configuration file. Zone +4. Add the zone into the Knot DNS configuration file. Zone configuration should contain at least specification of the zone - file (option ``file``), key directory (option ``dnssec-keydir``), + file (option ``file``), key directory (option ``kasp-db``), and enable automatic DNSSEC signing (option ``dnssec-enable``). You can follow this example:: @@ -47,6 +47,6 @@ generated by Bind. file: "example.com.db" storage: "/var/lib/knot" dnssec-enable: on - dnssec-keydir: "example.com.keys" + kasp-db: "example.com.keys" 5. Start Knot DNS and check the log files to make sure that everything went right. diff --git a/doc/reference.rst b/doc/reference.rst index 87301bd73..bcc6b3eec 100644 --- a/doc/reference.rst +++ b/doc/reference.rst @@ -512,7 +512,7 @@ configuration if a zone doesn't have a teplate specified. ixfr-from-differences: BOOL ixfr-fslimit: SIZE dnssec-enable: BOOL - dnssec-keydir: STR + kasp-db: STR signature-lifetime: TIME serial-policy: increment | unixtime module: STR/STR ... @@ -677,13 +677,13 @@ If enabled, automatic DNSSEC signing for the zone is turned on. Default: off -.. _template_dnssec-keydir: +.. _template_kasp_db: -dnssec-keydir -------------- +kasp_db +------- -A data directory for storing DNSSEC signing keys. Non absolute path is -relative to :ref:`storage<template_storage>`. +A KASP database path. Non absolute path is relative to +:ref:`storage<template_storage>`. Default: :ref:`storage<template_storage>`/keys diff --git a/src/knot/conf/scheme.c b/src/knot/conf/scheme.c index 3cdf491ab..3287e9e9f 100644 --- a/src/knot/conf/scheme.c +++ b/src/knot/conf/scheme.c @@ -143,7 +143,7 @@ static const yp_item_t desc_remote[] = { { C_IXFR_DIFF, YP_TBOOL, YP_VNONE }, \ { C_IXFR_FSLIMIT, YP_TINT, YP_VINT = { 0, INT64_MAX, INT64_MAX, YP_SSIZE } }, \ { C_DNSSEC_ENABLE, YP_TBOOL, YP_VNONE }, \ - { C_DNSSEC_KEYDIR, YP_TSTR, YP_VSTR = { "keys" } }, \ + { C_KASP_DB, YP_TSTR, YP_VSTR = { "keys" } }, \ { C_SIG_LIFETIME, YP_TINT, YP_VINT = { 3 * 3600, INT32_MAX, 30 * 24 * 3600, YP_STIME } }, \ { C_SERIAL_POLICY, YP_TOPT, YP_VOPT = { serial_policies, SERIAL_POLICY_INCREMENT } }, \ { C_MODULE, YP_TDATA, YP_VDATA = { 0, NULL, mod_id_to_bin, mod_id_to_txt }, \ diff --git a/src/knot/conf/scheme.h b/src/knot/conf/scheme.h index 5c1550b15..939ba5b17 100644 --- a/src/knot/conf/scheme.h +++ b/src/knot/conf/scheme.h @@ -39,13 +39,13 @@ #define C_DISABLE_ANY "\x0B""disable-any" #define C_DOMAIN "\x06""domain" #define C_DNSSEC_ENABLE "\x0D""dnssec-enable" -#define C_DNSSEC_KEYDIR "\x0D""dnssec-keydir" #define C_FILE "\x04""file" #define C_IDENT "\x08""identity" #define C_ID "\x02""id" #define C_INCL "\x07""include" #define C_IXFR_DIFF "\x15""ixfr-from-differences" #define C_IXFR_FSLIMIT "\x0C""ixfr-fslimit" +#define C_KASP_DB "\x07""kasp-db" #define C_KEY "\x03""key" #define C_LOG "\x03""log" #define C_LISTEN "\x06""listen" diff --git a/src/knot/dnssec/zone-events.c b/src/knot/dnssec/zone-events.c index fc3aaf845..916ea378f 100644 --- a/src/knot/dnssec/zone-events.c +++ b/src/knot/dnssec/zone-events.c @@ -47,19 +47,19 @@ static int sign_init(const zone_contents_t *zone, int flags, kdnssec_ctx_t *ctx) conf_val_t val = conf_zone_get(conf(), C_STORAGE, zone_name); char *storage = conf_abs_path(&val, NULL); - val = conf_zone_get(conf(), C_DNSSEC_KEYDIR, zone_name); - char *keydir = conf_abs_path(&val, storage); + val = conf_zone_get(conf(), C_KASP_DB, zone_name); + char *kasp_db = conf_abs_path(&val, storage); free(storage); char *zone_name_str = knot_dname_to_str_alloc(zone_name); if (zone_name_str == NULL) { - free(keydir); + free(kasp_db); return KNOT_ENOMEM; } - int r = kdnssec_ctx_init(ctx, keydir, zone_name_str); + int r = kdnssec_ctx_init(ctx, kasp_db, zone_name_str); free(zone_name_str); - free(keydir); + free(kasp_db); if (r != KNOT_EOK) { return r; } diff --git a/src/utils/knot1to2/cf-parse.tab.c b/src/utils/knot1to2/cf-parse.tab.c index 11252fd7a..631096cc2 100644 --- a/src/utils/knot1to2/cf-parse.tab.c +++ b/src/utils/knot1to2/cf-parse.tab.c @@ -2521,7 +2521,7 @@ yyreduce: case 117: #line 667 "cf-parse.y" /* yacc.c:1646 */ - { f_quote(scanner, R_ZONE, C_DNSSEC_KEYDIR, (yyvsp[-1].tok).t); free((yyvsp[-1].tok).t); } + { f_quote(scanner, R_ZONE, C_KASP_DB, (yyvsp[-1].tok).t); free((yyvsp[-1].tok).t); } #line 2526 "cf-parse.tab.c" /* yacc.c:1646 */ break; @@ -2632,7 +2632,7 @@ yyreduce: case 139: #line 705 "cf-parse.y" /* yacc.c:1646 */ - { f_quote(scanner, R_ZONE_TPL, C_DNSSEC_KEYDIR, (yyvsp[-1].tok).t); free((yyvsp[-1].tok).t); } + { f_quote(scanner, R_ZONE_TPL, C_KASP_DB, (yyvsp[-1].tok).t); free((yyvsp[-1].tok).t); } #line 2637 "cf-parse.tab.c" /* yacc.c:1646 */ break; diff --git a/src/utils/knot1to2/cf-parse.y b/src/utils/knot1to2/cf-parse.y index 64e718e89..c3559a667 100644 --- a/src/utils/knot1to2/cf-parse.y +++ b/src/utils/knot1to2/cf-parse.y @@ -664,7 +664,7 @@ zone: | zone DBSYNC_TIMEOUT INTERVAL ';' { f_int(scanner, R_ZONE, C_ZONEFILE_SYNC, $3.i); } | zone STORAGE TEXT ';' { f_quote(scanner, R_ZONE, C_STORAGE, $3.t); free($3.t); } | zone DNSSEC_ENABLE BOOL ';' { f_bool(scanner, R_ZONE, C_DNSSEC_ENABLE, $3.i); } - | zone DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE, C_DNSSEC_KEYDIR, $3.t); free($3.t); } + | zone DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE, C_KASP_DB, $3.t); free($3.t); } | zone SIGNATURE_LIFETIME NUM ';' { f_int(scanner, R_ZONE, C_SIG_LIFETIME, $3.i); } | zone SIGNATURE_LIFETIME INTERVAL ';' { f_int(scanner, R_ZONE, C_SIG_LIFETIME, $3.i); } | zone SERIAL_POLICY SERIAL_POLICY_VAL ';' { f_str(scanner, R_ZONE, C_SERIAL_POLICY, $3.t); } @@ -702,7 +702,7 @@ zones: | zones DBSYNC_TIMEOUT INTERVAL ';' { f_int(scanner, R_ZONE_TPL, C_ZONEFILE_SYNC, $3.i); } | zones STORAGE TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_STORAGE, $3.t); free($3.t); } | zones DNSSEC_ENABLE BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_DNSSEC_ENABLE, $3.i); } - | zones DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_DNSSEC_KEYDIR, $3.t); free($3.t); } + | zones DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_KASP_DB, $3.t); free($3.t); } | zones SIGNATURE_LIFETIME NUM ';' { f_int(scanner, R_ZONE_TPL, C_SIG_LIFETIME, $3.i); } | zones SIGNATURE_LIFETIME INTERVAL ';' { f_int(scanner, R_ZONE_TPL, C_SIG_LIFETIME, $3.i); } | zones SERIAL_POLICY SERIAL_POLICY_VAL ';' { f_str(scanner, R_ZONE_TPL, C_SERIAL_POLICY, $3.t); } diff --git a/src/utils/knot1to2/scheme.h b/src/utils/knot1to2/scheme.h index 6849dfbbe..6bd0a34ca 100644 --- a/src/utils/knot1to2/scheme.h +++ b/src/utils/knot1to2/scheme.h @@ -61,13 +61,13 @@ typedef enum { #define C_DISABLE_ANY "\x0B""disable-any" #define C_DOMAIN "\x06""domain" #define C_DNSSEC_ENABLE "\x0D""dnssec-enable" -#define C_DNSSEC_KEYDIR "\x0D""dnssec-keydir" #define C_FILE "\x04""file" #define C_IDENT "\x08""identity" #define C_ID "\x02""id" #define C_INCL "\x07""include" #define C_IXFR_DIFF "\x15""ixfr-from-differences" #define C_IXFR_FSLIMIT "\x0C""ixfr-fslimit" +#define C_KASP_DB "\x07""kasp-db" #define C_KEY "\x03""key" #define C_LOG "\x03""log" #define C_LISTEN "\x06""listen" diff --git a/tests-extra/tools/dnstest/server.py b/tests-extra/tools/dnstest/server.py index f154220a4..6ac250da3 100644 --- a/tests-extra/tools/dnstest/server.py +++ b/tests-extra/tools/dnstest/server.py @@ -921,7 +921,7 @@ class Knot(Server): if self.disable_any: s.item_str("disable-any", "on") if self.dnssec_enable: - s.item_str("dnssec-keydir", self.keydir) + s.item_str("kasp-db", self.keydir) s.item_str("dnssec-enable", "on") if len(self.modules) > 0: modules = "" |