diff options
| author | Libor Peltan <libor.peltan@nic.cz> | 2024-02-08 18:22:32 +0100 |
|---|---|---|
| committer | Daniel Salzman <daniel.salzman@nic.cz> | 2024-05-07 07:52:29 +0200 |
| commit | fdad47e267c17f2840f8b5d38b1ffcf0ba7d3ae7 (patch) | |
| tree | e7e81444ac794fe2c10ce156156bef56b2472f84 /doc | |
| parent | libknot/quic: code moved (diff) | |
| download | knot-fdad47e267c17f2840f8b5d38b1ffcf0ba7d3ae7.tar.xz knot-fdad47e267c17f2840f8b5d38b1ffcf0ba7d3ae7.zip | |
implemented DoT for queries and XFR
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/reference.rst | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/reference.rst b/doc/reference.rst index 39eb52d67..d4fc1ca93 100644 --- a/doc/reference.rst +++ b/doc/reference.rst @@ -217,6 +217,7 @@ General options related to the server. dbus-init-delay: TIME listen: ADDR[@INT] | STR ... listen-quic: ADDR[@INT] ... + listen-tls: ADDR[@INT] ... .. CAUTION:: When you change configuration parameters dynamically or via configuration file @@ -705,6 +706,22 @@ Change of this parameter requires restart of the Knot server to take effect. *Default:* not set +.. _server_listen-tls: + +listen-tls +---------- + +One or more IP addresses (and optionally ports) where the server listens +for incoming queries over TLS protocol (DoT). + +Change of this parameter requires restart of the Knot server to take effect. + +.. NOTE:: + Incoming :ref:`DDNS<dynamic updates>` over TLS isn't supported. + The server always responds with SERVFAIL. + +*Default:* not set + .. _xdp section: ``xdp`` section @@ -1429,6 +1446,7 @@ transfer, target for a notification, etc.). address: ADDR[@INT] | STR ... via: ADDR[@INT] ... quic: BOOL + tls: BOOL key: key_id cert-key: BASE64 ... block-notify-after-transfer: BOOL @@ -1510,6 +1528,16 @@ with this remote. *Default:* ``off`` +.. _remote_tls: + +tls +--- + +If this option is set, the TLS (DoT) protocol will be used for outgoing communication +with this remote. + +*Default:* ``off`` + .. _remote_key: key |