doc: Add example for generating a secret key with knot DNS.

* doc/guix.texi (DNS Services): Add an example and more context to the includes field of the knot-configuration record.
2019-07-23 21:15:43 +02:00 · 2019-07-23 21:15:43 +02:00 · c42db89ff9
parent 4d3a2b5ac7
commit c42db89ff9
1 changed files with 15 additions and 0 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -20598,6 +20598,21 @@ thus not visible in @file{/gnu/store}---e.g., you could store secret
 key configuration in @file{/etc/knot/secrets.conf} and add this file
 to the @code{includes} list.

+One can generate a secret tsig key (for nsupdate and zone transfers with the
+keymgr command from the knot package.  Note that the package is not automatically
+installed by the service.  The following example shows how to generate a new
+tsig key:
+
+@example
+keymgr -t mysecret > /etc/knot/secrets.conf
+chmod 600 /etc/knot/secrets.conf
+@end example
+
+Also note that the generated key will be named @var{mysecret}, so it is the
+name that needs to be used in the @var{key} field of the
+@code{knot-acl-configuration} record and in other places that need to refer
+to that key.
+
 It can also be used to add configuration not supported by this interface.

@item @code{listen-v4} (default: @code{"0.0.0.0"})