Rename key_id to server_key
The old name was used in the ARM and rndc manual page but was
inconsistent with doc/misc grammar.
(cherry picked from commit c972fad7b0)
This commit is contained in:
Petr Špaček
@@ -21,7 +21,7 @@ rndc - name server control utility
|
||||
Synopsis
|
||||
~~~~~~~~
|
||||
|
||||
:program:`rndc` [**-b** source-address] [**-c** config-file] [**-k** key-file] [**-s** server] [**-p** port] [**-q**] [**-r**] [**-V**] [**-y** key_id] [[**-4**] | [**-6**]] {command}
|
||||
:program:`rndc` [**-b** source-address] [**-c** config-file] [**-k** key-file] [**-s** server] [**-p** port] [**-q**] [**-r**] [**-V**] [**-y** server_key] [[**-4**] | [**-6**]] {command}
|
||||
|
||||
Description
|
||||
~~~~~~~~~~~
|
||||
@@ -38,7 +38,7 @@ algorithms are HMAC-MD5 (for compatibility), HMAC-SHA1, HMAC-SHA224,
|
||||
HMAC-SHA256 (default), HMAC-SHA384, and HMAC-SHA512. They use a shared
|
||||
secret on each end of the connection, which provides TSIG-style
|
||||
authentication for the command request and the name server's response.
|
||||
All commands sent over the channel must be signed by a key_id known to
|
||||
All commands sent over the channel must be signed by a server_key known to
|
||||
the server.
|
||||
|
||||
:program:`rndc` reads a configuration file to determine how to contact the name
|
||||
@@ -101,10 +101,10 @@ Options
|
||||
|
||||
This option enables verbose logging.
|
||||
|
||||
.. option:: -y key_id
|
||||
.. option:: -y server_key
|
||||
|
||||
This option indicates use of the key ``key_id`` from the configuration file. For control message validation to succeed, ``key_id`` must be known
|
||||
by :iscman:`named` with the same algorithm and secret string. If no ``key_id`` is specified,
|
||||
This option indicates use of the key ``server_key`` from the configuration file. For control message validation to succeed, ``server_key`` must be known
|
||||
by :iscman:`named` with the same algorithm and secret string. If no ``server_key`` is specified,
|
||||
:program:`rndc` first looks for a key clause in the server statement of
|
||||
the server being used, or if no server statement is present for that
|
||||
host, then in the default-key clause of the options statement. Note that
|
||||
@@ -650,7 +650,7 @@ would specify a zone called "-redirect".)
|
||||
Limitations
|
||||
~~~~~~~~~~~
|
||||
|
||||
There is currently no way to provide the shared secret for a ``key_id``
|
||||
There is currently no way to provide the shared secret for a ``server_key``
|
||||
without using the configuration file.
|
||||
|
||||
Several error messages could be clearer.
|
||||
|
||||
@@ -206,7 +206,7 @@ Syntax
|
||||
address_match_list = address_match_list_element ; ...
|
||||
|
||||
address_match_list_element = [ ! ] ( ip_address | netprefix |
|
||||
key key_id | acl_name | { address_match_list } )
|
||||
key server_key | acl_name | { address_match_list } )
|
||||
|
||||
Definition and Usage
|
||||
^^^^^^^^^^^^^^^^^^^^
|
||||
@@ -279,10 +279,10 @@ file documentation:
|
||||
The name of an :term:`address_match_list` as defined by the :any:`acl` statement.
|
||||
|
||||
``address_match_list``
|
||||
A list of one or more :term:`ip_address`, :term:`netprefix`, ``key_id``, or :term:`acl_name` elements; see :ref:`address_match_lists`.
|
||||
A list of one or more :term:`ip_address`, :term:`netprefix`, ``server_key``, or :term:`acl_name` elements; see :ref:`address_match_lists`.
|
||||
|
||||
``remote-servers``
|
||||
A named list of one or more :term:`ip_address` s with optional ``tls_id``, ``key_id``, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block.
|
||||
A named list of one or more :term:`ip_address` s with optional ``tls_id``, ``server_key``, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block.
|
||||
|
||||
``domain_name``
|
||||
A quoted string which is used as a DNS name; for example: ``my.test.domain``.
|
||||
@@ -308,7 +308,7 @@ file documentation:
|
||||
An IP network specified as an :term:`ip_address`, followed by a slash (``/``) and then the number of bits in the netmask. Trailing zeros in an:term:`ip_address` may be omitted. For example, ``127/8`` is the network ``127.0.0.0`` with netmask ``255.0.0.0`` and ``1.2.3.0/28`` is network ``1.2.3.0`` with netmask ``255.255.255.240``.
|
||||
When specifying a prefix involving an IPv6-scoped address, the scope may be omitted. In that case, the prefix matches packets from any scope.
|
||||
|
||||
``key_id``
|
||||
``server_key``
|
||||
A :term:`domain_name` representing the name of a shared key, to be used for
|
||||
:ref:`transaction security <tsig>`. Keys are defined using
|
||||
:namedconf:ref:`key` blocks.
|
||||
@@ -482,12 +482,12 @@ and retrieve non-DNS results from a name server.
|
||||
``allow``
|
||||
Connections to the control channel
|
||||
are permitted based on the :term:`address_match_list`. This is for simple IP
|
||||
address-based filtering only; any ``key_id`` elements of the
|
||||
address-based filtering only; any ``server_key`` elements of the
|
||||
:term:`address_match_list` are ignored.
|
||||
|
||||
:any:`keys`
|
||||
The primary authorization mechanism of the command channel is the
|
||||
list of :term:`key_id` s. Each listed
|
||||
list of :term:`server_key` s. Each listed
|
||||
:namedconf:ref:`key` is authorized to execute commands over the control
|
||||
channel. See :ref:`admin_tools` for information about
|
||||
configuring keys in :iscman:`rndc`.
|
||||
@@ -531,7 +531,7 @@ statements can be used in all views. Keys intended for use in a
|
||||
:any:`controls` statement (see :ref:`controls_statement_definition_and_usage`)
|
||||
must be defined at the top level.
|
||||
|
||||
The ``key_id``, also known as the key name, is a domain name that uniquely
|
||||
The ``server_key``, also known as the key name, is a domain name that uniquely
|
||||
identifies the key. It can be used in a ``server`` statement to cause
|
||||
requests sent to that server to be signed with this key, or in address
|
||||
match lists to verify that incoming requests have been signed with a key
|
||||
@@ -4539,7 +4539,7 @@ Content Filtering
|
||||
:term:`address_match_list` of the :any:`deny-answer-addresses` option.
|
||||
|
||||
In the :term:`address_match_list` of the :any:`deny-answer-addresses` option,
|
||||
only :term:`ip_address` and :term:`netprefix` are meaningful; any ``key_id`` is
|
||||
only :term:`ip_address` and :term:`netprefix` are meaningful; any ``server_key`` is
|
||||
silently ignored.
|
||||
|
||||
|
||||
@@ -5293,7 +5293,7 @@ any top-level ``server`` statements are used as defaults.
|
||||
to fundamentally incompatible concepts.
|
||||
|
||||
In the context of a :namedconf:ref:`server` block, the option identifies a
|
||||
:term:`key_id` defined by the :namedconf:ref:`key` statement, to be used for
|
||||
:term:`server_key` defined by the :namedconf:ref:`key` statement, to be used for
|
||||
transaction security (see :ref:`tsig`)
|
||||
when talking to the remote server. When a request is sent to the remote
|
||||
server, a request signature is generated using the key specified
|
||||
|
||||
@@ -32,7 +32,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||||
rndc \- name server control utility
|
||||
.SH SYNOPSIS
|
||||
.sp
|
||||
\fBrndc\fP [\fB\-b\fP source\-address] [\fB\-c\fP config\-file] [\fB\-k\fP key\-file] [\fB\-s\fP server] [\fB\-p\fP port] [\fB\-q\fP] [\fB\-r\fP] [\fB\-V\fP] [\fB\-y\fP key_id] [[\fB\-4\fP] | [\fB\-6\fP]] {command}
|
||||
\fBrndc\fP [\fB\-b\fP source\-address] [\fB\-c\fP config\-file] [\fB\-k\fP key\-file] [\fB\-s\fP server] [\fB\-p\fP port] [\fB\-q\fP] [\fB\-r\fP] [\fB\-V\fP] [\fB\-y\fP server_key] [[\fB\-4\fP] | [\fB\-6\fP]] {command}
|
||||
.SH DESCRIPTION
|
||||
.sp
|
||||
\fBrndc\fP controls the operation of a name server. If \fBrndc\fP is
|
||||
@@ -47,7 +47,7 @@ algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224,
|
||||
HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512. They use a shared
|
||||
secret on each end of the connection, which provides TSIG\-style
|
||||
authentication for the command request and the name server\(aqs response.
|
||||
All commands sent over the channel must be signed by a key_id known to
|
||||
All commands sent over the channel must be signed by a server_key known to
|
||||
the server.
|
||||
.sp
|
||||
\fBrndc\fP reads a configuration file to determine how to contact the name
|
||||
@@ -119,9 +119,9 @@ This option enables verbose logging.
|
||||
.UNINDENT
|
||||
.INDENT 0.0
|
||||
.TP
|
||||
.B \-y key_id
|
||||
This option indicates use of the key \fBkey_id\fP from the configuration file. For control message validation to succeed, \fBkey_id\fP must be known
|
||||
by \fI\%named\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified,
|
||||
.B \-y server_key
|
||||
This option indicates use of the key \fBserver_key\fP from the configuration file. For control message validation to succeed, \fBserver_key\fP must be known
|
||||
by \fI\%named\fP with the same algorithm and secret string. If no \fBserver_key\fP is specified,
|
||||
\fBrndc\fP first looks for a key clause in the server statement of
|
||||
the server being used, or if no server statement is present for that
|
||||
host, then in the default\-key clause of the options statement. Note that
|
||||
@@ -706,7 +706,7 @@ zone. To specify a redirect zone, use the special zone name
|
||||
would specify a zone called "\-redirect".)
|
||||
.SH LIMITATIONS
|
||||
.sp
|
||||
There is currently no way to provide the shared secret for a \fBkey_id\fP
|
||||
There is currently no way to provide the shared secret for a \fBserver_key\fP
|
||||
without using the configuration file.
|
||||
.sp
|
||||
Several error messages could be clearer.
|
||||
|
||||
Reference in New Issue
Block a user