From 830e118d6b68e23c81191f21f034d352f026afac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 1 Jul 2022 14:59:21 +0200 Subject: [PATCH] Rename key_id to server_key The old name was used in the ARM and rndc manual page but was inconsistent with doc/misc grammar. (cherry picked from commit c972fad7b011e24046565872ca599c19029eb71f) --- bin/rndc/rndc.rst | 12 ++++++------ doc/arm/reference.rst | 18 +++++++++--------- doc/man/rndc.8in | 12 ++++++------ 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst index 6c2377a1ab..6717e242d1 100644 --- a/bin/rndc/rndc.rst +++ b/bin/rndc/rndc.rst @@ -21,7 +21,7 @@ rndc - name server control utility Synopsis ~~~~~~~~ -:program:`rndc` [**-b** source-address] [**-c** config-file] [**-k** key-file] [**-s** server] [**-p** port] [**-q**] [**-r**] [**-V**] [**-y** key_id] [[**-4**] | [**-6**]] {command} +:program:`rndc` [**-b** source-address] [**-c** config-file] [**-k** key-file] [**-s** server] [**-p** port] [**-q**] [**-r**] [**-V**] [**-y** server_key] [[**-4**] | [**-6**]] {command} Description ~~~~~~~~~~~ @@ -38,7 +38,7 @@ algorithms are HMAC-MD5 (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 (default), HMAC-SHA384, and HMAC-SHA512. They use a shared secret on each end of the connection, which provides TSIG-style authentication for the command request and the name server's response. -All commands sent over the channel must be signed by a key_id known to +All commands sent over the channel must be signed by a server_key known to the server. :program:`rndc` reads a configuration file to determine how to contact the name @@ -101,10 +101,10 @@ Options This option enables verbose logging. -.. option:: -y key_id +.. option:: -y server_key - This option indicates use of the key ``key_id`` from the configuration file. For control message validation to succeed, ``key_id`` must be known - by :iscman:`named` with the same algorithm and secret string. If no ``key_id`` is specified, + This option indicates use of the key ``server_key`` from the configuration file. For control message validation to succeed, ``server_key`` must be known + by :iscman:`named` with the same algorithm and secret string. If no ``server_key`` is specified, :program:`rndc` first looks for a key clause in the server statement of the server being used, or if no server statement is present for that host, then in the default-key clause of the options statement. Note that @@ -650,7 +650,7 @@ would specify a zone called "-redirect".) Limitations ~~~~~~~~~~~ -There is currently no way to provide the shared secret for a ``key_id`` +There is currently no way to provide the shared secret for a ``server_key`` without using the configuration file. Several error messages could be clearer. diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index d4e908d5e2..be2896f98a 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -206,7 +206,7 @@ Syntax address_match_list = address_match_list_element ; ... address_match_list_element = [ ! ] ( ip_address | netprefix | - key key_id | acl_name | { address_match_list } ) + key server_key | acl_name | { address_match_list } ) Definition and Usage ^^^^^^^^^^^^^^^^^^^^ @@ -279,10 +279,10 @@ file documentation: The name of an :term:`address_match_list` as defined by the :any:`acl` statement. ``address_match_list`` - A list of one or more :term:`ip_address`, :term:`netprefix`, ``key_id``, or :term:`acl_name` elements; see :ref:`address_match_lists`. + A list of one or more :term:`ip_address`, :term:`netprefix`, ``server_key``, or :term:`acl_name` elements; see :ref:`address_match_lists`. ``remote-servers`` - A named list of one or more :term:`ip_address` s with optional ``tls_id``, ``key_id``, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block. + A named list of one or more :term:`ip_address` s with optional ``tls_id``, ``server_key``, and/or :term:`port`. A ``remote-servers`` list may include other ``remote-servers`` lists. See :any:`primaries` block. ``domain_name`` A quoted string which is used as a DNS name; for example: ``my.test.domain``. @@ -308,7 +308,7 @@ file documentation: An IP network specified as an :term:`ip_address`, followed by a slash (``/``) and then the number of bits in the netmask. Trailing zeros in an:term:`ip_address` may be omitted. For example, ``127/8`` is the network ``127.0.0.0`` with netmask ``255.0.0.0`` and ``1.2.3.0/28`` is network ``1.2.3.0`` with netmask ``255.255.255.240``. When specifying a prefix involving an IPv6-scoped address, the scope may be omitted. In that case, the prefix matches packets from any scope. - ``key_id`` + ``server_key`` A :term:`domain_name` representing the name of a shared key, to be used for :ref:`transaction security `. Keys are defined using :namedconf:ref:`key` blocks. @@ -482,12 +482,12 @@ and retrieve non-DNS results from a name server. ``allow`` Connections to the control channel are permitted based on the :term:`address_match_list`. This is for simple IP - address-based filtering only; any ``key_id`` elements of the + address-based filtering only; any ``server_key`` elements of the :term:`address_match_list` are ignored. :any:`keys` The primary authorization mechanism of the command channel is the - list of :term:`key_id` s. Each listed + list of :term:`server_key` s. Each listed :namedconf:ref:`key` is authorized to execute commands over the control channel. See :ref:`admin_tools` for information about configuring keys in :iscman:`rndc`. @@ -531,7 +531,7 @@ statements can be used in all views. Keys intended for use in a :any:`controls` statement (see :ref:`controls_statement_definition_and_usage`) must be defined at the top level. -The ``key_id``, also known as the key name, is a domain name that uniquely +The ``server_key``, also known as the key name, is a domain name that uniquely identifies the key. It can be used in a ``server`` statement to cause requests sent to that server to be signed with this key, or in address match lists to verify that incoming requests have been signed with a key @@ -4539,7 +4539,7 @@ Content Filtering :term:`address_match_list` of the :any:`deny-answer-addresses` option. In the :term:`address_match_list` of the :any:`deny-answer-addresses` option, - only :term:`ip_address` and :term:`netprefix` are meaningful; any ``key_id`` is + only :term:`ip_address` and :term:`netprefix` are meaningful; any ``server_key`` is silently ignored. @@ -5293,7 +5293,7 @@ any top-level ``server`` statements are used as defaults. to fundamentally incompatible concepts. In the context of a :namedconf:ref:`server` block, the option identifies a - :term:`key_id` defined by the :namedconf:ref:`key` statement, to be used for + :term:`server_key` defined by the :namedconf:ref:`key` statement, to be used for transaction security (see :ref:`tsig`) when talking to the remote server. When a request is sent to the remote server, a request signature is generated using the key specified diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in index ea01a0eba2..4023b82ee2 100644 --- a/doc/man/rndc.8in +++ b/doc/man/rndc.8in @@ -32,7 +32,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] rndc \- name server control utility .SH SYNOPSIS .sp -\fBrndc\fP [\fB\-b\fP source\-address] [\fB\-c\fP config\-file] [\fB\-k\fP key\-file] [\fB\-s\fP server] [\fB\-p\fP port] [\fB\-q\fP] [\fB\-r\fP] [\fB\-V\fP] [\fB\-y\fP key_id] [[\fB\-4\fP] | [\fB\-6\fP]] {command} +\fBrndc\fP [\fB\-b\fP source\-address] [\fB\-c\fP config\-file] [\fB\-k\fP key\-file] [\fB\-s\fP server] [\fB\-p\fP port] [\fB\-q\fP] [\fB\-r\fP] [\fB\-V\fP] [\fB\-y\fP server_key] [[\fB\-4\fP] | [\fB\-6\fP]] {command} .SH DESCRIPTION .sp \fBrndc\fP controls the operation of a name server. If \fBrndc\fP is @@ -47,7 +47,7 @@ algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512. They use a shared secret on each end of the connection, which provides TSIG\-style authentication for the command request and the name server\(aqs response. -All commands sent over the channel must be signed by a key_id known to +All commands sent over the channel must be signed by a server_key known to the server. .sp \fBrndc\fP reads a configuration file to determine how to contact the name @@ -119,9 +119,9 @@ This option enables verbose logging. .UNINDENT .INDENT 0.0 .TP -.B \-y key_id -This option indicates use of the key \fBkey_id\fP from the configuration file. For control message validation to succeed, \fBkey_id\fP must be known -by \fI\%named\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified, +.B \-y server_key +This option indicates use of the key \fBserver_key\fP from the configuration file. For control message validation to succeed, \fBserver_key\fP must be known +by \fI\%named\fP with the same algorithm and secret string. If no \fBserver_key\fP is specified, \fBrndc\fP first looks for a key clause in the server statement of the server being used, or if no server statement is present for that host, then in the default\-key clause of the options statement. Note that @@ -706,7 +706,7 @@ zone. To specify a redirect zone, use the special zone name would specify a zone called "\-redirect".) .SH LIMITATIONS .sp -There is currently no way to provide the shared secret for a \fBkey_id\fP +There is currently no way to provide the shared secret for a \fBserver_key\fP without using the configuration file. .sp Several error messages could be clearer.