Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[3432] Miscellaneous modifications to DHCP-DDNS documentation made during review

Stephen Morris 11 years ago
parent
a5f18aac17
commit
16bd0ab7a3
1 changed files with 30 additions and 27 deletions
Split View Show Diff Stats
  1. 30 27
      doc/guide/bind10-guide.xml

+ 30 - 27
doc/guide/bind10-guide.xml
View File 

@@ -5302,29 +5302,32 @@ corresponding values in the DHCP servers' "dhcp-ddns" configuration section.
 
       <section id="d2-tsig-key-list-config">
 
         <title>TSIG Key List</title>
 
         <para>
 
-        DDNS protocol can be conducted with or without TSIG as defined in
 
-        RFC 2845. This configuration section allows the administrator to
 
-        define the dictionary of TSIG keys which may be used.  To use TSIG
 
-        when working with a specific DDNS Domain that key must be defined in
 
-        the TSIG Key List and referenced by name in that domain's configuration
 
-        entry.
 
-
 
-        When the domain D2 has matched to a change request has a TSIG key
 
-        associated with it, D2 will use that key to sign DNS update messages
 
-        sent to and verify repsonses received from DNS server(s). For each TSIG
 
-        key required by the DNS servers that D2 will be working with there must
 
-        be a corresponding TSIG key in the TSIG Key list.
 
-        </para>
 
+        A DDNS protocol exchange can be conducted with or without TSIG
 
+        (defined in <ulink url="http://tools.ietf/org/html/rfc2845">RFC
 
+        2845</ulink>). This configuration section allows the administrator
 
+        to define the set of TSIG keys that may be used in such
 
+        exchanges.</para>
 
+
 
+        <para>To use TSIG when updating entries in a DNS Domain,
 
+        a key must be defined in the TSIG Key List and referenced by
 
+        name in that domain's configuration entry.  When D2 matches a
 
+        change request to a domain, it checks whether the domain has
 
+        a TSIG key associated with it.  If so, D2 will use that key to
 
+        sign DNS update messages sent to and verify repsonses received
 
+        from the domain's DNS server(s). For each TSIG key required by
 
+        the DNS servers that D2 will be working with there must be a
 
+        corresponding TSIG key in the TSIG Key list.</para>
 
+
 
         <para>
 
-        As one might gather from its name, this section is a list of
 
-        TSIG keys. Each entry describes a TSIG key used by one or
 
-        more DNS servers to authenticate requests and sign responses.
 
-        Each entry has three parameters:
 
+        As one might gather from the name, the tsig_key section of the
 
+        D2 configuration lists the TSIG keys.  Each entry describes a
 
+        TSIG key used by one or more DNS servers to authenticate requests
 
+        and sign responses.  Every entry in the list has three parameters:
 
         <itemizedlist>
 
           <listitem>
 
             <simpara>
 
               <command>name</command> &mdash;
 
-              is a unique text label used to identify this key within the
 
+              a unique text label used to identify this key within the
 
               list.  This value is used to specify which key (if any) should be
 
               used when updating a specific domain. So long as it is unique its
 
               content is arbitrary, although for clarity and ease of maintenance
 
@@ -5366,16 +5369,16 @@ corresponding values in the DHCP servers' "dhcp-ddns" configuration section.
 
               <command>secret</command> &mdash;
 
               is used to specify the shared secret key code for this key.  This value is
 
               case sensitive and must exactly match the value specified on the DNS server(s).
 
-              This is a base64 encoded text value that can be located if dnssec public and
 
-              private key files.
 
+              It is a base64-encoded text value.
 
             </simpara>
 
           </listitem>
 
         </itemizedlist>
 
         </para>
 
         <para>
 
-        Suppose that a domain D2 will be updating is maintained by a BIND9 DNS server which
 
-        is using TSIG with that domain.  Suppose further that the entry for the TSIG key in 
-        BIND9's named.conf file looks like this:
 
+        As an example, suppose that a domain D2 will be updating is
 
+        maintained by a BIND9 DNS server which requires dynamic updates
 
+        to be secured with TSIG.  Suppose further that the entry for
 
+        the TSIG key in BIND9's named.conf file looks like this:
 
 <screen>
 
    :
 
    key "key.four.example.com." {
 
@@ -5384,23 +5387,23 @@ corresponding values in the DHCP servers' "dhcp-ddns" configuration section.
 
    };
 
    :
 
 </screen>
 
-        By default, the TSIG Key list is empty.
 
+        By default, the TSIG Key list is empty:
 
 <screen>
 
 <userinput>> config show DhcpDdns/tsig_keys</userinput>
 
 DhcpDdns/tsig_keys  []  list  (default)
 
 </screen>
 
-        So we must first create a new key in the list:
 
+        We must first create a new key in the list:
 
 <screen>
 
 <userinput>> config add DhcpDdns/tsig_keys</userinput>
 
 </screen>
 
-        Displaying the new element, reveals this:
 
+        Displaying the new element, reveals:
 
 <screen>
 
 <userinput>> config show DhcpDdns/tsig_keys[0]</userinput>
 
 DhcpDdns/tsig_keys[0]/name  ""  string  (default)
 
 DhcpDdns/tsig_keys[0]/algorithm "HMAC-MD5"  string  (modified)
 
 DhcpDdns/tsig_keys[0]/secret  ""  string  (default)
 
 </screen>
 
-        Now we simple set all three values to match BIND9's key:
 
+        Now set all three values to match BIND9's key:
 
 <screen>
 
 <userinput>> config set DhcpDdns/tsig_keys[0]/name "key.four.example.com"</userinput>
 
 <userinput>> config set DhcpDdns/tsig_keys[0]/algorithm "HMAC-SHA224"</userinput>