13 years ago · 4fea1ab53d
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1629,31 +1629,23 @@ Xfrout/transfer_acl[0]	{"action": "ACCEPT"}	any	(default)</screen>
 
				     </simpara></note>
			
 
				 
			
 
				     <para>
			
 
				-      If you want to require TSIG in access control, a separate TSIG
			
 
				-      "key ring" must be configured specifically
			
 
				-      for <command>b10-xfrout</command> as well as a system wide
			
 
				-      key ring, both containing a consistent set of keys.
			
 
				+      If you want to require TSIG in access control, a system wide TSIG
			
 
				+      "key ring" must be configured.
			
 
				       For example, to change the previous example to allowing requests
			
 
				       from 192.0.2.1 signed by a TSIG with a key name of
			
 
				       "key.example", you'll need to do this:
			
 
				     </para>
			
 
				 
			
 
				     <screen>&gt; <userinput>config set tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
			
 
				-&gt; <userinput>config set Xfrout/tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
			
 
				 &gt; <userinput>config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "192.0.2.1", "key": "key.example"}]</userinput>
			
 
				 &gt; <userinput>config commit</userinput></screen>
			
 
				 
			
 
				-    <para>
			
 
				-      The first line of configuration defines a system wide key ring.
			
 
				-      This is necessary because the <command>b10-auth</command> server
			
 
				-      also checks TSIGs and it uses the system wide configuration.
			
 
				-    </para>
			
 
				+    <param>Both Xfrout and Auth will use the system wide keyring to check
			
 
				+    TSIGs in the incomming messages and to sign responses.</param>
			
 
				 
			
 
				     <note><simpara>
			
 
				-        In a future version, <command>b10-xfrout</command> will also
			
 
				-        use the system wide TSIG configuration.
			
 
				         The way to specify zone specific configuration (ACLs, etc) is
			
 
				-        likely to be changed, too.
			
 
				+        likely to be changed.
			
 
				     </simpara></note>
			
 
				 
			
 
				 <!--
			
--- a/src/bin/xfrout/b10-xfrout.xml
+++ b/src/bin/xfrout/b10-xfrout.xml
@@ -98,13 +98,6 @@
 
				       that can run concurrently. The default is 10.
			
 
				     </para>
			
 
				     <para>
			
 
				-      <varname>tsig_key_ring</varname>
			
 
				-      A list of TSIG keys (each of which is in the form of
			
 
				-      <replaceable>name:base64-key[:algorithm]</replaceable>)
			
 
				-      used for access control on transfer requests.
			
 
				-      The default is an empty list.
			
 
				-    </para>
			
 
				-    <para>
			
 
				       <varname>transfer_acl</varname>
			
 
				       A list of ACL elements that apply to all transfer requests by
			
 
				       default (unless overridden in <varname>zone_config</varname>).
			
@@ -160,13 +153,6 @@
 
				     </simpara></note>
			
 
				 
			
 
				 
			
 
				-<!--
			
 
				-
			
 
				-tsig_key_ring list of
			
 
				-tsig_key string
			
 
				-
			
 
				--->
			
 
				-
			
 
				 <!-- TODO: formating -->
			
 
				     <para>
			
 
				       The configuration commands are: