"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nsd-control.8.in" between
nsd-4.3.6.tar.gz and nsd-4.3.7.tar.gz

About: NSD is an authoritative only, high performance, simple name server daemon.

nsd-control.8.in  (nsd-4.3.6):nsd-control.8.in  (nsd-4.3.7)
.TH "nsd\-control" "8" "Apr 6, 2021" "NLnet Labs" "nsd 4.3.6" .TH "nsd\-control" "8" "Jul 22, 2021" "NLnet Labs" "nsd 4.3.7"
.\" Copyright (c) 2011, NLnet Labs. All rights reserved. .\" Copyright (c) 2011, NLnet Labs. All rights reserved.
.\" See LICENSE for the license. .\" See LICENSE for the license.
.SH "NAME" .SH "NAME"
.B nsd\-control, .B nsd\-control,
.B nsd\-control\-setup .B nsd\-control\-setup
\- NSD remote server control utility. \- NSD remote server control utility.
.SH "SYNOPSIS" .SH "SYNOPSIS"
.B nsd\-control .B nsd\-control
.RB [ \-c .RB [ \-c
.IR cfgfile ] .IR cfgfile ]
skipping to change at line 180 skipping to change at line 180
.TP .TP
.B assoc_tsig <zone> <key_name> .B assoc_tsig <zone> <key_name>
Associate the zone with the given tsig. The access control lists for Associate the zone with the given tsig. The access control lists for
notify, allow-notify, provide-xfr and request-xfr are adjusted to use the notify, allow-notify, provide-xfr and request-xfr are adjusted to use the
given key. given key.
.TP .TP
.B del_tsig <key_name> .B del_tsig <key_name>
Delete the TSIG key with the given name. Prints error if the key is still Delete the TSIG key with the given name. Prints error if the key is still
in use by some zone. The changes are only in-memory and are gone next in use by some zone. The changes are only in-memory and are gone next
restart, for lasting changes edit the nsd.conf file or a file included from it. restart, for lasting changes edit the nsd.conf file or a file included from it.
.TP
.B add_cookie_secret <secret>
Add or replace a cookie secret persistently. <secret> needs to be an 128 bit
hex string.
Cookie secrets can be either \fIactive\fR or \fIstaging\fR. \fIActive\fR cookie
secrets are used to create DNS Cookies, but verification of a DNS Cookie
succeeds with any of the \fIactive\fR or \fIstaging\fR cookie secrets. The
state of the current cookie secrets can be printed with the
\fBprint_cookie_secrets\fR command.
When there are no cookie secrets configured yet, the <secret> is added as
\fIactive\fR. If there is already an \fIactive\fR cookie secret, the <secret>
is added as \fIstaging\fR or replacing an existing \fIstaging\fR secret.
To "roll" a cookie secret used in an anycast set. The new secret has to be
added as staging secret to \fBall\fR nodes in the anycast set. When \fBall\fR
nodes can verify DNS Cookies with the new secret, the new secret can be
activated with the \fBactivate_cookie_secret\fR command. After \fBall\fR nodes
have the new secret \fIactive\fR for at least one hour, the previous secret can
be dropped with the \fBdrop_cookie_secret\fR command.
Persistence is accomplished by writing to a file which if configured with the
\fBcookie\-secret\-file\fR option in the server section of the config file.
The default value for that is: @configdir@/nsd_cookiesecrets.txt .
.TP
.B drop_cookie_secret
Drop the \fIstaging\fR cookie secret.
.TP
.B activate_cookie_secret
Make the current \fIstaging\fR cookie secret \fIactive\fR, and the current
\fIactive\fR cookie secret \fIstaging\fR.
.TP
.B print_cookie_secrets
Show the current configured cookie secrets with their status.
.SH "EXIT CODE" .SH "EXIT CODE"
The nsd\-control program exits with status code 1 on error, 0 on success. The nsd\-control program exits with status code 1 on error, 0 on success.
.SH "SET UP" .SH "SET UP"
The setup requires a self\-signed certificate and private keys for both The setup requires a self\-signed certificate and private keys for both
the server and client. The script \fInsd\-control\-setup\fR generates the server and client. The script \fInsd\-control\-setup\fR generates
these in the default run directory, or with \-d in another directory. these in the default run directory, or with \-d in another directory.
If you change the access control permissions on the key files you can decide If you change the access control permissions on the key files you can decide
who can use nsd\-control, by default owner and group but not all users. who can use nsd\-control, by default owner and group but not all users.
The script preserves private keys present in the directory. The script preserves private keys present in the directory.
After running the script as root, turn on \fBcontrol\-enable\fR in After running the script as root, turn on \fBcontrol\-enable\fR in
 End of changes. 2 change blocks. 
1 lines changed or deleted 36 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)