From: Remi Gacogne Date: Mon, 11 Jun 2018 13:36:00 +0000 (+0200) Subject: dnsdist: Mention earlier that libsodium is required for console encryption X-Git-Tag: dnsdist-1.3.1~34^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27351286d3e5ed2133e7abad42bba52dbb7d338a;p=pdns dnsdist: Mention earlier that libsodium is required for console encryption --- diff --git a/pdns/dnsdistdist/docs/guides/console.rst b/pdns/dnsdistdist/docs/guides/console.rst index c163a202b..465c7ce44 100644 --- a/pdns/dnsdistdist/docs/guides/console.rst +++ b/pdns/dnsdistdist/docs/guides/console.rst @@ -11,14 +11,16 @@ The console can be enabled with :func:`controlSocket`: controlSocket('192.0.2.53:5199') -Enabling the console without encryption enabled is not recommended. To enable encryption, first generate a key with :func:`makeKey`:: +Enabling the console without encryption enabled is not recommended. Note that encryption requires building dnsdist with libsodium support enabled. + +Once you have a libsodium-enabled dnsdist, the first step to enable encryption is to generate a key with :func:`makeKey`:: $ ./dnsdist -l 127.0.0.1:5300 [..] > makeKey() setKey("ENCODED KEY") -Add the generated :func:`setKey` line to your dnsdist configuration file, along with a :func:`controlSocket`: +Then add the generated :func:`setKey` line to your dnsdist configuration file, along with a :func:`controlSocket`: .. code-block:: lua @@ -38,8 +40,6 @@ Alternatively, you can specify the address and key on the client commandline:: This will leak the key into your shell's history and is **not** recommended. -Note that encryption requires building dnsdist with libsodium support enabled. - Since 1.3.0, dnsdist supports restricting which client can connect to the console with an ACL: .. code-block:: lua