From: Bert Hubert Date: Sun, 9 Jan 2011 06:12:29 +0000 (+0000) Subject: move document generation structure fully over to xml docbook X-Git-Tag: auth-3.0~408 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e980a3e30160d042d66455607b88e4fb0983284a;p=pdns move document generation structure fully over to xml docbook git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1839 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/docs/Makefile b/pdns/docs/Makefile index 95ea4ec47..5dffc7165 100644 --- a/pdns/docs/Makefile +++ b/pdns/docs/Makefile @@ -2,40 +2,41 @@ all: pdns.txt pdns.pdf html/index.html html.tar.gz -pdns-expanded.sgml: pdns.sgml +pdns-expanded.xml: pdns.xml ./expand < $< > $@ clean: - rm -rf *.xml *.dvi *.pdf *.tex *.toc *.aux *.ps *.bak *.tmp *~ *.log html.tar.gz html pdns - -html/index.html: pdns-expanded.sgml - db2html -V %use-id-as-filename% -o html $< + rm -rf *.dvi *.pdf *.tex *.toc *.aux *.ps *.bak *.tmp *~ *.log html.tar.gz html pdns +html/index.html: pdns-expanded.xml + xmlto xhtml -m config.xsl -o html $< + cp docbook.css html + html.tar.gz: html/index.html tar czf html.tar.gz html/ -%.txt: %-expanded.sgml - docbook2txt $< +%.txt: %-expanded.xml + xmlto text -m config.xsl $< mv pdns-expanded.txt pdns.txt -%.pdf: %-expanded.sgml - docbook2pdf $< +%.pdf: %-expanded.xml + xmlto --with-dblatex pdf $< mv pdns-expanded.pdf pdns.pdf -%.xml: %.txt - asciidoc -b docbook -d manpage $< +#%.xml: %.txt +# asciidoc -b docbook -d manpage $< -%: %.xml - xmlto man $< +#: %.xml +# xmlto man $< %.html: %.txt asciidoc -b xhtml11 -d manpage $< publish: - rsync --rsync-path=./rsync --copy-links --delete -avrze 'ssh -p 2222' ./html pdns.txt pdns.pdf html.tar.gz \ - localhost:/opt/websites/downloads.powerdns.com/www/documentation/ - ssh localhost -p 2222 ln -s /opt/websites/downloads.powerdns.com/www/documentation/images \ - /opt/websites/downloads.powerdns.com/www/documentation/html/ + rsync --rsync-path=./rsync --exclude "*.png" --copy-links --delete -avrze 'ssh -p 2222' ./html pdns.txt pdns.pdf html.tar.gz \ + localhost:/opt/websites/downloads.powerdns.com/www/documentation/ +# ssh localhost -p 2222 cp /usr/share/doc/libboost-doc/HTML/doc/html/images/*.png \ +# /opt/websites/downloads.powerdns.com/www/documentation/html/ publish2: rsync --copy-links --delete -avrze ssh ./html pdns.txt pdns.pdf \ diff --git a/pdns/docs/config.xsl b/pdns/docs/config.xsl index 542ac427e..0599c6268 100644 --- a/pdns/docs/config.xsl +++ b/pdns/docs/config.xsl @@ -17,8 +17,7 @@ - - + diff --git a/pdns/docs/pdns.sgml b/pdns/docs/pdns.sgml index 5f0dc06ff..001585ce9 100644 --- a/pdns/docs/pdns.sgml +++ b/pdns/docs/pdns.sgml @@ -9033,6 +9033,64 @@ $ pdnssec rectify-zone A PowerDNSSEC zone can either be operated in NSEC or in one of two NSEC3 modes ('inclusive' and 'narrow'). +
+ Profile, Supported Algorithms, Record Types & Modes of operation + + PowerDNSSEC aims to serve unexciting, standards compliant, DNSSEC information. One goal is to have + relevant parts of our output be identical or equivalent to important fellow-traveller software like NLNetLab's + NSD. + + + Particularly, if a PowerDNSSEC secured zone is transfered via AXFR, it should be able to contain the same records + as when that zone was signed using 'ldns-signzone' using the same keys and settings. + + + In addition to the above, PowerDNSSEC also supports modes of operation which may not have an equivalent in other + pieces of software, for example NSEC3-narrow mode. In such cases we strive for implementing the relevant standards + well. + + + PowerDNSSEC supports: + + + NSEC + + + NSEC3 + + + NSEC-narrow + + + DS (digest type 1, digest type 2) + + + RSASHA1 (algorithm 5, algorithm 7) + + + RSASHA256 (algorithm 8) + + + + + This corresponds to: + + + RFC 4033, 4034, 4035: DNS Security Introduction and Requirements,Resource Records for the DNS Security Extensions, Protocol Modifications for the DNS Security Extensions + + + RFC 4509: Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) + + + RFC 5155: DNS Security (DNSSEC) Hashed Authenticated Denial of Existence + + + RFC 5702: Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC + + + + +
Migration diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index 44c3e1c8d..4d00affc6 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -17,9 +17,11 @@ v2.9.19 $Date: 2011-01-06 23:00:05 +0100 (Thu, 06 Jan 2011) $ - + +
It is a book about a Spanish guy called Manual. You should read it. -- Dilbert +
@@ -9078,7 +9080,13 @@ $ pdnssec rectify-zone This corresponds to: - RFC 4033, 4034, 4035: DNS Security Introduction and Requirements,Resource Records for the DNS Security Extensions, Protocol Modifications for the DNS Security Extensions + RFC 4033: DNS Security Introduction and Requirements,Resource Records for the DNS Security Extensions, Protocol Modifications for the DNS Security Extensions + + + RFC 4034: Resource Records for the DNS Security Extensions, Protocol Modifications for the DNS Security Extensions + + + RFC 4035: Protocol Modifications for the DNS Security Extensions RFC 4509: Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) @@ -9144,6 +9152,28 @@ $ pdnssec rectify-zone Keys and hashes are configured using the 'pdnssec' tool, which is described next. +
(Hashed) Denial of Existence + + PowerDNS supports unhashed secure denial of existence using NSEC records. These are generated + with the help of the (database) backend, which needs to be able to supply the 'previous' and 'next' records + in canonical ordering. + + + The Generic SQL Backends have fields that allow them to supply these relative record names. + + + In addition, hashed secure denial of existence is supported using NSEC3 records, in two modes, one + with help from the database, the other with the help of some additional calculations. + + + NSEC3 in 'broad' or 'inclusive' mode works with the aid of the backend, where the backend should + be able to supply the previous and next domain names in hashed order. + + + NSEC3 in 'narrow' mode uses additional hashing calculations to provide hashed secure denial of existence 'on the fly', + without further involving the database. + +
'pdnssec' for PowerDNSSEC command & control @@ -9165,10 +9195,10 @@ $ pdnssec rectify-zone - add-zone-key ZONE [ksk|zsk] [bits] + add-zone-key ZONE [ksk|zsk] [bits] [rsasha1|rsasha256] - Create a new key for zone ZONE, and make it a KSK or a ZSK. + Create a new key for zone ZONE, and make it a KSK or a ZSK, with the specified algorithm.