From 27351286d3e5ed2133e7abad42bba52dbb7d338a Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 11 Jun 2018 15:36:00 +0200 Subject: [PATCH] dnsdist: Mention earlier that libsodium is required for console encryption --- pdns/dnsdistdist/docs/guides/console.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pdns/dnsdistdist/docs/guides/console.rst b/pdns/dnsdistdist/docs/guides/console.rst index c163a202b..465c7ce44 100644 --- a/pdns/dnsdistdist/docs/guides/console.rst +++ b/pdns/dnsdistdist/docs/guides/console.rst @@ -11,14 +11,16 @@ The console can be enabled with :func:`controlSocket`: controlSocket('192.0.2.53:5199') -Enabling the console without encryption enabled is not recommended. To enable encryption, first generate a key with :func:`makeKey`:: +Enabling the console without encryption enabled is not recommended. Note that encryption requires building dnsdist with libsodium support enabled. + +Once you have a libsodium-enabled dnsdist, the first step to enable encryption is to generate a key with :func:`makeKey`:: $ ./dnsdist -l 127.0.0.1:5300 [..] > makeKey() setKey("ENCODED KEY") -Add the generated :func:`setKey` line to your dnsdist configuration file, along with a :func:`controlSocket`: +Then add the generated :func:`setKey` line to your dnsdist configuration file, along with a :func:`controlSocket`: .. code-block:: lua @@ -38,8 +40,6 @@ Alternatively, you can specify the address and key on the client commandline:: This will leak the key into your shell's history and is **not** recommended. -Note that encryption requires building dnsdist with libsodium support enabled. - Since 1.3.0, dnsdist supports restricting which client can connect to the console with an ACL: .. code-block:: lua -- 2.40.0