diff options
| author |  Miek Gieben <miek@miek.nl>
| 2017-10-10 09:39:35 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2017-10-10 09:39:35 +0200 |
| commit | 427aed6f5b465277dbc85be3ffbdccf0b88257ac (patch) | |
| tree | 7145ba2944e0e1ee7bf54df89bb2fcc677225197 /plugin/dnssec | |
| parent | 7c6ba3fcbd78d8698b62925451b39cb103cbadbc (diff) | |
| download | coredns-427aed6f5b465277dbc85be3ffbdccf0b88257ac.tar.gz coredns-427aed6f5b465277dbc85be3ffbdccf0b88257ac.tar.zst coredns-427aed6f5b465277dbc85be3ffbdccf0b88257ac.zip | |
doc update (#1140)
* doc update
Go through all README and fix mistakes, extend example and let more
corefile snippets be test for validity.
* Cant use spefic addr in test
Diffstat (limited to 'plugin/dnssec')
| -rw-r--r-- | plugin/dnssec/README.md | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/plugin/dnssec/README.md b/plugin/dnssec/README.md index e087f6c9a..bf560464d 100644 --- a/plugin/dnssec/README.md +++ b/plugin/dnssec/README.md @@ -17,33 +17,31 @@ Authenticated denial of existence is implemented with NSEC black lies. Using ECD is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported. If multiple *dnssec* plugins are specified in the same zone, the last one specified will be -used ( see [bugs](#bugs) ). +used (See [bugs](#bugs)). -* `ZONES` zones that should be signed. If empty, the zones from the configuration block +* **ZONES** zones that should be signed. If empty, the zones from the configuration block are used. -* `key file` indicates that key file(s) should be read from disk. When multiple keys are specified, RRsets +* `key file` indicates that **KEY** file(s) should be read from disk. When multiple keys are specified, RRsets will be signed with all keys. Generating a key can be done with `dnssec-keygen`: `dnssec-keygen -a ECDSAP256SHA256 <zonename>`. A key created for zone *A* can be safely used for zone *B*. The name of the key file can be specified as one of the following formats * basename of the generated key `Kexample.org+013+45330` - * generated public key `Kexample.org+013+45330.key` - * generated private key `Kexample.org+013+45330.private` * `cache_capacity` indicates the capacity of the cache. The dnssec plugin uses a cache to store - RRSIGs. The default capacity is 10000. + RRSIGs. The default for **CAPACITY** is 10000. ## Metrics If monitoring is enabled (via the *prometheus* directive) then the following metrics are exported: -* coredns_dnssec_cache_size{type} - total elements in the cache, type is "signature". -* coredns_dnssec_cache_capacity{type} - total capacity of the cache, type is "signature". -* coredns_dnssec_cache_hits_total - Counter of cache hits. -* coredns_dnssec_cache_misses_total - Counter of cache misses. +* `coredns_dnssec_cache_size{type}` - total elements in the cache, type is "signature". +* `coredns_dnssec_cache_capacity{type}` - total capacity of the cache, type is "signature". +* `coredns_dnssec_cache_hits_total{}` - Counter of cache hits. +* `coredns_dnssec_cache_misses_total{}` - Counter of cache misses. ## Examples |