diff options
| -rw-r--r-- | man/coredns-minimal.7 | 49 | ||||
| -rw-r--r-- | man/coredns-sign.7 | 17 | ||||
| -rw-r--r-- | man/coredns.1 | 2 |
3 files changed, 54 insertions, 14 deletions
diff --git a/man/coredns-minimal.7 b/man/coredns-minimal.7 new file mode 100644 index 000000000..52e2e1c6e --- /dev/null +++ b/man/coredns-minimal.7 @@ -0,0 +1,49 @@ +.\" Generated by Mmark Markdown Processer - mmark.miek.nl +.TH "COREDNS-MINIMAL" 7 "March 2021" "CoreDNS" "CoreDNS Plugins" + +.SH "NAME" +.PP +\fIminimal\fP - minimizes size of the DNS response message whenever possible. + +.SH "DESCRIPTION" +.PP +The \fIminimal\fP plugin tries to minimize the size of the response. Depending on the response type it +removes resource records from the AUTHORITY and ADDITIONAL sections. + +.PP +Specifically this plugin looks at successful responses (this excludes negative responses, i.e. +nodata or name error). If the successful response isn't a delegation only the RRs in the answer +section are written to the client. + +.SH "SYNTAX" +.PP +.RS + +.nf +minimal + +.fi +.RE + +.SH "EXAMPLES" +.PP +Enable minimal responses: + +.PP +.RS + +.nf +example.org { + whoami + forward . 8.8.8.8 + minimal +} + +.fi +.RE + +.SH "SEE ALSO" +.PP +BIND 9 Configuration Reference +\[la]https://bind9.readthedocs.io/en/latest/reference.html#boolean-options\[ra] + diff --git a/man/coredns-sign.7 b/man/coredns-sign.7 index 7a9127c5b..9ca4e5b42 100644 --- a/man/coredns-sign.7 +++ b/man/coredns-sign.7 @@ -8,9 +8,9 @@ .SH "DESCRIPTION" .PP The \fIsign\fP plugin is used to sign (see RFC 6781) zones. In this process DNSSEC resource records are -added to the zone. The signatures that sign the resource records sets have an expiration date. This -means the signing process must be repeated before this expiration data is reached. Otherwise the -zone's data will go BAD (RFC 4035, Section 5.5). The \fIsign\fP plugin takes care of this. +added. The signatures that sign the resource records sets have an expiration date, this means the +signing process must be repeated before this expiration data is reached. Otherwise the zone's data +will go BAD (RFC 4035, Section 5.5). The \fIsign\fP plugin takes care of this. .PP Only NSEC is supported, \fIsign\fP does \fInot\fP support NSEC3. @@ -40,16 +40,7 @@ the signature only has 14 days left before expiring. .RE -Both these dates are only checked on the SOA's signature(s). This concerns the DNSSEC data, the -\fIsign\fP plugin will also take into account and resign if: - -.RS -.IP \(en 4 -the \fBmtime\fP of the zone file has changed, since the last time it was checked. -.IP \(en 4 -the signed zone file doesn't exist on disk. - -.RE +Both these dates are only checked on the SOA's signature(s). .IP \(bu 4 Create RRSIGs that have an inception of -3 hours (minus a jitter between 0 and 18 hours) and a expiration of +32 (plus a jitter between 0 and 5 days) days for every given DNSKEY. diff --git a/man/coredns.1 b/man/coredns.1 index 99054011f..e73d4780d 100644 --- a/man/coredns.1 +++ b/man/coredns.1 @@ -58,5 +58,5 @@ Apache License 2.0 .SH "SEE ALSO" .PP -Corefile(5) coredns-k8s_external(7) coredns-any(7) coredns-hosts(7) coredns-reload(7) coredns-acl(7) coredns-dnssec(7) coredns-health(7) coredns-grpc(7) coredns-sign(7) coredns-log(7) coredns-tls(7) coredns-file(7) coredns-root(7) coredns-loop(7) coredns-chaos(7) coredns-dnstap(7) coredns-pprof(7) coredns-bufsize(7) coredns-clouddns(7) coredns-loadbalance(7) coredns-cache(7) coredns-whoami(7) coredns-bind(7) coredns-erratic(7) coredns-auto(7) coredns-import(7) coredns-debug(7) coredns-template(7) coredns-azure(7) coredns-autopath(7) coredns-kubernetes(7) coredns-forward(7) coredns-nsid(7) coredns-secondary(7) coredns-route53(7) coredns-local(7) coredns-errors(7) coredns-transfer(7) coredns-ready(7) coredns-metadata(7) coredns-rewrite(7) coredns-metrics(7) coredns-dns64(7) coredns-etcd(7) coredns-cancel(7) coredns-trace(7). +Corefile(5) coredns-k8s_external(7) coredns-any(7) coredns-hosts(7) coredns-reload(7) coredns-acl(7) coredns-dnssec(7) coredns-health(7) coredns-grpc(7) coredns-sign(7) coredns-log(7) coredns-tls(7) coredns-file(7) coredns-root(7) coredns-loop(7) coredns-chaos(7) coredns-dnstap(7) coredns-pprof(7) coredns-bufsize(7) coredns-clouddns(7) coredns-loadbalance(7) coredns-cache(7) coredns-whoami(7) coredns-minimal(7) coredns-bind(7) coredns-erratic(7) coredns-auto(7) coredns-import(7) coredns-debug(7) coredns-template(7) coredns-azure(7) coredns-autopath(7) coredns-kubernetes(7) coredns-forward(7) coredns-nsid(7) coredns-secondary(7) coredns-route53(7) coredns-local(7) coredns-errors(7) coredns-transfer(7) coredns-ready(7) coredns-metadata(7) coredns-rewrite(7) coredns-metrics(7) coredns-dns64(7) coredns-etcd(7) coredns-cancel(7) coredns-trace(7). |