Commit 0050440e authored by Jan Včelák's avatar Jan Včelák 🚀

doc: correct syntax highlight for all code blocks

- Add 'highlight' option to set default syntax on each page
- Add 'code-block' for exceptions
parent 77889631
.. highlight:: yaml
.. _Configuration: .. _Configuration:
************* *************
...@@ -308,7 +309,9 @@ containing files in the JSON format. The database contains ...@@ -308,7 +309,9 @@ containing files in the JSON format. The database contains
- private key material. - private key material.
The :doc:`keymgr <man_keymgr>` utility serves for the database maintenance. The :doc:`keymgr <man_keymgr>` utility serves for the database maintenance.
To initialize the database, run:: To initialize the database, run:
.. code-block:: console
$ mkdir -p /var/lib/knot/kasp $ mkdir -p /var/lib/knot/kasp
$ cd /var/lib/knot/kasp $ cd /var/lib/knot/kasp
...@@ -330,7 +333,9 @@ first place. This policy specifies how a zone is signed (i.e. signing ...@@ -330,7 +333,9 @@ first place. This policy specifies how a zone is signed (i.e. signing
algorithm, key size, signature lifetime, key lifetime, etc.). algorithm, key size, signature lifetime, key lifetime, etc.).
To create a new policy named *default_rsa* using *RSA-SHA-256* algorithm for To create a new policy named *default_rsa* using *RSA-SHA-256* algorithm for
signing keys, 1024-bit long ZSK, and 2048-bit long KSK, run:: signing keys, 1024-bit long ZSK, and 2048-bit long KSK, run:
.. code-block:: console
$ keymgr policy add default_rsa algorithm RSASHA256 zsk-size 1024 ksk-size 2048 $ keymgr policy add default_rsa algorithm RSASHA256 zsk-size 1024 ksk-size 2048
...@@ -338,11 +343,15 @@ The unspecified policy parameters are set to defaults. The complete definition ...@@ -338,11 +343,15 @@ The unspecified policy parameters are set to defaults. The complete definition
of the policy will be printed after executing the command. of the policy will be printed after executing the command.
Next, create a zone entry for zone *myzone.test* and assign it the newly Next, create a zone entry for zone *myzone.test* and assign it the newly
created policy:: created policy:
.. code-block:: console
$ keymgr zone add myzone.test policy default_rsa $ keymgr zone add myzone.test policy default_rsa
Make sure everything is set correctly:: Make sure everything is set correctly:
.. code-block:: console
$ keymgr policy show default_rsa $ keymgr policy show default_rsa
$ keymgr zone show myzone.test $ keymgr zone show myzone.test
...@@ -359,7 +368,9 @@ The configuration fragment might look similar to:: ...@@ -359,7 +368,9 @@ The configuration fragment might look similar to::
- domain: myzone.test - domain: myzone.test
dnssec-enable: on dnssec-enable: on
Finally, reload the server:: Finally, reload the server:
.. code-block:: console
$ knotc reload $ knotc reload
...@@ -381,13 +392,17 @@ Manual key management ...@@ -381,13 +392,17 @@ Manual key management
For automatic DNSSEC signing with manual key management, a signing policy For automatic DNSSEC signing with manual key management, a signing policy
need not be defined. need not be defined.
Create a zone entry for the zone *myzone.test* without a policy:: Create a zone entry for the zone *myzone.test* without a policy:
.. code-block:: console
$ keymgr zone add myzone.test $ keymgr zone add myzone.test
Generate a signing keys for the zone. Let's use the Single-Type Signing scheme Generate a signing keys for the zone. Let's use the Single-Type Signing scheme
with two algorithms (this scheme is not supported in automatic key management). with two algorithms (this scheme is not supported in automatic key management).
Run:: Run:
.. code-block:: console
$ keymgr zone key generate myzone.test algorithm RSASHA256 size 1024 $ keymgr zone key generate myzone.test algorithm RSASHA256 size 1024
$ keymgr zone key generate myzone.test algorithm ECDSAP256SHA256 size 256 $ keymgr zone key generate myzone.test algorithm ECDSAP256SHA256 size 256
...@@ -398,12 +413,16 @@ reload the server. Use the same steps as in ...@@ -398,12 +413,16 @@ reload the server. Use the same steps as in
To perform a manual rollover of a key, the timing parameters of the key need To perform a manual rollover of a key, the timing parameters of the key need
to be set. Let's roll the RSA key. Generate a new RSA key, but do not activate to be set. Let's roll the RSA key. Generate a new RSA key, but do not activate
it yet:: it yet:
.. code-block:: console
$ keymgr zone key generate myzone.test algorithm RSASHA256 size 1024 activate +1d $ keymgr zone key generate myzone.test algorithm RSASHA256 size 1024 activate +1d
Take the key ID (or key tag) of the old RSA key and disable it the same time Take the key ID (or key tag) of the old RSA key and disable it the same time
the new key gets activated:: the new key gets activated:
.. code-block:: console
$ keymgr zone key set myzone.test <old_key_id> retire +1d remove +1d $ keymgr zone key set myzone.test <old_key_id> retire +1d remove +1d
...@@ -620,7 +639,9 @@ Example:: ...@@ -620,7 +639,9 @@ Example::
file: example.zone # Zone file have to exist! file: example.zone # Zone file have to exist!
module: mod-synth-record/test1 module: mod-synth-record/test1
Result:: Result:
.. code-block:: console
$ kdig AAAA dynamic-2620-0000-0b61-0100-0000-0000-0000-0000.example. $ kdig AAAA dynamic-2620-0000-0b61-0100-0000-0000-0000-0000.example.
... ...
...@@ -631,7 +652,9 @@ Result:: ...@@ -631,7 +652,9 @@ Result::
dynamic-2620-0000-0b61-0100... 400 IN AAAA 2620:0:b61:100:: dynamic-2620-0000-0b61-0100... 400 IN AAAA 2620:0:b61:100::
You can also have CNAME aliases to the dynamic records, which are going to be You can also have CNAME aliases to the dynamic records, which are going to be
further resoluted:: further resoluted:
.. code-block:: console
$ kdig AAAA hostalias.example. $ kdig AAAA hostalias.example.
... ...
...@@ -660,7 +683,9 @@ Example:: ...@@ -660,7 +683,9 @@ Example::
file: 1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa.zone # Zone file have to exist! file: 1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa.zone # Zone file have to exist!
module: mod-synth-record/test2 module: mod-synth-record/test2
Result:: Result:
.. code-block:: console
$ kdig PTR 1.0.0...1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa. $ kdig PTR 1.0.0...1.6.b.0.0.0.0.0.0.2.6.2.ip6.arpa.
... ...
...@@ -719,13 +744,17 @@ the record is searched in the available zones. The modules comes with a tool ...@@ -719,13 +744,17 @@ the record is searched in the available zones. The modules comes with a tool
Neither the tool nor the module are enabled by default, recompile with Neither the tool nor the module are enabled by default, recompile with
the configure flag ``--enable-rosedb`` to enable them. the configure flag ``--enable-rosedb`` to enable them.
For example, suppose we have a database of following records:: For example, suppose we have a database of following records:
.. code-block:: none
myrecord.com. 3600 IN A 127.0.0.1 myrecord.com. 3600 IN A 127.0.0.1
www.myrecord.com. 3600 IN A 127.0.0.2 www.myrecord.com. 3600 IN A 127.0.0.2
ipv6.myrecord.com. 3600 IN AAAA ::1 ipv6.myrecord.com. 3600 IN AAAA ::1
And we query the nameserver with following:: And we query the nameserver with following:
.. code-block:: console
$ kdig IN A myrecord.com $ kdig IN A myrecord.com
... returns NOERROR, 127.0.0.1 ... returns NOERROR, 127.0.0.1
...@@ -743,7 +772,9 @@ i.e. 'myrecord.com' matches 'a.a.myrecord.com' as well. ...@@ -743,7 +772,9 @@ i.e. 'myrecord.com' matches 'a.a.myrecord.com' as well.
This can be exploited to create a catch-all entries.* This can be exploited to create a catch-all entries.*
You can also add an authority information for the entries, provided you create You can also add an authority information for the entries, provided you create
a SOA + NS records for a name, like so:: a SOA + NS records for a name, like so:
.. code-block:: none
myrecord.com. 3600 IN SOA master host 1 3600 60 3600 3600 myrecord.com. 3600 IN SOA master host 1 3600 60 3600 3600
myrecord.com. 3600 IN NS ns1.myrecord.com. myrecord.com. 3600 IN NS ns1.myrecord.com.
...@@ -769,7 +800,9 @@ you specify a syslog address endpoint and an optional string code. ...@@ -769,7 +800,9 @@ you specify a syslog address endpoint and an optional string code.
Here is an example on how to use the module: Here is an example on how to use the module:
* Create the entries in the database:: * Create the entries in the database:
.. code-block:: console
$ mkdir /tmp/static_rrdb $ mkdir /tmp/static_rrdb
$ rosedb_tool /tmp/static_rrdb add myrecord.com. A 3600 "127.0.0.1" "-" "-" # No logging $ rosedb_tool /tmp/static_rrdb add myrecord.com. A 3600 "127.0.0.1" "-" "-" # No logging
...@@ -795,10 +828,14 @@ Here is an example on how to use the module: ...@@ -795,10 +828,14 @@ Here is an example on how to use the module:
*Note: The module accepts just one parameter - path to the directory where *Note: The module accepts just one parameter - path to the directory where
the database will be stored.* the database will be stored.*
* Start the server:: * Start the server:
.. code-block:: console
$ knotd -c knot.conf $ knotd -c knot.conf
* Verify the running instance:: * Verify the running instance:
.. code-block:: console
$ kdig @127.0.0.1#6667 A myrecord.com $ kdig @127.0.0.1#6667 A myrecord.com
.. highlight:: none
Welcome to Knot DNS's documentation! Welcome to Knot DNS's documentation!
==================================== ====================================
......
.. _Installation: .. _Installation:
.. highlight:: console
************ ************
Installation Installation
************ ************
......
.. highlight:: none
.. _Introduction: .. _Introduction:
************ ************
......
.. highlight:: console
kdig -- Advanced DNS lookup utility kdig -- Advanced DNS lookup utility
=================================== ===================================
......
.. highlight:: console
keymgr -- DNSSEC key management utility keymgr -- DNSSEC key management utility
======================================= =======================================
......
.. highlight:: console
khost -- Simple DNS lookup utility khost -- Simple DNS lookup utility
================================== ==================================
......
.. highlight:: console
knot1to2 -- Knot DNS configuration conversion utility knot1to2 -- Knot DNS configuration conversion utility
===================================================== =====================================================
......
.. highlight:: console
knotc -- Knot DNS control utility knotc -- Knot DNS control utility
================================= =================================
......
.. highlight:: console
knotd -- Knot DNS server daemon knotd -- Knot DNS server daemon
=============================== ===============================
......
.. highlight:: console
knsec3hash -- NSEC hash computation utility knsec3hash -- NSEC hash computation utility
=========================================== ===========================================
......
.. highlight:: console
knsupdate -- Dynamic DNS update utility knsupdate -- Dynamic DNS update utility
======================================= =======================================
......
.. highlight:: yaml
.. _Migration from other DNS servers: .. _Migration from other DNS servers:
******************************** ********************************
......
.. highlight:: yaml
.. _Configuration Reference: .. _Configuration Reference:
*********************** ***********************
......
.. highlight:: none
.. _Requirements: .. _Requirements:
************ ************
......
.. highlight:: console
.. _Running: .. _Running:
******* *******
......
.. highlight:: console
.. _Troubleshooting: .. _Troubleshooting:
*************** ***************
......
:. _Utilities: .. highlight:: none
.. _Utilities:
Utilities Utilities
========= =========
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment