Commit 039117a0 authored by Jan Včelák's avatar Jan Včelák 🚀

doc: clarify independence of remote and ACL specifications

parent 0c1e02a7
...@@ -121,7 +121,7 @@ If the zone file doesn't exist it will be bootstrapped over AXFR:: ...@@ -121,7 +121,7 @@ If the zone file doesn't exist it will be bootstrapped over AXFR::
address: 192.168.1.1@53 address: 192.168.1.1@53
acl: acl:
- id: master_acl - id: notify_from_master
address: 192.168.1.1 address: 192.168.1.1
action: notify action: notify
...@@ -130,7 +130,7 @@ If the zone file doesn't exist it will be bootstrapped over AXFR:: ...@@ -130,7 +130,7 @@ If the zone file doesn't exist it will be bootstrapped over AXFR::
storage: /var/lib/knot/zones/ storage: /var/lib/knot/zones/
# file: example.com.zone # Default value # file: example.com.zone # Default value
master: master master: master
acl: master_acl acl: notify_from_master
Note that the :ref:`zone_master` option accepts a list of multiple remotes. Note that the :ref:`zone_master` option accepts a list of multiple remotes.
The first remote in the list is used as the primary master, and the rest is used The first remote in the list is used as the primary master, and the rest is used
...@@ -138,9 +138,9 @@ for failover if the connection with the primary master fails. ...@@ -138,9 +138,9 @@ for failover if the connection with the primary master fails.
The list is rotated in this case, and a new primary is elected. The list is rotated in this case, and a new primary is elected.
The preference list is reset on the configuration reload. The preference list is reset on the configuration reload.
To use TSIG for transfer authentication, configure a TSIG key and assign the To use TSIG for transfers and notification messages authentication, configure
key to the remote. If the notifications are used, the same key should be a TSIG key and assign the key both to the remote and the ACL rule. Notice that
configured in a proper ACL rule:: the :ref:`remote` and ref:`acl` definitions are independent::
key: key:
- id: slave1_key - id: slave1_key
...@@ -153,7 +153,7 @@ configured in a proper ACL rule:: ...@@ -153,7 +153,7 @@ configured in a proper ACL rule::
key: slave1_key key: slave1_key
acl: acl:
- id: master_acl - id: notify_from_master
address: 192.168.1.1 address: 192.168.1.1
key: slave1_key key: slave1_key
action: notify action: notify
......
...@@ -361,7 +361,9 @@ Shared key secret. ...@@ -361,7 +361,9 @@ Shared key secret.
ACL section ACL section
=========== ===========
Access control list rule definition. Access control list rule definitions. The ACLs are used to match incoming
connections to allow or deny requested operation (zone transfer request, DDNS
update, etc.).
:: ::
...@@ -470,7 +472,8 @@ control. ...@@ -470,7 +472,8 @@ control.
Remote section Remote section
============== ==============
Definition of remote servers for zone transfers or notifications. Definitions of remote servers for outgoing connections (source of a zone
transfer, target for a notification, etc.).
:: ::
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment