Commit 398cef3c authored by Daniel Salzman's avatar Daniel Salzman

Merge branch 'editing-2-6' into 'master'

Doc Editing 2 6

See merge request !872
parents b2b9dcfa 17049e25
......@@ -93,7 +93,7 @@ pygments_style = 'sphinx'
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'nature'
html_theme = 'theme_html'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
......@@ -101,7 +101,7 @@ html_theme = 'nature'
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
html_theme_path = ['.']
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
......
......@@ -97,7 +97,9 @@ If there are multiple ACL rules for a single zone, they are applied in the order
of appearance in the :ref:`zone_acl` configuration item of a zone or a template.
The first one to match the given remote is applied, the rest is ignored.
See the following examples and :ref:`ACL section`.::
See the following examples and :ref:`ACL section`.
::
acl:
- id: address_rule
......@@ -644,4 +646,3 @@ On FreeBSD you can just: ::
ifconfig ${dev} -rxcsum -txcsum -lro -tso
Knot developers are open to hear about users' further suggestions about network devices tuning/optimization.
......@@ -18,10 +18,10 @@ features, contribute to Knot development, or you just know what you are doing.
See the project `download <https://www.knot-dns.cz/download>`_ page for
the latest information.
.. _Installation from the source code:
.. _Installation from source code:
Installation from the source code
=================================
Installation from source code
=============================
Required build environment
--------------------------
......@@ -46,8 +46,8 @@ You can find the source code for the latest release on `www.knot-dns.cz <https:/
Alternatively, you can fetch the whole project from the git repository
`git://git.nic.cz/knot-dns.git <https://gitlab.labs.nic.cz/knot/knot-dns/tree/master>`_.
After obtaining the source code, the compilation and installation is a
quite straightforward process using autotools.
After obtaining the source code, compilation and installation is a quite
straightforward process using autotools.
.. _Configuring and generating Makefiles:
......
......@@ -63,10 +63,10 @@ Dynamic configuration
=====================
The configuration database can be accessed using the server control interface
during the running server. To get the full power of the dynamic configuration,
while the server is running. To get the full power of the dynamic configuration,
the server must be started with a specified configuration database location
or with the default database initialized. Otherwise all the changes to the
configuration will be temporary (until the server stop).
configuration will be temporary (until the server is stopped).
.. NOTE::
The database can be :ref:`imported<Configuration database>` in advance.
......@@ -113,7 +113,9 @@ section identifier or to add a value to all identified sections::
.. NOTE::
Also the include operation can be performed. A non-absolute file
location is relative to the server binary path, not to the control binary
path!::
path!
::
$ knotc conf-set 'include' '/tmp/new_zones.conf'
......@@ -248,8 +250,8 @@ A full example of setting up a completely new zone from scratch::
.. _Editing zonefile:
Safe reading and editing zone file
==================================
Reading and editing zone file safely
====================================
It's always possible to read and edit the zone contents via zone file manipulation.
However, it may lead to confusion if zone contents are continuously changing or
......@@ -265,7 +267,7 @@ causing freeze pending. So we watch the zone status until frozen. Then we can fl
frozen zone contents.
Now we open a text editor and perform desired changes to the zone file. It's necessary
to increase SOA serial in this step to keep consistency. Finaly, we can load the
to **increase SOA serial** in this step to keep consistency. Finaly, we can load the
modified zone file and if successful, thaw the zone.::
$ knotc zone-reload example.com.
......@@ -277,33 +279,33 @@ Journal behaviour
=================
Zone journal keeps some history of changes of the zone. It is useful for
responding IXFR queries. Also if zone file flush is disabled,
responding to IXFR queries. Also if zone file flush is disabled,
journal keeps diff between zonefile and zone for the case of server shutdown.
The history is stored by changesets - diffs of zone contents between two
The history is stored in changesets – diffs of zone contents between two
(usually subsequent) zone serials.
Journals for all zones are stored in common LMDB database. Huge changesets are
split into 70 KiB (this constant is hardcoded) blocks to prevent fragmentation of the DB.
Journals of all zones are stored in a common LMDB database. Huge changesets are
split into 70 KiB [#fn-hc]_ blocks to prevent fragmentation of the DB.
Journal does each operation in one transaction to keep consistency of the DB and performance.
The exception is when store transaction exceeds 5% of the whole DB mapsize, it is split into multiple ones
The exception is when store transaction exceeds 5 % of the whole DB mapsize, it is split into multiple ones
and some dirty-chunks-management involves.
Each zone journal has own :ref:`usage limit <zone_max-journal-usage>`
on how much DB space it may occupy. Before hitting the limit,
changesets are stored one-by-one and whole history is linear. While hitting the limit,
the zone is flushed into zone file, and oldest changesets are deleted as needed to free
some space. Actually, twice (again, hardcoded constant) the needed amount is deleted to
some space. Actually, twice [#fn-hc]_ the needed amount is deleted to
prevent too frequent deletes. Further zone file flush is invoked after the journal runs out of deletable
"flushed changesets".
If zone file flush is disabled, instead of flushing the zone, the journal tries to
save space by merging older changesets into one. It works well if the changes rewrite
each other, e.g. periodically changing few zone records, re-signing whole zone...
The diff between zone file and zone is thus preserved, even if journal deletes some
The diff between the zone file and the zone is thus preserved, even if journal deletes some
older changesets.
If the journal is used to store both zone history and contents, a special changeset
is present with zone contents. When journal gets full, the changes are merged into this
is present with zone contents. When the journal gets full, the changes are merged into this
special changeset.
There is also a :ref:`safety hard limit <template_max-journal-db-size>` for overall
......@@ -312,6 +314,8 @@ a way to prevent hitting this one. For LMDB, it's hard to recover from the
database-full state. For wiping one zone's journal, see *knotc zone-purge +journal*
command.
.. [#fn-hc] This constant is hardcoded.
.. _DNSSEC Key rollovers:
DNSSEC key rollovers
......@@ -446,7 +450,7 @@ server is reloaded, the rollover continues along the lines of :rfc:`6781#section
2017-10-24T14:53:44 info: [example.com.] DNSSEC, next signing at 2017-10-31T13:52:37
2017-10-24T14:53:44 notice: [example.com.] DNSSEC, KSK submission, waiting for confirmation
Again, KSK submission follows as in :ref:`KSK rollover example<DNSSEC ksk rollover example>`.::
Again, KSK submission follows as in :ref:`KSK rollover example<DNSSEC ksk rollover example>`::
2017-10-24T14:54:20 notice: [example.com.] DNSSEC, KSK submission, confirmed
2017-10-24T14:54:20 info: [example.com.] DNSSEC, signing zone
......@@ -489,7 +493,7 @@ that is the last generated KSK in any of the zones with the same policy assigned
Anyway, only the cryptographic material is shared, the key may have different timers
in each zone.
Consequences:
.. rubric:: Consequences:
If we have an initial setting with brand new zones without any DNSSEC keys,
the initial keys for all zones are generated. With shared KSK, they will all have the same KSK,
......
......@@ -39,7 +39,7 @@ Memory requirements
The server implementation focuses on performance and thus can be quite
memory demanding. The rough estimate for memory requirements is
3 times the size of the zone in the text format. Again this is only
3 times the size of the zone in the plain-text format. Again this is only
an estimate and you are advised to do your own measurements before
deploying Knot DNS to production.
......@@ -66,25 +66,25 @@ Knot DNS requires a few libraries to be available:
* lmdb >= 0.9.15
.. NOTE::
The LMDB library is included with the Knot DNS source code, however linking
The LMDB library is included with Knot DNS source code. However, linking
with the system library is preferred.
Optional libraries
==================
International Domain Names support (IDNA2003 or IDNA2008) in kdig:
International Domain Names support (IDNA2003 or IDNA2008) in kdig needs:
* libidn or libidn2
Systemd's startup notifications mechanism and journald logging:
Systemd's startup notifications mechanism and journald logging need:
* libsystemd
Dnstap support in kdig and module dnstap:
Dnstap support in kdig and module dnstap need:
* fstrm (and protobuf-c if building from the source code)
* fstrm (and protobuf-c if building from source code)
POSIX 1003.1e :manpage:`capabilites(7)` by sandboxing the exposed threads.
POSIX 1003.1e :manpage:`capabilites(7)` by sandboxing exposed threads.
Most rights are stripped from the exposed threads for security reasons.
* libcap-ng >= 0.6.4
/* === Style for admonitions === */
/* Settings from 'basic' theme (modified only) */
div.admonition {
margin-top: 10px;
margin-bottom: 10px;
padding: 7px;
padding-left: 54px;/* based on icon size */
padding-right: 24px;/* based on icon size */
}
/* Settings from 'classic' theme (modified only) */
div.admonition p {
display: block;
}
p.admonition-title {
padding-bottom: 11px;/* based on icon size */
padding-top: 11px;/* based on icon size */
}
p.admonition-title:after {
content: none; /* do not add colon */
}
/* Icon settings for all admonitions */
div.admonition {
/* background-image: url('abstract_admon_48.png'); */
background-repeat: no-repeat;
background-position: 2px 2px;
}
/* Specific admonitions */
div.admonition-todo {
background-color: #CAE2B6;
border: solid 1px #439427;
}
div.warning {
background-image: url('icons/admon_warning_48.png');
background-color: #FFE4E4;
border: solid 3px #990D1C;
}
div.caution {
background-image: url('icons/admon_caution_48.png');
background-color: #FFE4E4;
border: solid 1px #990D1C;
}
div.important {
background-image: url('icons/admon_important_48.png');
background-color: #FBECC8;
border: solid 1px #D68612;
}
div.note {
background-image: url('icons/admon_note_48.png');
background-color: white;
border: solid 1px #D1D3D4;
}
div.tip {
background-image: url('icons/admon_tip_48.png');
background-color: #F2E4FD;
border: solid 1px #D1C2E6;
}
@import url("nature.css");
/* Addendum for admonitions */
@import url("admons.css");
/* Other overrides here */
[theme]
inherit = nature
stylesheet = main.css
pygments_style = sphinx
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment