Commit c0fd92c5 authored by Ladislav Lhotka's avatar Ladislav Lhotka

Improve definition of "trust-anchor" list

parent 790e8898
Pipeline #43275 passed with stages
in 49 seconds
......@@ -29,7 +29,7 @@ module cznic-resolver-common {
"This YANG module defines the common part of a data model for DNS
resolvers.";
revision 2018-12-10 {
revision 2018-12-13 {
description
"Initial revision.";
reference
......@@ -327,23 +327,11 @@ module cznic-resolver-common {
leaf key-file {
type fs-path;
description
"Name of the file in which trust anchors are stored. The
file contains DS or DNSKEY records in the zone file
format.
"Name of the file that is used by the RFC 5011 update
procedure for storing trust anchors are stored.
If the file is specified, it must also exist and be
properly populated. The only exception is the file for
the root domain ('.'): if it doesn't exist, it will be
created and populated from the IANA website.
The file is used for two purposes:
- to initialize the trust anchors when the resolver
starts
- as a storage place for updates accroding to RFC 5011
(unless they are turned off using the 'auto-update'
flag).";
Usually there will be a default location, which is
however implementation- and platform-specific.";
}
leaf auto-update {
type boolean;
......@@ -358,14 +346,22 @@ module cznic-resolver-common {
description
"List of trust anchors.
In a configuration datastore, this list specifies the
initial set of trust anchors for the domain that is used
when the server starts. If the 'auto-update' flag is
true, this set may be later rewritten with updates
according to RFC 5011.
In a configuration datastore, the semantics of this list
depends on the setting of the 'auto-update' flag in the
following way:
- If 'auto-update' is true (the default), this list
specifies the initial set of trust anchors for the
domain that is used when the server starts. Later on,
this list, and any updates to it, are ignored.
- If 'auto-update' is false, this list configures the
trust anchors to be used for the domain, and
subsequent changes to this list shall be taken into
account.
In the operation datastore, this list contains trust
anchors that are actually used by the resolver for the
anchors that are currently used by the resolver for the
domain.";
uses trust-anchor-spec {
refine "trust-anchor-rdata/dnskey/dnskey/flags" {
......@@ -380,10 +376,10 @@ module cznic-resolver-common {
}
action add-trust-anchor {
description
"Specify a trust anchor explicitly.
"Install a trust anchor.
The resolver add this item to the existing trust anchors
for the domain.";
The resolver shall add this item to the existing trust
anchors for the domain.";
input {
uses trust-anchor-spec;
}
......
......@@ -390,9 +390,9 @@
<action name="add-trust-anchor">
<description>
<text>
<h:p>Specify a trust anchor explicitly.</h:p>
<h:p>The resolver add this item to the existing trust
anchors for the domain.</h:p>
<h:p>Install a trust anchor.</h:p>
<h:p>The resolver shall add this item to the existing
trust anchors for the domain.</h:p>
</text>
</description>
<input>
......@@ -403,21 +403,11 @@
<type name="fs-path"/>
<description>
<text>
<h:p>Name of the file in which trust anchors are
stored. The file contains DS or DNSKEY records in the
zone file format.</h:p>
<h:p>If the file is specified, it must also exist and be
properly populated. The only exception is the file for
the root domain ('.'): if it doesn't exist, it will be
created and populated from the IANA website.</h:p>
<h:p>The file is used for two purposes:</h:p>
<h:ul>
<h:li>to initialize the trust anchors when the
resolver starts</h:li>
<h:li>as a storage place for updates accroding to RFC
5011 (unless they are turned off using the
'auto-update' flag).</h:li>
</h:ul>
<h:p>Name of the file that is used by the RFC 5011
update procedure for storing trust anchors are
stored.</h:p>
<h:p>Usually there will be a default location, which is
however implementation- and platform-specific.</h:p>
</text>
</description>
</leaf>
......@@ -435,13 +425,22 @@
<description>
<text>
<h:p>List of trust anchors.</h:p>
<h:p>In a configuration datastore, this list specifies
the initial set of trust anchors for the domain that is
used when the server starts. If the 'auto-update' flag
is true, this set may be later rewritten with updates
according to RFC 5011.</h:p>
<h:p>In a configuration datastore, the semantics of this
list depends on the setting of the 'auto-update' flag in
the following way:</h:p>
<h:ul>
<h:li>If 'auto-update' is true (the default), this
list specifies the initial set of trust anchors for
the domain that is used when the server starts. Later
on, this list, and any updates to it, are
ignored.</h:li>
<h:li>If 'auto-update' is false, this list configures
the trust anchors to be used for the domain, and
subsequent changes to this list shall be taken into
account.</h:li>
</h:ul>
<h:p>In the operation datastore, this list contains
trust anchors that are actually used by the resolver for
trust anchors that are currently used by the resolver for
the domain.</h:p>
</text>
</description>
......
......@@ -4,7 +4,7 @@
"module": [
{
"name": "cznic-resolver-common",
"revision": "2018-12-10",
"revision": "2018-12-13",
"feature": [
"set-group"
],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment