Commit ead34f2b authored by Ladislav Lhotka's avatar Ladislav Lhotka

Turn 'trust-anchor' list into configuration.

parent 577f9eba
......@@ -29,7 +29,7 @@ module cznic-resolver-common {
"This YANG module defines the common part of a data model for DNS
resolvers.";
revision 2018-10-29 {
revision 2018-12-10 {
description
"Initial revision.";
reference
......@@ -354,9 +354,18 @@ module cznic-resolver-common {
enabled.";
}
list trust-anchor {
config "false";
key "owner";
description
"List of trust anchors that are currently in use for the
"List of trust anchors.
In a configuration datastore, this list specifies the
initial set of trust anchors for the domain that is used
when the server starts. If the 'auto-update' flag is
true, this set may be later rewritten with updates
according to RFC 5011.
In the operation datastore, this list contains trust
anchors that are actually used by the resolver for the
domain.";
uses trust-anchor-spec;
}
......
......@@ -431,10 +431,19 @@
</description>
</leaf>
<list name="trust-anchor">
<config value="false"/>
<key value="owner"/>
<description>
<text>List of trust anchors that are currently in use
for the domain.</text>
<text>
<h:p>List of trust anchors.</h:p>
<h:p>In a configuration datastore, this list specifies
the initial set of trust anchors for the domain that is
used when the server starts. If the 'auto-update' flag
is true, this set may be later rewritten with updates
according to RFC 5011.</h:p>
<h:p>In the operation datastore, this list contains
trust anchors that are actually used by the resolver for
the domain.</h:p>
</text>
</description>
<uses name="trust-anchor-spec"/>
</list>
......
......@@ -36,21 +36,21 @@
| | +--rw auto-update? <boolean>
| | +--rw domain <domain-name(string)>
| | +--rw key-file? <fs-path(string)>
| | +--ro trust-anchor*
| | +--ro owner? <domain-name(string)>
| | +--ro (trust-anchor-rdata)?
| | +--rw trust-anchor* [owner]
| | +--rw owner <domain-name(string)>
| | +--rw (trust-anchor-rdata)?
| | +--:(dnskey)
| | | +--ro dnskey
| | | +--ro algorithm <dnssec-algorithm(enumeration)>
| | | +--ro flags? <dnskey-flags(bits)>
| | | +--ro protocol? <uint8>
| | | +--ro public-key <binary>
| | | +--rw dnskey
| | | +--rw algorithm <dnssec-algorithm(enumeration)>
| | | +--rw flags? <dnskey-flags(bits)>
| | | +--rw protocol? <uint8>
| | | +--rw public-key <binary>
| | +--:(ds)
| | +--ro ds
| | +--ro algorithm <dnssec-algorithm(enumeration)>
| | +--ro digest <hex-digits(string)>
| | +--ro digest-type <digest-algorithm(enumeration)>
| | +--ro key-tag <uint16>
| | +--rw ds
| | +--rw algorithm <dnssec-algorithm(enumeration)>
| | +--rw digest <hex-digits(string)>
| | +--rw digest-type <digest-algorithm(enumeration)>
| | +--rw key-tag <uint16>
| +--rw logging
| | +--rw verbosity? <uint8>
| +--rw network
......
......@@ -10,7 +10,7 @@
},
{
"name": "cznic-resolver-common",
"revision": "2018-10-29",
"revision": "2018-12-10",
"feature": [
"set-group"
],
......@@ -61,4 +61,4 @@
}
]
}
}
\ No newline at end of file
}
......@@ -4,7 +4,7 @@
"module": [
{
"name": "cznic-resolver-common",
"revision": "2018-10-29",
"revision": "2018-12-10",
"feature": [
"set-group"
],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment