dnsdist: Document the `-C /dev/null` trick to generate a key as well

As suggested by @phonedph1 (thanks!).

diff --git a/pdns/dnsdistdist/docs/guides/console.rst b/pdns/dnsdistdist/docs/guides/console.rst
index 68164b8d5a8f5904e9c4b6757c7ac50a0dae5d68..b039320f7da25319479099efbdf10908e263bcf2 100644 (file)
--- a/pdns/dnsdistdist/docs/guides/console.rst
+++ b/pdns/dnsdistdist/docs/guides/console.rst
@@ -15,15 +15,24 @@ Enabling the console without encryption enabled is not recommended. Note that en
 
 Once you have a console-enabled dnsdist, the first step to enable encryption is to generate a key with :func:`makeKey`::
 
-  $ ./dnsdist -l 127.0.0.1:5300
+  $ ./dnsdist -l 127.0.0.1:5300 -C /dev/null
   [..]
   > makeKey()
   setKey("ENCODED KEY")
 
+The example above tells :program:`dnsdist` not to load the default configuration file (``-C /dev/null``) to prevent it
+from trying to listen on privileged ports, connect to backends, etc. It also instructs :program:`dnsdist` not to listen
+on the default (privileged) port 53 of all available addresses but on an unprivileged and hopefully available
+port 5300 on the local interface instead (``-l 127.0.0.1:5300``).
+
 The key does not have a specific format, so base-64 encoding 32 random bytes works as well::
 
   $ dd if=/dev/random bs=1 count=32 status=none | base64
 
+or using ``openssl``::
+
+  $ openssl rand -base64 32
+
 Then add the generated :func:`setKey` line to your dnsdist configuration file, along with a :func:`controlSocket`:
 
 .. code-block:: lua