[#2124] Updated doc for stats

author Francis Dupont <fdupont@isc.org>

Fri, 8 Oct 2021 13:17:04 +0000 (15:17 +0200)

committer Francis Dupont <fdupont@isc.org>

Fri, 8 Oct 2021 13:17:04 +0000 (15:17 +0200)
author Francis Dupont <fdupont@isc.org>
Fri, 8 Oct 2021 13:17:04 +0000 (15:17 +0200)
committer Francis Dupont <fdupont@isc.org>
Fri, 8 Oct 2021 13:17:04 +0000 (15:17 +0200)
diff --git a/doc/sphinx/arm/ext-gss-tsig.rst b/doc/sphinx/arm/ext-gss-tsig.rst

index ce1eec7d4f9aaa3c4298cdbbb9fa9c20e54c9500..cffebd9cbb34fe70e3f0bf7311e6aacda57a487c 100644 (file)
--- a/doc/sphinx/arm/ext-gss-tsig.rst
+++ b/doc/sphinx/arm/ext-gss-tsig.rst
@@ -615,6 +615,28 @@ The server map parameters are:
  
  - ``comment`` is allowed but currently ignored.
  
+.. _stats-gss-tsig:
+
+GSS-TSIG Statistics
+-------------------
+
+The GSS-TSIG hook library introduces new statistics at global and
+per DNS server levels:
+
+-  ``gss-tsig-key-created`` - number of created GSS-TSIG keys
+-  ``tkey-sent`` - sent TKEY exchange initial requests
+-  ``tkey-success`` - TKEY exchanges which completed with a success
+-  ``tkey-timeout`` - TKEY exchanges which completed on timeout
+-  ``tkey-error`` - TKEY exchanges which completed with an error other than
+   timeout
+
+The relationship between keys and DNS servers are very different between
+the D2 code and static TSIG keys, and GSS-TSIG keys and DNS servers:
+
+ - a static TSIG key can be shared between many DNS servers
+ - a GSS-TSIG key is used only by one DNS server inside a dedicated
+   set of keys.
+
  .. _command-gss-tsig:
  
  GSS-TSIG Commands
author	Francis Dupont <fdupont@isc.org>
	Fri, 8 Oct 2021 13:17:04 +0000 (15:17 +0200)
committer	Francis Dupont <fdupont@isc.org>
	Fri, 8 Oct 2021 13:17:04 +0000 (15:17 +0200)