From: Otto Moerbeek Date: Tue, 3 Feb 2026 13:56:36 +0000 (+0100) Subject: Add docs X-Git-Tag: rec-5.5.0-alpha0~6^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4db9c7337821904bc8fcb2c544f863738c005c42;p=thirdparty%2Fpdns.git Add docs Signed-off-by: Otto Moerbeek --- diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst index 39e5217261..b67cd00977 100644 --- a/pdns/recursordist/docs/upgrade.rst +++ b/pdns/recursordist/docs/upgrade.rst @@ -4,6 +4,14 @@ Upgrade Guide Before upgrading, it is advised to read the :doc:`changelog/index`. When upgrading several versions, please read **all** notes applying to the upgrade. +5.4.0 to master +--------------- + +Changed Settings +^^^^^^^^^^^^^^^^ +The :ref:`incoming-ws-config` YAML struct has been extended to be able to specify an encrypted PKCS12 file to configure TLS key and certificate chain. + + 5.1.10, 5.2.8 and 5.3.5 ----------------------- @@ -13,7 +21,7 @@ New settings - The :ref:`setting-yaml-recordcache.max_entry_size` setting has been introduced to limit the maximum size of a stored record set. - The :ref:`setting-yaml-packetcache.max_entry_size` setting has been introduced to limit the maximum size of a packet cache entry. -5.3.0 to master +5.3.0 to 5.4.0 --------------- New Settings diff --git a/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst b/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst index fb8b1344ee..f1e0a1edb2 100644 --- a/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst +++ b/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst @@ -504,6 +504,9 @@ An example of an ``proxymappings`` entry, which is a sequence of `ProxyMapping`_ - example.com - example.net +Description of YAML syntax for additional structured types +---------------------------------------------------------- + ForwardingCatalogZone ^^^^^^^^^^^^^^^^^^^^^ As of version 5.2.0, a forwarding catalog zone entry is defined as: @@ -572,9 +575,9 @@ As of version 5.3.0, an incoming web server configuration is defined as addresses: [] Sequence of SocketAddress tls: - certificates: file containing full certificate chain in PEM format + certificates: file containing full certificate chain in PEM format or (since version 5.5.0) a PKCS12 file key: file containing private key in PEM format - + password: the password used to decrypt a PKCS12 file (since version 5.5.0) A :ref:`setting-yaml-webservice.listen` section contains a sequence of `IncomingWSConfig`_, for example: @@ -590,7 +593,14 @@ A :ref:`setting-yaml-webservice.listen` section contains a sequence of `Incoming If no ``tls`` section is present, plaintext ``http`` connections are accepted on the listed addresses. -If a ``tls`` section is present, clients are required to use ``https`` to contact any of the address-port combinations listen in addresses. At the moment it is not possible to list additional properties of the TLS listener and encrypted key files cannot be used. +If a ``tls`` section is present, clients are required to use ``https`` to contact any of the address-port combinations listen in addresses. + +If both the ``certificate`` and the ``key`` fields are set, the values specify unencrypted PEM files. +The ``password`` field is ignored in that case. + +Starting with version 5.5.0, if the ``key`` field is not set but the ``certificate`` and ``password`` fields are set, the listed file is assumed to be an encrypted PKCS12 (also known as pfx) file containing both a key and the certificate chain. + +At the moment it is not possible to list additional properties of the TLS listener. OutgoingTLSConfiguration ^^^^^^^^^^^^^^^^^^^^^^^^