From: Gert van Dijk Date: Sun, 31 Mar 2019 17:25:21 +0000 (+0200) Subject: docs: Fix formatting of some code blocks X-Git-Tag: rec-4.2.0-rc1~45^2~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=633489be02df94ece6e837cbdcb984ee0ddcd343;p=thirdparty%2Fpdns.git docs: Fix formatting of some code blocks --- diff --git a/docs/appendices/backend-writers-guide.rst b/docs/appendices/backend-writers-guide.rst index 4766771f77..d47a35dc18 100644 --- a/docs/appendices/backend-writers-guide.rst +++ b/docs/appendices/backend-writers-guide.rst @@ -643,9 +643,9 @@ Supermaster/Superslave capability A backend that wants to act as a 'superslave' for a master should implement the following method: -:: +.. code-block:: cpp - class DNSBackend + class DNSBackend { virtual bool superMasterBackend(const string &ip, const string &domain, const vector&nsset, string *account, DNSBackend **db) }; diff --git a/docs/backends/generic-mysql.rst b/docs/backends/generic-mysql.rst index edc0ed9580..0e125ea7c1 100644 --- a/docs/backends/generic-mysql.rst +++ b/docs/backends/generic-mysql.rst @@ -33,6 +33,7 @@ material, and other information upon deletion of a domain from the domains table. The following SQL does the job: .. literalinclude:: ../../modules/gmysqlbackend/enable-foreign-keys.mysql.sql + :language: SQL Using MySQL replication ----------------------- diff --git a/docs/backends/generic-odbc.rst b/docs/backends/generic-odbc.rst index 69fa1b5f43..6c6b3997a7 100644 --- a/docs/backends/generic-odbc.rst +++ b/docs/backends/generic-odbc.rst @@ -114,6 +114,7 @@ This schema can also be found in the PowerDNS source as This is the schema for 4.2. For 4.1, please find `the 4.1 schema on GitHub `_. .. literalinclude:: ../../modules/godbcbackend/schema.mssql.sql + :language: SQL Load this into the database as follows: @@ -133,7 +134,7 @@ Configuring PowerDNS Add the options required to your ``pdns.conf``: -:: +.. code-block:: ini launch=godbc godbc-datasource=pdns1 diff --git a/docs/backends/generic-oracle.rst b/docs/backends/generic-oracle.rst index 31f08c2e2f..59fa2e74ca 100644 --- a/docs/backends/generic-oracle.rst +++ b/docs/backends/generic-oracle.rst @@ -27,6 +27,7 @@ need or want to add ``namespace`` statements. Below, you will find the schema for 4.2. If you are using 4.1 or earlier, please find `the 4.1 schema on GitHub `_. .. literalinclude:: ../../modules/goraclebackend/schema.goracle.sql + :language: SQL This schema contains all elements needed for master, slave and superslave operation. diff --git a/docs/backends/generic-postgresql.rst b/docs/backends/generic-postgresql.rst index 824233413d..41738ec9ca 100644 --- a/docs/backends/generic-postgresql.rst +++ b/docs/backends/generic-postgresql.rst @@ -97,3 +97,4 @@ Default schema This is the 4.2 schema. Please find `the 4.1 schema on GitHub `_. .. literalinclude:: ../../modules/gpgsqlbackend/schema.pgsql.sql + :language: SQL diff --git a/docs/backends/generic-sql.rst b/docs/backends/generic-sql.rst index b1e2027f11..b98eb04bb0 100644 --- a/docs/backends/generic-sql.rst +++ b/docs/backends/generic-sql.rst @@ -48,17 +48,15 @@ And wait a while for PowerDNS to pick up the addition - which happens within one minute (this is determined by the :ref:`setting-slave-cycle-interval` setting). There is no need to inform PowerDNS that a new domain was -added. Typical output is: - -.. code-block:: SQL - - Apr 09 13:34:29 All slave domains are fresh - Apr 09 13:35:29 1 slave domain needs checking - Apr 09 13:35:29 Domain example.com is stale, master serial 1, our serial 0 - Apr 09 13:35:30 [gPgSQLBackend] Connected to database - Apr 09 13:35:30 AXFR started for 'example.com' - Apr 09 13:35:30 AXFR done for 'example.com' - Apr 09 13:35:30 [gPgSQLBackend] Closing connection +added. Typical output is:: + + Apr 09 13:34:29 All slave domains are fresh + Apr 09 13:35:29 1 slave domain needs checking + Apr 09 13:35:29 Domain example.com is stale, master serial 1, our serial 0 + Apr 09 13:35:30 [gPgSQLBackend] Connected to database + Apr 09 13:35:30 AXFR started for 'example.com' + Apr 09 13:35:30 AXFR done for 'example.com' + Apr 09 13:35:30 [gPgSQLBackend] Closing connection From now on, PowerDNS is authoritative for the 'example.com' zone and will respond accordingly for queries within that zone. diff --git a/docs/backends/generic-sqlite3.rst b/docs/backends/generic-sqlite3.rst index 31066a9213..b0e723acee 100644 --- a/docs/backends/generic-sqlite3.rst +++ b/docs/backends/generic-sqlite3.rst @@ -93,11 +93,10 @@ Using the SQLite backend ------------------------ The last thing you need to do is telling PowerDNS to use the SQLite -backend. +backend in pdns.conf: -:: +.. code-block:: ini - # in pdns.conf launch=gsqlite3 gsqlite3-database= @@ -105,7 +104,7 @@ Then you can start PowerDNS and it should notify you that a connection to the database was made. Compiling the SQLite backend ------------------------------ +---------------------------- Before you can begin compiling PowerDNS with the SQLite backend you need to have the SQLite utility and library installed on your system. You can diff --git a/docs/backends/ldap.rst b/docs/backends/ldap.rst index b2f58c9bb9..76111e2b65 100644 --- a/docs/backends/ldap.rst +++ b/docs/backends/ldap.rst @@ -65,7 +65,7 @@ Add them to the ``pdns.conf`` file. To launch the ldap backend: -:: +.. code-block:: ini launch=ldap @@ -450,7 +450,7 @@ standard compliant LDAP server. ``zone2ldap`` needs the BIND ``named.conf`` (usually located in /etc) as input and writes the dns record entries in ldif format to stdout: -:: +.. code-block:: shell zone2ldap --basedn=YOUR_BASE_DN \ @@ -460,7 +460,7 @@ record entries in ldif format to stdout: Alternatively zone2ldap can be used to convert only single zone files instead all zones: -:: +.. code-block:: shell zone2ldap --basedn=YOUR_BASE_DN \ @@ -487,7 +487,7 @@ creates a file in LDIF format with the necessary LDAP updates including the "associatedDomain" and "dc" attributes. The utility is executed on the command line by: -:: +.. code-block:: shell ./bind2pdns-ldap --host=HOSTNAME_OR_IP \ @@ -525,7 +525,7 @@ into a file and call ``zone2ldap`` with the file name as option to the which can be imported into the LDAP tree. The bash script except below automates this: -:: +.. code-block:: shell DNSSERVER=127.0.0.1 DOMAINS="example.com 10.10.in-addr.arpa" diff --git a/docs/backends/lua.rst b/docs/backends/lua.rst index 610f3f5c64..b7d39dcb2b 100644 --- a/docs/backends/lua.rst +++ b/docs/backends/lua.rst @@ -102,9 +102,9 @@ The following script can be used to test the server: This will yield the following result: -:: +.. code-block:: shell - $dig any www.test.com @127.0.0.1 -p5300 +multiline + $ dig any www.test.com @127.0.0.1 -p5300 +multiline ; <<>> DiG 9.7.3 <<>> any www.test.com @127.0.0.1 -p5300 +multiline ;; global options: +cmd ;; Got answer: @@ -152,7 +152,9 @@ luafunctions if you want. For example: .. _setting-lua-f_lookup: -``lua-f_lookup = mynewfunction`` +.. code-block:: ini + + lua-f_lookup = mynewfunction will call the function ``mynewfunction`` for the lookup-routine. @@ -168,7 +170,9 @@ You can have an error function in Lua when Lua gives back a error. First make your error function then you put this in ``pdns.conf``: -``lua-f_exec_error = YOUR_METHOD`` +.. code-block:: ini + + lua-f_exec_error = YOUR_METHOD DNSSEC ------ diff --git a/docs/backends/opendbx.rst b/docs/backends/opendbx.rst index 81a19fc8e0..768bc28367 100644 --- a/docs/backends/opendbx.rst +++ b/docs/backends/opendbx.rst @@ -293,7 +293,7 @@ Supported without changes since OpenDBX 1.0.0 but requires to set (including the trailing slash or backslash, depending on your operating system) and opendbx-database to the name of the file. -.. code-block:: SQL +.. code-block:: ini opendbx-host-read = /path/to/file/ opendbx-host-write = /path/to/file/ @@ -302,7 +302,7 @@ system) and opendbx-database to the name of the file. SQLite Schema ~~~~~~~~~~~~~ -:: +.. code-block:: SQL CREATE TABLE "domains" ( "id" INTEGER NOT NULL PRIMARY KEY, @@ -370,7 +370,7 @@ SQLite Schema SQLite3 Schema ~~~~~~~~~~~~~~ -:: +.. code-block:: SQL CREATE TABLE "domains" ( "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, @@ -442,7 +442,7 @@ Requires :ref:`setting-opendbx-database` set to the path of the database file and doesn't support the default statement for starting transactions. Please add the following lines to your pdns.conf: -:: +.. code-block:: ini opendbx-database = /var/lib/firebird2/data/powerdns.gdb opendbx-sql-transactbegin = SET TRANSACTION @@ -452,7 +452,7 @@ tool with the parameter ``-page 4096``. Otherwise, you will get an error (key size exceeds implementation restriction for index "pdns\_unq\_domains\_name") when creating the tables. -:: +.. code-block:: SQL CREATE TABLE "domains" ( "id" INTEGER NOT NULL, @@ -560,13 +560,13 @@ configuration file of the dblib client library) and doesn't support the default statement for starting transactions. Please add the following lines to your pdns.conf: -:: +.. code-block:: ini opendbx-host-read = MSSQL2k opendbx-host-write = MSSQL2k opendbx-sql-transactbegin = BEGIN TRANSACTION -:: +.. code-block:: SQL SET quoted_identifier ON; @@ -650,13 +650,13 @@ section in the configuration file of the ctlib client library) and doesn't support the default statement for starting transactions. Please add the following lines to your pdns.conf: -:: +.. code-block:: ini opendbx-host-read = SYBASE opendbx-host-write = SYBASE opendbx-sql-transactbegin = BEGIN TRANSACTION -:: +.. code-block:: SQL SET quoted_identifier ON; @@ -736,11 +736,11 @@ Oracle Uses a different syntax for transactions and requires the following additional line in your pdns.conf: -:: +.. code-block:: ini opendbx-sql-transactbegin = SET TRANSACTION NAME 'AXFR' -:: +.. code-block:: SQL CREATE TABLE "domains" ( "id" INTEGER NOT NULL, diff --git a/docs/backends/oracle.rst b/docs/backends/oracle.rst index 8445e694ec..ba9b7c34bd 100644 --- a/docs/backends/oracle.rst +++ b/docs/backends/oracle.rst @@ -352,7 +352,7 @@ oracle-basic-query Looking for records based on owner name and type. Default: -:: +.. code-block:: SQL SELECT fqdn, ttl, type, content, zone_id, last_change, auth FROM Records @@ -363,7 +363,7 @@ oracle-basic-id-query Looking for records from one zone based on owner name and type. Default: -:: +.. code-block:: SQL SELECT fqdn, ttl, type, content, zone_id, last_change, auth FROM Records @@ -374,7 +374,7 @@ oracle-any-query Looking for records based on owner name. Default: -:: +.. code-block:: SQL SELECT fqdn, ttl, type, content, zone_id, last_change, auth FROM Records @@ -387,7 +387,7 @@ oracle-any-id-query Looking for records from one zone based on owner name. Default: -:: +.. code-block:: SQL SELECT fqdn, ttl, type, content, zone_id, last_change, auth FROM Records @@ -401,7 +401,7 @@ oracle-list-query Looking for all records from one zone. Default: -:: +.. code-block:: SQL SELECT fqdn, ttl, type, content, zone_id, last_change, auth FROM Records @@ -418,7 +418,7 @@ oracle-get-zone-metadata-query Fetch the content of the metadata entries of type ':kind' for the zone called ':name', in their original order. Default: -:: +.. code-block:: SQL SELECT md.meta_content FROM Zones z JOIN ZoneMetadata md ON z.id = md.zone_id @@ -432,7 +432,7 @@ Delete all metadata entries of type ':kind' for the zone called ':name'. You can skip this if you do not plan to manage zones with the ``pdnsutil`` tool. Default: -:: +.. code-block:: SQL DELETE FROM ZoneMetadata md WHERE zone_id = (SELECT id FROM Zones z WHERE z.name = lower(:name)) @@ -444,7 +444,7 @@ oracle-set-zone-metadata-query Create a metadata entry. You can skip this if you do not plan to manage zones with the ``pdnsutil`` tool. Default: -:: +.. code-block:: SQL INSERT INTO ZoneMetadata (zone_id, meta_type, meta_ind, meta_content) VALUES ( @@ -457,7 +457,7 @@ oracle-get-tsig-key-query Retrieved the TSIG key specified by ':name'. Default: -:: +.. code-block:: SQL SELECT algorithm, secret FROM TSIGKeys @@ -471,7 +471,7 @@ oracle-get-zone-keys-query Retrieve the DNSSEC signing keys for a zone. Default: -:: +.. code-block:: SQL SELECT k.id, k.flags, k.active, k.keydata FROM ZoneDNSKeys k JOIN Zones z ON z.id = k.zone_id @@ -483,7 +483,7 @@ oracle-del-zone-key-query Delete a DNSSEC signing key. You can skip this if you do not plan to manage zones with the ``pdnsutil`` tool. Default: -:: +.. code-block:: SQL DELETE FROM ZoneDNSKeys WHERE id = :keyid @@ -493,9 +493,9 @@ oracle-add-zone-key-query Add a DNSSEC signing key. You can skip this if you do not plan to manage zones with the ``pdnsutil`` tool. Default: -:: +.. code-block:: SQL - INSERT INTO ZoneDNSKeys (id, zone_id, flags, active, keydata) " + INSERT INTO ZoneDNSKeys (id, zone_id, flags, active, keydata) VALUES ( zonednskeys_id_seq.NEXTVAL, (SELECT id FROM Zones WHERE name = lower(:name)), @@ -510,7 +510,7 @@ oracle-set-zone-key-state-query Enable or disable a DNSSEC signing key. You can skip this if you do not plan to manage zones with the **pdnsutil** tool. Default: -:: +.. code-block:: SQL UPDATE ZoneDNSKeys SET active = :active WHERE id = :keyid @@ -526,7 +526,7 @@ variables, not a query. Default: -:: +.. code-block:: SQL BEGIN get_canonical_prev_next(:zoneid, :name, :prev, :next); @@ -539,7 +539,7 @@ Given an NSEC3 hash, this call needs to return its predecessor and successor in NSEC3 zone ordering into ``:prev`` and ``:next``, and the FQDN of the predecessor into ``:unhashed``. Default: -:: +.. code-block:: SQL BEGIN get_hashed_prev_next(:zoneid, :hash, :unhashed, :prev, :next); @@ -554,7 +554,7 @@ oracle-zone-info-query Get some basic information about the named zone before doing master/slave things. Default: -:: +.. code-block:: SQL SELECT id, name, type, last_check, serial, notified_serial FROM Zones @@ -567,7 +567,7 @@ Delete all records for a zone in preparation for an incoming zone transfer. This happens inside a transaction, so if the transfer fails, the old zone content will still be there. Default: -:: +.. code-block:: SQL DELETE FROM Records WHERE zone_id = :zoneid @@ -578,7 +578,7 @@ Insert a record into the zone during an incoming zone transfer. This happens inside the same transaction as delete-zone, so we will not end up with a partially transferred zone. Default: -:: +.. code-block:: SQL INSERT INTO Records (id, fqdn, zone_id, ttl, type, content) VALUES (records_id_seq.NEXTVAL, lower(:name), :zoneid, :ttl, :type, :content) @@ -592,7 +592,7 @@ empty non-terminals, set the ``auth`` bit and NSEC3 hashes, and generally do any post-processing your schema requires. The do-nothing default: -:: +.. code-block:: SQL DECLARE zone_id INTEGER := :zoneid; @@ -610,7 +610,7 @@ Return a list of zones that need to be checked and their master servers. Return multiple rows, identical except for the master address, for zones with more than one master. Default: -:: +.. code-block:: SQL SELECT z.id, z.name, z.last_check, z.serial, zm.master FROM Zones z JOIN Zonemasters zm ON z.id = zm.zone_id @@ -623,7 +623,7 @@ oracle-zone-set-last-check-query Set the last check timestamp after a successful check. Default: -:: +.. code-block:: SQL UPDATE Zones SET last_check = :lastcheck WHERE id = :zoneid @@ -633,7 +633,7 @@ oracle-updated-masters-query Return a list of zones that need to have ``NOTIFY`` packets sent out. Default: -:: +.. code-block:: SQL SELECT id, name, serial, notified_serial FROM Zones @@ -645,7 +645,7 @@ oracle-zone-set-notified-serial-query Set the last notified serial after packets have been sent. Default: -:: +.. code-block:: SQL UPDATE Zones SET notified_serial = :serial WHERE id = :zoneid @@ -656,7 +656,7 @@ Return a list of hosts that should be notified, in addition to any nameservers in the NS records, when sending ``NOTIFY`` packets for the named zone. Default: -:: +.. code-block:: SQL SELECT an.hostaddr FROM Zones z JOIN ZoneAlsoNotify an ON z.id = an.zone_id @@ -667,7 +667,7 @@ oracle-zone-masters-query Return a list of masters for the zone specified by id. Default: -:: +.. code-block:: SQL SELECT master FROM Zonemasters @@ -679,7 +679,7 @@ oracle-is-zone-master-query Return a row if the specified host is a registered master for the named zone. Default: -:: +.. code-block:: SQL SELECT zm.master FROM Zones z JOIN Zonemasters zm ON z.id = zm.zone_id @@ -694,7 +694,7 @@ oracle-accept-supernotification-query If a supernotification should be accepted from ':ip', for the master nameserver ':ns', return a label for this supermaster. Default: -:: +.. code-block:: SQL SELECT name FROM Supermasters @@ -706,7 +706,7 @@ oracle-insert-slave-query A supernotification has just been accepted, and we need to create an entry for the new zone. Default: -:: +.. code-block:: SQL INSERT INTO Zones (id, name, type) VALUES (zones_id_seq.NEXTVAL, lower(:zone), 'SLAVE') @@ -718,7 +718,7 @@ oracle-insert-master-query We need to register the first master server for the newly created zone. Default: -:: +.. code-block:: SQL INSERT INTO Zonemasters (zone_id, master) VALUES (:zoneid, :ip) diff --git a/docs/backends/remote.rst b/docs/backends/remote.rst index 6a54b933d0..49e74b4afc 100644 --- a/docs/backends/remote.rst +++ b/docs/backends/remote.rst @@ -50,7 +50,7 @@ Usage The only configuration options for backend are remote-connection-string and remote-dnssec. -:: +.. code-block:: ini remote-connection-string=:=,=... @@ -63,7 +63,7 @@ Unix connector parameters: path, timeout (default 2000ms) -:: +.. code-block:: ini remote-connection-string=unix:path=/path/to/socket @@ -72,7 +72,7 @@ Pipe connector parameters: command,timeout (default 2000ms) -:: +.. code-block:: ini remote-connection-string=pipe:command=/path/to/executable,timeout=2000 @@ -81,7 +81,7 @@ HTTP connector parameters: url, url-suffix, post, post_json, timeout (default 2000ms) -:: +.. code-block:: ini remote-connection-string=http:url=http://localhost:63636/dns,url-suffix=.php @@ -107,7 +107,7 @@ ZeroMQ connector parameters: endpoint, timeout (default 2000ms) -:: +.. code-block:: ini remote-connection-string=zeromq:endpoint=ipc:///tmp/tmp.sock @@ -159,13 +159,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"initialize", "parameters":{"command":"/path/to/something", "timeout":"2000", "something":"else"}} Response: -:: +.. code-block:: json {"result":true} @@ -191,13 +191,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"lookup", "parameters":{"qtype":"ANY", "qname":"www.example.com.", "remote":"192.0.2.24", "local":"192.0.2.1", "real-remote":"192.0.2.24", "zone-id":-1}} Response: -:: +.. code-block:: json {"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]} @@ -241,13 +241,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"list", "parameters":{"zonename":"example.com.","domain_id":-1}} Response (split into lines for ease of reading) -:: +.. code-block:: json {"result":[ {"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600}, @@ -294,15 +294,15 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"getbeforeandafternamesabsolute", "params":{"id":0,"qname":"www.example.com"}} Response: -:: +.. code-block:: json - {”result":{"before":"ns1","after":""}} + {"result":{"before":"ns1","after":""}} Example HTTP/RPC '''''''''''''''' @@ -315,9 +315,9 @@ Query: Response: -:: +.. code-block:: json - {”result":{"before":"ns1","after":""}} + {"result":{"before":"ns1","after":""}} ``getAllDomainMetadata`` ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -335,13 +335,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"getalldomainmetadata", "parameters":{"name":"example.com"}} Response: -:: +.. code-block:: json {"result":{"PRESIGNED":["0"]}} @@ -380,13 +380,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"getdomainmetadata", "parameters":{"name":"example.com.","kind":"PRESIGNED"}} Response: -:: +.. code-block:: json {"result":["0"]} @@ -424,13 +424,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"setdomainmetadata","parameters":{"name":"example.com","kind":"PRESIGNED","value":["YES"]}} Response: -:: +.. code-block:: json {"result":true} @@ -476,13 +476,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"getdomainkeys","parameters":{"name":"example.com."}} Response: -:: +.. code-block:: json {"result":[{"id":1,"flags":256,"active":true,"content":"Private-key-format: v1.2 Algorithm: 8 (RSASHA256) @@ -538,7 +538,7 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"adddomainkey", "parameters":{"key":{"id":1,"flags":256,"active":true,"content":"Private-key-format: v1.2 Algorithm: 8 (RSASHA256) @@ -553,7 +553,7 @@ Query: Response: -:: +.. code-block:: json {"result":true} @@ -602,13 +602,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json - {"method":"removedomainkey","parameters":"{"name":"example.com","id":1}} + {"method":"removedomainkey","parameters":{"name":"example.com","id":1}} Response: -:: +.. code-block:: json {"result":true} @@ -644,13 +644,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"activatedomainkey","parameters":{"name":"example.com","id":1}} Response: -:: +.. code-block:: json {"result":true} @@ -686,13 +686,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"deactivatedomainkey","parameters":{"name":"example.com","id":1}} Response: -:: +.. code-block:: json {"result": true} @@ -728,15 +728,15 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"gettsigkey","parameters":{"name":"example.com."}} Response: -:: +.. code-block:: json - {"result":{"algorithm":"hmac-md5","content:"kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys="}} + {"result":{"algorithm":"hmac-md5","content":"kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys="}} Example HTTP/RPC '''''''''''''''' @@ -776,15 +776,15 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"getdomaininfo","parameters":{"name":"example.com"}} Response: -:: +.. code-block:: json - {"result":{id:1,"zone":"example.com","kind":"NATIVE","serial":2002010100}} + {"result":{"id":1,"zone":"example.com","kind":"NATIVE","serial":2002010100}} Example HTTP/RPC '''''''''''''''' @@ -818,13 +818,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"setnotified","parameters":{"id":1,"serial":2002010100}} Response: -:: +.. code-block:: json {"result":true} @@ -864,13 +864,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"isMaster","parameters":{"name":"example.com","ip":"198.51.100.0.1"}} Response: -:: +.. code-block:: json {"result":true} @@ -909,19 +909,19 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"superMasterBackend","parameters":{"ip":"198.51.100.0.1","domain":"example.com","nsset":[{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns1.example.com","ttl":300,"auth":true},{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns2.example.com","ttl":300,"auth":true}]}} Response: -:: +.. code-block:: json {"result":true} Alternative response: -:: +.. code-block:: json {"result":{"account":"my account","nameserver":"ns2.example.com"}} @@ -970,13 +970,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"createSlaveDomain","parameters":{"ip":"198.51.100.0.1","domain":"pirate.example.net"}} Response: -:: +.. code-block:: json {"result":true} @@ -1015,13 +1015,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"replaceRRSet","parameters":{"domain_id":2,"qname":"replace.example.com","qtype":"A","trxid":1370416133,"rrset":[{"qtype":"A","qname":"replace.example.com","qclass":1,"content":"1.1.1.1","ttl":300,"auth":true}]}} Response: -:: +.. code-block:: json {"result":true} @@ -1062,13 +1062,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"feedRecord","parameters":{"rr":{"qtype":"A","qname":"replace.example.com","qclass":1,"content":"127.0.0.1","ttl":300,"auth":true},"trxid":1370416133}} Response: -:: +.. code-block:: json {"result":true} @@ -1114,13 +1114,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"feedEnts","parameters":{"domain_id":2,"trxid":1370416133,"nonterm":["_sip._udp","_udp"]}} Response: -:: +.. code-block:: json {"result":true} @@ -1161,13 +1161,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"feedEnts3","parameters":{"domain_id":2,"domain":"example.com","times":1,"salt":"9642","narrow":false,"trxid":1370416356,"nonterm":["_sip._udp","_udp"]}} Response: -:: +.. code-block:: json {"result":true} @@ -1208,13 +1208,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"startTransaction","parameters":{"trxid":1234,"domain_id":1,"domain":"example.com"}} Response: -:: +.. code-block:: json {"result":true} @@ -1255,13 +1255,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"commitTransaction","parameters":{"trxid":1234}} Response: -:: +.. code-block:: json {"result":true} @@ -1299,13 +1299,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"abortTransaction","parameters":{"trxid":1234}} Response: -:: +.. code-block:: json {"result":true} @@ -1344,13 +1344,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"calculateSOASerial","parameters":{"domain":"unit.test","sd":{"qname":"unit.test","nameserver":"ns.unit.test","hostmaster":"hostmaster.unit.test","ttl":300,"serial":1,"refresh":2,"retry":3,"expire":4,"default_ttl":5,"domain_id":-1,"scopeMask":0}}} Response: -:: +.. code-block:: json {"result":2013060501} @@ -1391,13 +1391,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"directBackendCmd","parameters":{"query":"PING"}} Response: -:: +.. code-block:: json {"result":"PONG"} @@ -1437,13 +1437,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method": "getAllDomains", "parameters": {"include_disabled": true}} Response: -:: +.. code-block:: json {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"native"}]} @@ -1480,13 +1480,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method":"searchRecords","parameters":{"pattern":"www.example*","maxResults":100}} Response: -:: +.. code-block:: json {"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]} @@ -1523,13 +1523,13 @@ Example JSON/RPC Query: -:: +.. code-block:: json {"method": "getUpdatedMasters", "parameters": {}} Response: -:: +.. code-block:: json {"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"master"}]} @@ -1561,7 +1561,7 @@ Scenario: SOA lookup via pipe, unix or zeromq connector Query: -:: +.. code-block:: json { "method": "lookup", @@ -1574,7 +1574,7 @@ Query: Reply: -:: +.. code-block:: json { "result": @@ -1599,7 +1599,7 @@ Query: Reply: -:: +.. code-block:: json { "result": diff --git a/docs/changelog/pre-4.0.rst b/docs/changelog/pre-4.0.rst index a6246ea2db..2c16c085a4 100644 --- a/docs/changelog/pre-4.0.rst +++ b/docs/changelog/pre-4.0.rst @@ -5042,7 +5042,7 @@ After the SOA of example.org was raised If however our slaves would ignore us, as some are prone to do, we can send some additional notifications -:: +.. code-block:: shell $ sudo pdns_control notify example.org Added to queue @@ -5055,7 +5055,7 @@ send some additional notifications Conversely, if PowerDNS needs to be reminded to retrieve a zone from a master, a command is provided -:: +.. code-block:: shell $ sudo pdns_control retrieve forfun.net Added retrieval request for 'forfun.net' from master 212.187.98.67 diff --git a/docs/dnssec/index.rst b/docs/dnssec/index.rst index dad7dcd01a..85fa195e60 100644 --- a/docs/dnssec/index.rst +++ b/docs/dnssec/index.rst @@ -19,7 +19,7 @@ automatically. As an example, securing an existing zone can be as simple as: -:: +.. code-block:: shell $ pdnsutil secure-zone powerdnssec.org diff --git a/docs/dnssec/migration.rst b/docs/dnssec/migration.rst index 53d6a412e5..0ba6656c87 100644 --- a/docs/dnssec/migration.rst +++ b/docs/dnssec/migration.rst @@ -24,21 +24,21 @@ all the changes in database schemas as shown in the :doc:`upgrade documentation To deliver a correctly signed zone with the :ref:`dnssec-pdnsutil-dnssec-defaults`, invoke: -:: +.. code-block:: shell pdnsutil secure-zone ZONE To view the DS records for this zone (to transfer to the parent zone), run -:: +.. code-block:: shell pdnsutil show-zone ZONE For a more traditional setup with a KSK and a ZSK, use the following sequence of commands: -:: +.. code-block:: shell pdnsutil add-zone-key ZONE ksk 2048 active rsasha256 pdnsutil add-zone-key ZONE zsk 1024 active rsasha256 @@ -85,7 +85,7 @@ The ``pdnsutil`` tool features the option to import zone keys in the industry standard private key format, version 1.2. To import an existing KSK, use -:: +.. code-block:: shell pdnsutil import-zone-key ZONE FILENAME ksk diff --git a/docs/dnssec/operational.rst b/docs/dnssec/operational.rst index f3cfce1ce7..ce3db3e05e 100644 --- a/docs/dnssec/operational.rst +++ b/docs/dnssec/operational.rst @@ -19,7 +19,7 @@ zone. Going insecure -------------- -:: +.. code-block:: shell pdnsutil disable-dnssec ZONE @@ -34,13 +34,13 @@ Setting the NSEC modes and parameters As stated earlier, PowerDNS uses NSEC by default. If you want to use NSEC3 instead, issue: -:: +.. code-block:: shell pdnsutil set-nsec3 ZONE [PARAMETERS] e.g. -:: +.. code-block:: shell pdnsutil set-nsec3 example.net '1 0 1 ab' @@ -56,7 +56,7 @@ The quoted part is the content of the NSEC3PARAM records, as defined in To convert a zone from NSEC3 to NSEC operations, run: -:: +.. code-block:: shell pdnsutil unset-nsec3 ZONE diff --git a/docs/dnsupdate.rst b/docs/dnsupdate.rst index 94ed0b0fc0..c65eae1eb3 100644 --- a/docs/dnsupdate.rst +++ b/docs/dnsupdate.rst @@ -120,19 +120,19 @@ This setting allows you to set the TSIG key required to do an DNS update. If you have GSS-TSIG enabled, you can use Kerberos principals here. An example, using :program:`pdnsutil` to create the key: -:: +.. code-block:: shell - pdnsutil generate-tsig-key test hmac-md5 + $ pdnsutil generate-tsig-key test hmac-md5 Create new TSIG key test hmac-md5 kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys= - + +:: + sql> insert into tsigkeys (name, algorithm, secret) values ('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys='); sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'test'); -An example of how to use a TSIG key with the :program:`nsupdate` command: - -:: +An example of how to use a TSIG key with the :program:`nsupdate` command:: nsupdate < @@ -252,14 +252,14 @@ Setting up dhcpd We're going to use a TSIG key for security. We're going to generate a key using the following command: -:: +.. code-block:: shell dnssec-keygen -a hmac-md5 -b 128 -n USER dhcpdupdate This generates two files (Kdhcpdupdate.*.key and Kdhcpdupdate.*.private). You're interested in the .key file: -:: +.. code-block:: shell # ls -l Kdhcp* -rw------- 1 root root 53 Aug 26 19:29 Kdhcpdupdate.+157+20493.key @@ -338,7 +338,7 @@ dynamic updates from **dhcpd**. Enabled DNS update (:rfc:`2136`) support functionality in PowerDNS by adding the following to the PowerDNS configuration file (pdns.conf). -:: +.. code-block:: ini dnsupdate=yes allow-dnsupdate-from= @@ -467,7 +467,7 @@ There are many same things available as in recursor Lua scripts, but there is also resolve(qname, qtype) which returns array of records. Example: -:: +.. code-block:: lua resolve("www.google.com", pdns.A) @@ -477,7 +477,7 @@ resolve does not perform local lookup. Simple example script: -.. code:: lua +.. code-block:: lua --- This script is not suitable for production use diff --git a/docs/domainmetadata.rst b/docs/domainmetadata.rst index c3c6ece7fc..926628037f 100644 --- a/docs/domainmetadata.rst +++ b/docs/domainmetadata.rst @@ -30,7 +30,7 @@ that tries to allow all potential slaves in. Example: -:: +.. code-block:: shell pdnsutil set-meta powerdns.org ALLOW-AXFR-FROM AUTO-NS 2001:db8::/48 @@ -38,10 +38,10 @@ Each ACL has its own row in the database: :: - select id from domains where name='example.com'; + sql> select id from domains where name='example.com'; 7 - insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR-FROM','AUTO-NS'); - insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR-FROM','2001:db8::/48'); + sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR-FROM','AUTO-NS'); + sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR-FROM','2001:db8::/48'); To disallow all IP's, except those explicitly allowed by domainmetadata records, add ``allow-axfr-ips=`` to ``pdns.conf``. @@ -82,14 +82,14 @@ When notifying this domain, also notify this nameserver (can occur multiple times). The nameserver may have contain an optional port number. e.g.: -:: +.. code-block:: shell pdnsutil set-meta powerdns.org ALSO-NOTIFY 192.0.2.1:5300 pdnsutil set-meta powerdns.org ALLOW-AXFR-FROM 2001:db8:53::1 Or in SQL: -:: +.. code-block:: SQL insert into domainmetadata (domain_id, kind, content) values (7,'ALSO-NOTIFY','192.0.2.1:5300'); insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR-FROM','2001:db8:53::1'); diff --git a/docs/guides/alias.rst b/docs/guides/alias.rst index 19e2e7946d..419d32e0d4 100644 --- a/docs/guides/alias.rst +++ b/docs/guides/alias.rst @@ -9,7 +9,7 @@ Server 4.1.0 or higher, set the :ref:`setting-resolver` setting to an existing resolver and enable :ref:`setting-expand-alias`: -:: +.. code-block:: ini resolver=[::1]:5300 expand-alias=yes diff --git a/docs/guides/basic-database.rst b/docs/guides/basic-database.rst index 0a832e37c7..2dac35834f 100644 --- a/docs/guides/basic-database.rst +++ b/docs/guides/basic-database.rst @@ -6,7 +6,7 @@ is called 'gmysql', and needs to be configured in ``pdns.conf``. Add the following lines, adjusted for your local setup (specifically, you may not want to use the 'root' user): -:: +.. code-block:: ini launch=gmysql gmysql-host=127.0.0.1 @@ -49,6 +49,7 @@ Connect to MySQL as a user with sufficient privileges and issue the following commands: .. literalinclude:: ../../modules/gmysqlbackend/schema.mysql.sql + :language: SQL Now we have a database and an empty table. PowerDNS should now be able to launch in monitor mode and display no errors: @@ -66,7 +67,7 @@ to launch in monitor mode and display no errors: In a different shell, a sample query sent to the server should now return quickly without data: -:: +.. code-block:: shell $ dig +short www.example.com @127.0.0.1 $ @@ -110,7 +111,7 @@ Now we need to add some records to our database (in a separate shell): If we now requery our database, ``www.example.com`` should be present: -:: +.. code-block:: shell $ dig +short www.example.com @127.0.0.1 192.0.2.10 diff --git a/docs/guides/kskroll.rst b/docs/guides/kskroll.rst index f50ccc0728..ee48f23549 100644 --- a/docs/guides/kskroll.rst +++ b/docs/guides/kskroll.rst @@ -13,7 +13,7 @@ both a KSK and a CSK. To start the rollover, add an **active** new KSK to the zone (example.net in this case): -:: +.. code-block:: shell pdnsutil add-zone-key example.net ksk active @@ -24,7 +24,7 @@ If this zone is of the type 'MASTER', increase the SOA serial. The rollover is now in the "New KSK" stage. Retrieve the DS record(s) for the new KSK: -:: +.. code-block:: shell pdnsutil show-zone example.net @@ -38,7 +38,7 @@ rollover is now in the "DS Change" state and can continue to the The key-id for the old KSK is shown in the output of ``pdnsutil show-zone example.net``. -:: +.. code-block:: shell pdnsutil remove-zone-key example.net KEY-ID diff --git a/docs/guides/recursion.rst b/docs/guides/recursion.rst index c43536add7..bca561d6ae 100644 --- a/docs/guides/recursion.rst +++ b/docs/guides/recursion.rst @@ -50,7 +50,7 @@ should be removed: To make the authoritative server listen on the local loopback address and port 5300 change the following in ``pdns.conf``: -:: +.. code-block:: ini local-ipv6= local-address=127.0.0.1 @@ -87,7 +87,7 @@ Authoritative Server. This is done using the ``recursor.conf``. The domains should be forwarded to 127.0.0.1:5300 (the new address and port of the Authoritative Server): -:: +.. code-block:: ini forward-zones=private.example.com=127.0.0.1:5300 forward-zones+=another.example.com=127.0.0.1:5300 @@ -133,7 +133,7 @@ should be removed: To make the authoritative server listen on the local loopback address and port 5300 change the following in ``pdns.conf``: -:: +.. code-block:: ini local-ipv6= local-address=127.0.0.1 @@ -153,7 +153,7 @@ Configure the recursor to listen on the local loopback interface on a different port than the Authoritative Server. Set the following in ``recursor.conf``: -:: +.. code-block:: ini local-address=127.0.0.1 local-port=5301 @@ -164,7 +164,7 @@ Authoritative Server. This is done using the ``recursor.conf``. The domains should be forwarded to 127.0.0.1:5300 (the new address and port of the Authoritative Server): -:: +.. code-block:: ini forward-zones=private.example.com=127.0.0.1:5300 forward-zones+=another.example.com=127.0.0.1:5300 diff --git a/docs/guides/virtual-instances.rst b/docs/guides/virtual-instances.rst index 7794a77f58..87251ceefc 100644 --- a/docs/guides/virtual-instances.rst +++ b/docs/guides/virtual-instances.rst @@ -40,13 +40,13 @@ Assuming your instance is called ``myinstance`` and ``pdns-myinstance.conf`` exists in the configuration directory, the following command will start the service: -:: +.. code-block:: shell systemctl start pdns@myinstance.service Similarly you can enable it at boot: -:: +.. code-block:: shell systemctl enable pdns@myinstance.service diff --git a/docs/guides/zskroll.rst b/docs/guides/zskroll.rst index a139bd3196..aa7631a07c 100644 --- a/docs/guides/zskroll.rst +++ b/docs/guides/zskroll.rst @@ -12,7 +12,7 @@ First, create a new inactive ZSK for the zone (if one already exists, you can skip this step), we add an ECDSA 256 bit key (algorithm 13) here: -:: +.. code-block:: shell pdnsutil add-zone-key example.net zsk inactive ecdsa256 @@ -23,7 +23,7 @@ database and wait for the slaves to pickup the zone change. To change the RRSIGs on your records, the new key must be made active. Note: you can get the key-ids with ``pdnsutil show-zone example.net``: -:: +.. code-block:: shell pdnsutil activate-zone-key example.net new-key-id pdnsutil deactivate-zone-key example.net previous-key-id @@ -33,7 +33,7 @@ the "new RRSIGs" stage of the roll over. The last step is to remove the old key from the completely: -:: +.. code-block:: shell pdnsutil remove-zone-key example.net previous-key-id diff --git a/docs/installation.rst b/docs/installation.rst index 6e1753d8ec..0d6bd6da9e 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -17,7 +17,7 @@ Debian-based Systems PowerDNS Authoritative Server is available through the `apt `__ system. -:: +.. code-block:: shell # apt-get install pdns-server @@ -25,7 +25,7 @@ Debian splits the backends into `several different packages `__, install the required backend as follows: -:: +.. code-block:: shell # apt-get install pdns-backend-$backend @@ -39,13 +39,13 @@ or from `the PowerDNS repositories `__: Add either to your list of repositories and install PowerDNS by issuing: -:: +.. code-block:: shell # yum install pdns The different backends can be installed using -:: +.. code-block:: shell # yum install pdns-backend-$backend @@ -57,13 +57,13 @@ PowerDNS Authoritative Server is available through the For the package: -:: +.. code-block:: shell # pkg install dns/powerdns To have your system build the port: -:: +.. code-block:: shell cd /usr/ports/dns/powerdns/ && make install clean @@ -72,7 +72,7 @@ Mac OS X PowerDNS Authoritative Server is available through Homebrew: -:: +.. code-block:: shell $ brew install pdns diff --git a/docs/migration.rst b/docs/migration.rst index bfcab43a16..0a81af1d51 100644 --- a/docs/migration.rst +++ b/docs/migration.rst @@ -28,7 +28,7 @@ In order to migrate to a Generic SQL backend, add all your domains to the 'domains' table with the IP of your current master. On your current master, make sure that this master allows AXFRs to this new slave. -:: +.. code-block:: SQL INSERT INTO domains (name,type,master) VALUES ('example.net', 'SLAVE', '198.51.100.101'); @@ -36,7 +36,7 @@ Then start PowerDNS and wait for all the zones to be transferred. If this server is the new :ref:`master `, change the type of domain in the database: -:: +.. code-block:: SQL UPDATE domains set type='MASTER' where type='SLAVE'; @@ -45,7 +45,7 @@ and restart PowerDNS. Or, if you want to use :ref:`native `: -:: +.. code-block:: SQL UPDATE domains set type='NATIVE' where type='SLAVE'; @@ -116,7 +116,7 @@ See `its manpage ` for more information. An example call to ``zone2sql`` could be: -:: +.. code-block:: shell zone2sql --named-conf=/path/to/named.conf --gmysql | mysql -u pdns -p pdns-db diff --git a/docs/modes-of-operation.rst b/docs/modes-of-operation.rst index 15af055bed..d8d79aef55 100644 --- a/docs/modes-of-operation.rst +++ b/docs/modes-of-operation.rst @@ -246,7 +246,7 @@ the ``domainmetadata`` table for the domain. Supposing the domain we want has an ``id`` of 3, the following SQL statement will enable the Lua script ``my.lua`` for that domain: -:: +.. code-block:: SQL INSERT INTO domainmetadata (domain_id, kind, content) VALUES (3, "LUA-AXFR-SCRIPT", "/lua/my.lua"); @@ -270,7 +270,7 @@ incoming record as normal. Consider the following simple example: -:: +.. code-block:: lua function axfrfilter(remoteip, zone, record) diff --git a/docs/security-advisories/powerdns-advisory-2012-01.rst b/docs/security-advisories/powerdns-advisory-2012-01.rst index 0c82fd2349..cd41652849 100644 --- a/docs/security-advisories/powerdns-advisory-2012-01.rst +++ b/docs/security-advisories/powerdns-advisory-2012-01.rst @@ -37,7 +37,7 @@ Alternatively, on Linux systems with a working iptables setup, 'responses' sent to the PowerDNS Authoritative Server 'question' address can be blocked by issuing: -:: +.. code-block:: shell iptables -I INPUT -p udp --dst $AUTHIP --dport 53 \! -f -m u32 --u32 "0>>22&0x3C@8>>15&0x01=1" -j DROP @@ -57,7 +57,7 @@ announcement. For those running custom PowerDNS versions, just applying this patch may be easier: -:: +.. code-block:: diff --- pdns/common_startup.cc (revision 2326) +++ pdns/common_startup.cc (working copy) diff --git a/docs/settings.rst b/docs/settings.rst index eab1244d27..49d6371c53 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -682,7 +682,7 @@ Which backends to launch and order to query them in. Launches backends. In its most simple form, supply all backends that need to be launched. e.g. -:: +.. code-block:: ini launch=bind,gmysql,remote @@ -690,7 +690,7 @@ If you find that you need to query a backend multiple times with different configuration, you can specify a name for later instantiations. e.g.: -:: +.. code-block:: ini launch=gmysql,gmysql:server2 @@ -1153,7 +1153,9 @@ To notify all IP addresses apart from the 192.168.0.0/24 subnet use the followin Otherwise there will be error trying to resolve address. For example, slaves support both IPv4 and IPv6, but PowerDNS master have only IPv4, - so allow only IPv4 with ``only-notify``:: + so allow only IPv4 with ``only-notify``: + + .. code-block:: ini only-notify=0.0.0.0/0 diff --git a/docs/tsig.rst b/docs/tsig.rst index f4074b2596..df97df2e74 100644 --- a/docs/tsig.rst +++ b/docs/tsig.rst @@ -34,7 +34,9 @@ with the key name in the content field. For example:: $ dig -t axfr powerdnssec.org @127.0.0.1 -y 'test:kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' Another of importing and activating TSIG keys into the database is using -:doc:`pdnsutil `:: +:doc:`pdnsutil `: + +.. code-block:: shell pdnsutil import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' pdnsutil activate-tsig-key powerdnssec.org test master @@ -70,9 +72,7 @@ The actual TSIG key must also be provisioned, as outlined in the previous section. For the Generic SQL backends, configuring the use of TSIG for AXFR -requests could be achieved as follows: - -:: +requests could be achieved as follows:: insert into tsigkeys (name, algorithm, secret) values ('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys='); select id from domains where name='powerdnssec.org'; @@ -82,7 +82,7 @@ requests could be achieved as follows: This can also be done using :doc:`/manpages/pdnsutil.1`: -:: +.. code-block:: shell pdnsutil import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' pdnsutil activate-tsig-key powerdnssec.org test slave @@ -91,9 +91,7 @@ This setup corresponds to the ``TSIG-ALLOW-AXFR`` access rule defined in the previous section. In the interest of interoperability, the configuration above is (not -quite) similar to the following BIND statements: - -:: +quite) similar to the following BIND statements:: key test. { algorithm hmac-md5;