From: Aki Tuomi <cmouse@desteem.org>
Date: Sat, 15 Jun 2013 17:44:19 +0000 (+0300)
Subject: Documentation for TSIG feature
X-Git-Tag: rec-3.6.0-rc1~468^2~10
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1fc07025cb77a98cc0b1095ce8adee1ea5c9b606;p=thirdparty%2Fpdns.git

Documentation for TSIG feature
---

diff --git a/pdns/backends/bind/binddnssec.cc b/pdns/backends/bind/binddnssec.cc
index a36c93af4a..fac2b367b0 100644
--- a/pdns/backends/bind/binddnssec.cc
+++ b/pdns/backends/bind/binddnssec.cc
@@ -294,7 +294,7 @@ bool Bind2Backend::setTSIGKey(const string& name, const string& algorithm, const
 {
   if(!d_dnssecdb)
     return false;
-  boost::format fmt("insert or update into tsigkeys (name,algorithm,secret) values('%s', '%s', '%s')");
+  boost::format fmt("replace into tsigkeys (name,algorithm,secret) values('%s', '%s', '%s')");
   try {
     d_dnssecdb->doCommand( (fmt % d_dnssecdb->escape(name) % d_dnssecdb->escape(algorithm) % d_dnssecdb->escape(content)).str() );
   }
@@ -312,7 +312,7 @@ bool Bind2Backend::deleteTSIGKey(const string& name)
   boost::format fmt("delete from tsigkeys where name='%s'");
 
   try {
-    d_dnssecdb->doCommand( (fmt % d_dnssecdb->escape(name)).str());
+    d_dnssecdb->doCommand( (fmt % d_dnssecdb->escape(name)).str() );
   }
   catch (SSqlException &e) {
     throw AhuException("BindBackend unable to retrieve named TSIG key: "+e.txtReason());
@@ -340,9 +340,10 @@ bool Bind2Backend::getTSIGKeys(std::vector< struct TSIGKey > &keys)
      key.name = row[0];
      key.algorithm = row[1];
      key.key = row[2];
+     keys.push_back(key);
   }
 
-  return keys.empty();
+  return !keys.empty();
 }
 
 
diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml
index 7016641b6b..75c127d3fc 100755
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -12711,6 +12711,15 @@ $ pdnssec rectify-zone powerdnssec.org
 	      </para>
 	    </listitem>
 	</varlistentry>
+        <varlistentry>
+            <term>generate-zone-key [ksk|zsk] [algorithm] [bits]</term>
+            <listitem>
+              <para>
+                 Generate and display a zone key. Can be used when you need to generate a key for some script backend.
+                 Does not store the key. 
+              </para>
+            </listitem>
+        </varlistentry>
 	<varlistentry>
 	    <term>rectify-zone ZONE [ZONE ..]</term>
 	    <listitem>
@@ -12789,6 +12798,54 @@ $ pdnssec rectify-zone powerdnssec.org
 	      </para>
 	    </listitem>
 	</varlistentry>
+        <varlistentry>
+            <term>import-tsig-key name algorithm key</term>
+            <listitem>
+              <para>
+                 Imports a named TSIG key. Use enable/disable-tsig-key to map it to a zone.
+              </para>
+            </listitem>
+        </varlistentry>
+        <varlistentry>
+            <term>create-tsig-key name algorithm</term>
+            <listitem>
+              <para>
+                 Creates and stores a named tsig key.
+              </para>
+            </listitem>
+        </varlistentry>
+        <varlistentry>
+            <term>delete-tsig-key name</term>
+            <listitem>
+              <para>
+                 Deletes a named TSIG key. WARNING! Does not unmap it from zones. 
+              </para>
+            </listitem>
+        </varlistentry>
+        <varlistentry>
+            <term>list-tsig-keys</term>
+            <listitem>
+              <para>
+                 Shows all TSIG keys from all backends. 
+              </para>
+            </listitem>
+        </varlistentry>
+        <varlistentry>
+            <term>enable-tsig-key zone name [master|slave]</term>
+            <listitem>
+              <para>
+                 Enables TSIG key for a zone. Use master on master server, slave on slave server.
+              </para>
+            </listitem>
+        </varlistentry>
+        <varlistentry>
+            <term>disable-tsig-key zone name [master|slave]</term>
+            <listitem>
+              <para>
+                 Disabled TSIG key for a zone. Use master on master server, slave on slave server.
+              </para>
+            </listitem>
+        </varlistentry>
       </variablelist>
     </para>
   </section>