Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-27 08:14:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

doc update (#1140)

Browse Source 
* doc update

Go through all README and fix mistakes, extend example and let more
corefile snippets be test for validity.

* Cant use spefic addr in test
This commit is contained in:
Miek Gieben
2017-10-10 09:39:35 +02:00
committed by GitHub
parent 7c6ba3fcbd
commit 427aed6f5b
17 changed files with 112 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugin/dnssec/README.md
View File

@@ -17,33 +17,31 @@ Authenticated denial of existence is implemented with NSEC black lies. Using ECD
is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is *not* supported.
If multiple *dnssec* plugins are specified in the same zone, the last one specified will be
used ( see [bugs](#bugs) ).
used (See [bugs](#bugs)).
* `ZONES` zones that should be signed. If empty, the zones from the configuration block
* **ZONES** zones that should be signed. If empty, the zones from the configuration block
are used.
* `key file` indicates that key file(s) should be read from disk. When multiple keys are specified, RRsets
* `key file` indicates that **KEY** file(s) should be read from disk. When multiple keys are specified, RRsets
will be signed with all keys. Generating a key can be done with `dnssec-keygen`: `dnssec-keygen -a
ECDSAP256SHA256 <zonename>`. A key created for zone *A* can be safely used for zone *B*. The name of the
key file can be specified as one of the following formats
* basename of the generated key `Kexample.org+013+45330`
* generated public key `Kexample.org+013+45330.key`
* generated private key `Kexample.org+013+45330.private`
* `cache_capacity` indicates the capacity of the cache. The dnssec plugin uses a cache to store
RRSIGs. The default capacity is 10000.
RRSIGs. The default for **CAPACITY** is 10000.
## Metrics
If monitoring is enabled (via the *prometheus* directive) then the following metrics are exported:
* coredns_dnssec_cache_size{type} - total elements in the cache, type is "signature".
* coredns_dnssec_cache_capacity{type} - total capacity of the cache, type is "signature".
* coredns_dnssec_cache_hits_total - Counter of cache hits.
* coredns_dnssec_cache_misses_total - Counter of cache misses.
* `coredns_dnssec_cache_size{type}` - total elements in the cache, type is "signature".
* `coredns_dnssec_cache_capacity{type}` - total capacity of the cache, type is "signature".
* `coredns_dnssec_cache_hits_total{}` - Counter of cache hits.
* `coredns_dnssec_cache_misses_total{}` - Counter of cache misses.
## Examples