Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-06 02:15:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

doc: make -f Makefile.doc (#2919)

Browse Source 
mechanical change: create the manual pages.

Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
Miek Gieben
2019-06-24 12:37:27 +01:00
committed by Yong Tang
parent e54b784a7e
commit 51cf388da2
36 changed files with 423 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
man/coredns-tls.7
View File

@@ -1,11 +1,11 @@
.\" Generated by Mmark Markdown Processer - mmark.nl
.TH "COREDNS-TLS" "7" "April 2019" "CoreDNS" "CoreDNS Plugins"
.TH "COREDNS-TLS" 7 "June 2019" "CoreDNS" "CoreDNS Plugins"
.SH NAME
.SH "NAME"
.PP
\fItls\fP - allows you to configure the server certificates for the TLS and gRPC servers.
.SH DESCRIPTION
.SH "DESCRIPTION"
.PP
CoreDNS supports queries that are encrypted using TLS (DNS over Transport Layer Security, RFC 7858)
or are using gRPC (https://grpc.io/
@@ -20,7 +20,7 @@ DNS-over-TLS and DNS-over-gRPC. If the \fB\fCtls\fR directive is omitted, then n
The gRPC protobuffer is defined in \fB\fCpb/dns.proto\fR. It defines the proto as a simple wrapper for the
wire data of a DNS message.
.SH SYNTAX
.SH "SYNTAX"
.PP
.RS
@@ -33,7 +33,24 @@ tls CERT KEY [CA]
.PP
Parameter CA is optional. If not set, system CAs can be used to verify the client certificate
.SH EXAMPLES
.PP
.RS
.nf
tls CERT KEY [CA] {
client\_auth nocert|request|require|verify\_if\_given|require\_and\_verify
}
.fi
.RE
.PP
If client\fIauth option is specified, it controls the client authentication policy.
The option value corresponds to the ClientAuthType values of the Go tls package
\[la]https://golang.org/pkg/crypto/tls/#ClientAuthType\[ra]: NoClientCert, RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, and RequireAndVerifyClientCert, respectively.
The default is "nocert". Note that it makes no sense to specify parameter CA unless this option is set to verify\fPif\fIgiven or require\fPand_verify.
.SH "EXAMPLES"
.PP
Start a DNS-over-TLS server that picks up incoming DNS-over-TLS queries on port 5553 and uses the
nameservers defined in \fB\fC/etc/resolv.conf\fR to resolve the query. This proxy path uses plain old DNS.
@@ -70,7 +87,7 @@ grpc://. {
Only Knot DNS' \fB\fCkdig\fR supports DNS-over-TLS queries, no command line client supports gRPC making
debugging these transports harder than it should be.
.SH ALSO SEE
.SH "ALSO SEE"
.PP
RFC 7858 and https://grpc.io
\[la]https://grpc.io\[ra].