Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-06 02:15:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: Regenerate all manpages using mmark (#2762)

Browse Source 
Mmark recently became able to create manual pages. This removed the
dependency on 'ronn' and just uses mmark (Go program).

Re-hookup Makefile.doc to generate the correct header mmark needs to
see and regenate them all.

Spot checking a few pages suggest they look good and actually better
than rendered with ronn, esp. lists in lists.

Fixes #2757

Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
Miek Gieben
2019-04-06 08:42:40 +01:00
committed by GitHub
parent 663271a7ca
commit f8aa208cc0
42 changed files with 4835 additions and 4364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
man/coredns-tls.7
View File

@@ -1,65 +1,78 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "COREDNS\-TLS" "7" "March 2019" "CoreDNS" "CoreDNS plugins"
.
.SH "NAME"
\fItls\fR \- allows you to configure the server certificates for the TLS and gRPC servers\.
.
.SH "DESCRIPTION"
CoreDNS supports queries that are encrypted using TLS (DNS over Transport Layer Security, RFC 7858) or are using gRPC (https://grpc\.io/, not an IETF standard)\. Normally DNS traffic isn\'t encrypted at all (DNSSEC only signs resource records)\.
.
.P
The \fItls\fR "plugin" allows you to configure the cryptographic keys that are needed for both DNS\-over\-TLS and DNS\-over\-gRPC\. If the \fBtls\fR directive is omitted, then no encryption takes place\.
.
.P
The gRPC protobuffer is defined in \fBpb/dns\.proto\fR\. It defines the proto as a simple wrapper for the wire data of a DNS message\.
.
.SH "SYNTAX"
.
.nf
.\" Generated by Mmark Markdown Processer - mmark.nl
.TH "COREDNS-TLS" "7" "April 2019" "CoreDNS" "CoreDNS Plugins"
.SH TLS
.SH NAME
.PP
\fItls\fP - allows you to configure the server certificates for the TLS and gRPC servers.
.SH DESCRIPTION
.PP
CoreDNS supports queries that are encrypted using TLS (DNS over Transport Layer Security, RFC 7858)
or are using gRPC (https://grpc.io/
\[la]https://grpc.io/\[ra], not an IETF standard). Normally DNS traffic isn't encrypted at
all (DNSSEC only signs resource records).
.PP
The \fItls\fP "plugin" allows you to configure the cryptographic keys that are needed for both
DNS-over-TLS and DNS-over-gRPC. If the \fB\fCtls\fR directive is omitted, then no encryption takes place.
.PP
The gRPC protobuffer is defined in \fB\fCpb/dns.proto\fR. It defines the proto as a simple wrapper for the
wire data of a DNS message.
.SH SYNTAX
.PP
.RS
.nf
tls CERT KEY [CA]
.
.fi
.
.P
Parameter CA is optional\. If not set, system CAs can be used to verify the client certificate
.
.SH "EXAMPLES"
Start a DNS\-over\-TLS server that picks up incoming DNS\-over\-TLS queries on port 5553 and uses the nameservers defined in \fB/etc/resolv\.conf\fR to resolve the query\. This proxy path uses plain old DNS\.
.
.IP "" 4
.
.nf
tls://\.:5553 {
tls cert\.pem key\.pem ca\.pem
forward \. /etc/resolv\.conf
}
.
.fi
.
.IP "" 0
.
.P
Start a DNS\-over\-gRPC server that is similar to the previous example, but using DNS\-over\-gRPC for incoming queries\.
.
.IP "" 4
.
.nf
.RE
grpc://\. {
tls cert\.pem key\.pem ca\.pem
forward \. /etc/resolv\.conf
.PP
Parameter CA is optional. If not set, system CAs can be used to verify the client certificate
.SH EXAMPLES
.PP
Start a DNS-over-TLS server that picks up incoming DNS-over-TLS queries on port 5553 and uses the
nameservers defined in \fB\fC/etc/resolv.conf\fR to resolve the query. This proxy path uses plain old DNS.
.PP
.RS
.nf
tls://.:5553 {
tls cert.pem key.pem ca.pem
forward . /etc/resolv.conf
}
.
.fi
.
.IP "" 0
.
.P
Only Knot DNS\' \fBkdig\fR supports DNS\-over\-TLS queries, no command line client supports gRPC making debugging these transports harder than it should be\.
.
.SH "ALSO SEE"
RFC 7858 and https://grpc\.io\.
.RE
.PP
Start a DNS-over-gRPC server that is similar to the previous example, but using DNS-over-gRPC for
incoming queries.
.PP
.RS
.nf
grpc://. {
tls cert.pem key.pem ca.pem
forward . /etc/resolv.conf
}
.fi
.RE
.PP
Only Knot DNS' \fB\fCkdig\fR supports DNS-over-TLS queries, no command line client supports gRPC making
debugging these transports harder than it should be.
.SH ALSO SEE
.PP
RFC 7858 and https://grpc.io
\[la]https://grpc.io\[ra].