cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

transition docs

This commit is contained in:
Joey Hess 2015-01-04 15:22:22 -04:00
parent ad984e74e4
commit 0f41071cb5
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Propellor/Property/Dns.hs
View File

@ -127,6 +127,14 @@ cleanupPrimary zonefile domain = check (doesFileExist zonefile) $
-- The 'Recurrance' controls how frequently the signature
-- should be regenerated, using a new random salt, to prevent
-- zone walking attacks. `Weekly Nothing` is a reasonable choice.
--
-- To transition from 'primary' to 'signedPrimary', you can revert
-- the 'primary' property, and add this property.
--
-- Note that DNSSEC zone files use a serial number based on the unix epoch.
-- This is different from the serial number used by 'primary', so if you
-- want to later disable DNSSEC you will need to adjust the serial number
-- passed to mkSOA to ensure it is larger.
signedPrimary :: Recurrance -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty
signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup
where