From 0f41071cb5b2b41b7128b38ff33779c7b9e68cbd Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 4 Jan 2015 15:22:22 -0400 Subject: transition docs --- src/Propellor/Property/Dns.hs | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src') diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index b5c97d35..581a9bfe 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -127,6 +127,14 @@ cleanupPrimary zonefile domain = check (doesFileExist zonefile) $ -- The 'Recurrance' controls how frequently the signature -- should be regenerated, using a new random salt, to prevent -- zone walking attacks. `Weekly Nothing` is a reasonable choice. +-- +-- To transition from 'primary' to 'signedPrimary', you can revert +-- the 'primary' property, and add this property. +-- +-- Note that DNSSEC zone files use a serial number based on the unix epoch. +-- This is different from the serial number used by 'primary', so if you +-- want to later disable DNSSEC you will need to adjust the serial number +-- passed to mkSOA to ensure it is larger. signedPrimary :: Recurrance -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup where -- cgit v1.2.3