diff options
Diffstat (limited to 'doc/handbook/chapters/user.texi')
-rw-r--r-- | doc/handbook/chapters/user.texi | 69 |
1 files changed, 42 insertions, 27 deletions
diff --git a/doc/handbook/chapters/user.texi b/doc/handbook/chapters/user.texi index 42f37c2ea..7fb63b9a7 100644 --- a/doc/handbook/chapters/user.texi +++ b/doc/handbook/chapters/user.texi | |||
@@ -1842,33 +1842,42 @@ options: | |||
1842 | 1842 | ||
1843 | @example | 1843 | @example |
1844 | Ascension | 1844 | Ascension |
1845 | |||
1846 | Usage: | 1845 | Usage: |
1847 | ascension <domain> [-d] [-p] | 1846 | ascension <domain> [-d] [-p] [-s] [--minimum-ttl=<ttl>] \ |
1848 | ascension <domain> <port> [-d] [-p] | 1847 | [--dry-run] |
1849 | ascension <domain> -n <transferns> [-d] [-p] | 1848 | ascension <domain> <port> [-d] [-p] [-s] \ |
1850 | ascension <domain> -n <transferns> <port> [-d] [-p] | 1849 | [--minimum-ttl=<ttl>] [--dry-run] |
1850 | ascension <domain> -n <transferns> [-d] [-p] \ | ||
1851 | [-s] [--minimum-ttl=<ttl>] [--dry-run] | ||
1852 | ascension <domain> -n <transferns> <port> [-d] \ | ||
1853 | [-p] [-s] [--minimum-ttl=<ttl>] [--dry-run] | ||
1851 | ascension -p | --public | 1854 | ascension -p | --public |
1855 | ascension -d | --debug | ||
1856 | ascension -s | --standalone | ||
1852 | ascension -h | --help | 1857 | ascension -h | --help |
1853 | ascension -v | --version | 1858 | ascension -v | --version |
1854 | 1859 | ||
1855 | Options: | 1860 | Options: |
1856 | <domain> Domain to migrate | 1861 | <domain> Domain to migrate |
1857 | <port> Port for zone transfer | 1862 | <port> Port for zone transfer |
1858 | <transferns> DNS Server that does the zone transfer | 1863 | <transferns> DNS Server that does the zone transfer |
1859 | -p --public Make records public on the DHT | 1864 | --minimum-ttl=<ttl> Minimum TTL for records to migrate \ |
1860 | -d --debug Enable debugging | 1865 | [default: 3600] |
1861 | -h --help Show this screen. | 1866 | --dry-run Only try if a zone transfer is allowed |
1862 | -v --version Show version. | 1867 | -p --public Make records public on the DHT |
1868 | -s --standalone Run ascension once | ||
1869 | -d --debug Enable debugging | ||
1870 | -h --help Show this screen. | ||
1871 | -v --version Show version. | ||
1863 | @end example | 1872 | @end example |
1864 | 1873 | ||
1865 | Before you can migrate any zone though, you need to start the GNUnet peer: | 1874 | Before you can migrate any zone though, you need to start a local GNUnet peer: |
1866 | @example | 1875 | @example |
1867 | $ gnunet-arm -s | 1876 | $ gnunet-arm -s |
1868 | @end example | 1877 | @end example |
1869 | 1878 | ||
1870 | To migrate the Syrian top level domain - one of the few top level domains that | 1879 | To migrate the Syrian top level domain - one of the few top level domains that |
1871 | still supports zone transfers - into GNS use the following command: | 1880 | support zone transfers - into GNS use the following command: |
1872 | 1881 | ||
1873 | @example | 1882 | @example |
1874 | $ ascension sy. -n ns1.tld.sy. -p | 1883 | $ ascension sy. -n ns1.tld.sy. -p |
@@ -1881,33 +1890,39 @@ Once the zone is migrated, Ascension will output a message telling you, that it | |||
1881 | will refresh the zone after the time has elapsed. You can resolve the names in | 1890 | will refresh the zone after the time has elapsed. You can resolve the names in |
1882 | the zone directly using GNS or if you want to use it with your browser, check | 1891 | the zone directly using GNS or if you want to use it with your browser, check |
1883 | out the GNS manual section. @ref{Configuring the GNU Name System}. To resolve | 1892 | out the GNS manual section. @ref{Configuring the GNU Name System}. To resolve |
1884 | the records from another system you need the zone PKEY. To get the zone key, | 1893 | the records from another system you need the respective zones PKEY. To get the |
1885 | you can run the following command: | 1894 | zones public key, you can run the following command: |
1886 | 1895 | ||
1887 | @example | 1896 | @example |
1888 | $ gnunet-identity -d | grep ^sy | cut -d " " -f3 | 1897 | $ gnunet-identity -dqe sy |
1889 | @end example | 1898 | @end example |
1890 | 1899 | ||
1891 | Where "sy" is the name of the zone you want to migrate. | 1900 | Where "sy" is the name of the zone you want to migrate. |
1892 | 1901 | ||
1893 | As soon as the public flag is implemented, you can share the PKEY of the zone | 1902 | You can share the PKEY of the zone with your friends. They can then resolve |
1894 | with your friends. They can then resolve records in the zone by doing a lookup | 1903 | records in the zone by doing a lookup replacing the zone label with your PKEY: |
1895 | replacing the zone label with your PKEY: | ||
1896 | 1904 | ||
1897 | @example | 1905 | @example |
1898 | $ gnunet-gns -t SOA -u "@.$PKEY" | 1906 | $ gnunet-gns -t SOA -u "$PKEY" |
1899 | @end example | 1907 | @end example |
1900 | 1908 | ||
1901 | The program will continue to run as a daemon and update once the refresh time | 1909 | The program will continue to run as a daemon and update once the refresh time |
1902 | specified in the zones SOA record has elapsed. | 1910 | specified in the zones SOA record has elapsed. |
1903 | 1911 | ||
1904 | The next step would be to add the PKEY record as a DNScurve style NS record | 1912 | DNSCurve style records are supported in the latest release and they are added |
1905 | into the existing DNS zone to enable clients to detect that this zone has | 1913 | as a PKEY record to be referred to the respective GNS public key. Key |
1906 | already been migrated to GNS and to also have a means of distributing the PKEY | 1914 | distribution is still a problem but provided someone else has a public key |
1907 | seamlessly. | 1915 | under a given label it can be looked up. |
1916 | |||
1917 | There is an unofficial Debian package called python3-ascension that adds a | ||
1918 | system user ascension and runs a GNUnet peer in the background. | ||
1908 | 1919 | ||
1909 | At this point you might want to write for example a systemd unit file to start | 1920 | Ascension-bind is also an unofficial Debian package that on installation checks |
1910 | and enable the service, so that your zone is migrated automatically. | 1921 | for running DNS zones and whether or not they are transferable using DNS zone |
1922 | transfer (AXFR). It asks the administrator which zones to migrate into GNS and | ||
1923 | installs a systemd unit file to keep the zone up to date. If you want to | ||
1924 | migrate different zones you might want to check the unit file from the package | ||
1925 | as a guide. | ||
1911 | 1926 | ||
1912 | @node reclaimID Identity Provider | 1927 | @node reclaimID Identity Provider |
1913 | @section reclaimID Identity Provider | 1928 | @section reclaimID Identity Provider |